Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1 | ©Rockwell Collins 2018 - Approved for Public Release
Cybersecurity – Evolution, Approach, and Application
16 October, 2018Presented by James A. MarekRockwell Collins
2 | ©Rockwell Collins 2018 - Approved for Public Release
Outline
Why Security has become so important? What is Cybersecurity? Rockwell Collins History related to Cybersecurity What’s MLS and MILS? Historical Perspective of MILS Rockwell Collins History of Application of MILS A Practical MILS Use Case – MLS Solution for Test/Training/LVC
– Building Blocks: MILS based Cross Domain Solutions and Encryptor– Example Application of MILS CDS and Encryptor for Test/Training/LVC
Conclusions
3 | ©Rockwell Collins 2018 - Approved for Public Release
Why is security so important for us and our customers? More connected world, more information sharing, information is valuable More use of Commercial products and technology with little understanding of
the design or designers Leads to more attack vectors and more attackers (motivated) Drives need for Cybersecurity to address protection of our information and
information systems
Measures to protect and defend information and information systems by ensuring Confidentiality, Integrity, Authenticity, Availability, and Non-repudiation
– Confidentiality – Only authorized users get access – Integrity – Only authorized users can modify– Authenticity – Genuine not forged or fabricated– Availability – Available and functioning correctly, opposite is “Denial of Service (DoS)”– Non-repudiation – Not able to deny a transaction that occurred
What is Cybersecurity (formerly Information Assurance)
4 | ©Rockwell Collins 2018 - Approved for Public Release
Some History on Rockwell Collins relevant to Cybersecurity
Rockwell Collins has been a pioneer in development of High Assurance systems for decades
We have been a pioneer in deployment of commercial technologies in these systems– IP/Ethernet for safety critical Avionics (Federal Aviation Administration (FAA) certified)– Development and deployment of DO-178B Level A (FAA certified) Operating System for Avionics– Development of secure solutions for DoD Communications, Navigation, and Computing
Over 25 years of experience in applying formal methods to: – Security & Safety-critical systems– Formal microprocessor verification – Formal artifacts for NSA evaluations
Over 40 years in Micro-Electronics and Advanced Packaging– Stacked Package, Advanced Flip Chip– Stacked Die (3D Silicon)– Mixed Digital / RF, Advanced materials
Nearly 20 years in Multi-Level Security (MLS) Modular Architectures– Rockwell Collins has been developing, certifying, and deploying – products and technologies to address Multi-Level Security requirements
Formal Methods
Micro-Electronics
MLS Modular Architecture
5 | ©Rockwell Collins 2018 - Approved for Public Release
Disclaimer
Due to time, the presentation is unable to cover all of the range of cybersecurity relevant topics, products, technologies and applications that Rockwell Collins is involved in….
So, The remainder of the presentation takes a deeper dive into an approach to support Cybersecurity for a highly relevant example application with focus on trusted Cross Domain Information sharing and encryption of information
6 | ©Rockwell Collins 2018 - Approved for Public Release
What’s MLS and MILS? Multi-Level Security (MLS) : from CNSS Instruction No. 4009 26 Apr 2010
– Processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.
– Basically information flow policy enforced against “labeled” information
Multiple Independent Levels of Security (MILS)– High-assurance security architecture based on the concepts of separation and controlled
information flow; implemented by separation mechanisms that support composability of both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked and tamperproof (NEAT)
– A MILS solution enables one to support both Multiple Single Level (MSL) and Multi-Level Security (MLS) implementations with lower Size, Weight, and Power (SWAP), reduced certification cost & schedule and lower lifecycle costs through the use of layered security controls and mechanisms including separation mechanisms (Separation kernel, Partitioned Communication System, Physical) and application or system specific security policies restricting the information flow only between components in the same security domain or through a trusted security monitor (e.g., Cross Domain Solution (CDS), Encryptors)
Rockwell Collins perspective has been that in most cases, a MILS approach is the best & most cost-effective way to develop MLS systems
7 | ©Rockwell Collins 2018 - Approved for Public Release
Functional Block Diagram for MILS Processing
Processor
Separation Kernel / Type 1 Hypervisor
MiddleWare
Guest OS B
ClassifiedApp #1
MiddleWare
Guest OS A
ClassifiedApp #2
GuardApplication
MiddleWare
Guest OS C
UnclassifiedApp
SL I/ODevice(s)
Partition B Partition CGuard Partition MLS Partition
MLS MiddleWare
MLSDisplay Server
Partition A
MLS GFXI/O
SL I/ODevice(s)
SL I/ODevice(s)
MLS I/ODevice(s)
Complexity moved to “user” space
“user” space“user” space“user” space“user” space“user” space
MILS can take advantage of commercial virtualization technologies being broadly developed for a wide range of cloud and mobile applications
8 | ©Rockwell Collins 2018 - Approved for Public Release
Some MILS Historical Perspective
