1 | ©Rockwell Collins 2018 - Approved for Public Release

Cybersecurity – Evolution, Approach, and Application

16 October, 2018Presented by James A. MarekRockwell Collins

2 | ©Rockwell Collins 2018 - Approved for Public Release

Outline

Why Security has become so important? What is Cybersecurity? Rockwell Collins History related to Cybersecurity What’s MLS and MILS? Historical Perspective of MILS Rockwell Collins History of Application of MILS A Practical MILS Use Case – MLS Solution for Test/Training/LVC

– Building Blocks: MILS based Cross Domain Solutions and Encryptor– Example Application of MILS CDS and Encryptor for Test/Training/LVC

Conclusions

3 | ©Rockwell Collins 2018 - Approved for Public Release

Why is security so important for us and our customers? More connected world, more information sharing, information is valuable More use of Commercial products and technology with little understanding of

the design or designers Leads to more attack vectors and more attackers (motivated) Drives need for Cybersecurity to address protection of our information and

information systems

Measures to protect and defend information and information systems by ensuring Confidentiality, Integrity, Authenticity, Availability, and Non-repudiation

– Confidentiality – Only authorized users get access – Integrity – Only authorized users can modify– Authenticity – Genuine not forged or fabricated– Availability – Available and functioning correctly, opposite is “Denial of Service (DoS)”– Non-repudiation – Not able to deny a transaction that occurred

What is Cybersecurity (formerly Information Assurance)

4 | ©Rockwell Collins 2018 