The MILS concepts proposed in a Dr. John Rushby Paper in 1981 were first embraced for high assurance in the safety domain (1990s)
– Rockwell Collins developed first DO-178B level A partitioned RTOS• LynxOS178• Green Hills and Wind River followed
Rockwell Collins developed and certified first high assurance HW Separation Kernel (SK) - AAMP7 (AdvancedArchitecture Micro Processor 7)
Rockwell Collins in collaboration with LM,AFRL, NSA and Green Hills certified first high assurance SW SK (INTEGRITY-178B) for the F-35 (separates classified data)
Certified May 2005
Certified Nov 2008
Rockwell Collins pioneered practical application of high assurance MILS & Virtualization
9 | ©Rockwell Collins 2018 - Approved for Public Release
• Security infrastructure focused on minimal system impact Low risk for certifications and ATO via High Assurance Designs/Pedigrees Low latency communication channels (Provisioned for RF links) Remote or Over-the-Air Management Protocols User reconfigurable security policies and enforcement across multiple levels
• Formal Methods Security Evaluation co-developed with NSA
• Ability to process up to four security levels spanning TS-U simultaneously
• NSA Type 1 encryption for data in transit and at rest
• Cross Domain Solutions for data segregation by classification levels and caveats
10 | ©Rockwell Collins 2018 - Approved for Public Release
MILS based MLSCROSS DOMAIN SOLUTIONS and ENCRYPTOR
11 | ©Rockwell Collins 2018 - Approved for Public Release
SecureOne™ Product Family: Turnstile™
UCDSMO Baseline Listed(Unified Cross Domain Solution Management Office)
In-production & fielded Developed with NSA DCID 6/3 PL5 Accreditation Hardware Separation Kernel
(AAMP7) Simultaneous TS-U data segregation
½ width 1U, 19” rack-mount Suitable for high-robustness:
Capable of bridging TS-U networks Bi-directional guard capability
SecureOne™ Guard Engine Launch Product
12 | ©Rockwell Collins 2018 - Approved for Public Release
SecureOne™ Product Family: MicroTurnstile™
Army program for development with Navy support for evaluation Soldier wearable, USB powered Integrated with multiple versions of the NettWarrior system including Rifleman Radios, and Android devices
Based on AAMP7 and SecureOne Guard
Extremely small CDS form factor 2.85 in3 (1.2”x 4.0”x0.6”)
Less than one (1) watt total power consumption
Exceptionally light weight, 2.3 ounces without cabling
13 | ©Rockwell Collins 2018 - Approved for Public Release
SecureOne™ Product Family: Tactical Guard Processor (TGP) Common Range Integrated Instrumentation System of Systems (CRIIS) developed, accredited,
and fielded on multiple Major US Air Force and Navy ranges
SecureOne Guard Engine on MILS Common Criteria Evaluation Assurance Level 6+ SK Simultaneous TS-U data labeling, segregation, guarding, and processing
Rugged tactical Airborne/Mobile modules including secure data bus access Up to 6 Ethernet interfaces per module (Ground Guard Drawer includes 2 Tactical Guard Processors (TGPs)) I/O Card hosts 1553, serial, and F-35 Fiber Channel I/O as well
1553:1.0”x3.5”x6.0”; 1.1#; ~15W @5VDCF35 FC:1.1”x3.5”x6.0”; 1.2#; ~25W @5VDC
CDS only: 0.75”x3.5”x6.0”; 0.8#; ~10W @ 5VDC
14 | ©Rockwell Collins 2018 - Approved for Public Release
MLS Encryption: KOV-74 End Cryptographic Unit (ECU) Common Range Integrated Instrumentation System of Systems (CRIIS) developed, certified, accredited,
and deployed Based on AAMP7 and JANUS Crypto Engine First in the World NSA MLS Type-1 Certification
NSA Type 1 Certified: 30-Sep-2014 In-line Network Encryption Device for Data-at-Rest and Data-in-Transit Over-the-Air Ignition and Key Management for reduced logistics impact Key Agility allows for virtual channels and System High configuration 4 Red (TS-U), 3 Black (U), 1 Control (all 10/100 Ethernet) Internet Protocol (IP) Layer encryption, Datalink Agnostic
Low-SWAP, Airborne/Ground Mobile qualified LRU < 15W @ 5VDC, 1.6#, 3.5”x6.0”x1.44”
15 | ©Rockwell Collins 2018 - Approved for Public Release
Application of MLS for Test/Training/LVC
DLTDLC
Rm #3
EAL-6 Guard4-Channel
Crypto
Ground Subsystem
USAR
STS
USAR
STS
Rm #2 Rm
#1
F/A-18 Secret HighU
SARS DLT
4-Channel CryptoEAL-6 Guard
TS
Platform SubsystemU
SARS
TSData Bus
USAR
S DLT
4-Channel CryptoEAL-6 Guard
TS
Platform SubsystemU
SARS
TSData Bus
F-35
Live, Virtual, or Constructive entities can be supported
Think in terms of “Top Gun” training with 10 to over 100 aircraft
16 | ©Rockwell Collins 2018 - Approved for Public Release
Conclusions
Security and Cybersecurity are critical elements of all the systems we build today
Rockwell Collins has been a pioneer in development of high assurance systems using commercial technologies
Virtualization Technologies to support MILS are becoming much more practical due to significant commercial investments
Cross Domain Solutions and Encryption products built using MILS enables high assurance MLS
High Assurance MILS products and technologies have been successfully deployed for FAA certified Avionics and MLS Test/Training/Live-Virtual-Constructive (LVC) applications
These approaches and technologies are broadly applicable for a wide range of domains which also require cybersecurity protection of information
– Banking & Financial– Insurance– Medical– Online sales– Mobile, Cloud, and Internet Connected Devices (IOT)– Etc.
17 | ©Rockwell Collins 2018 - Approved for Public Release
Points of Contact
TechnicalJim [email protected]
Business DevelopmentLowell [email protected]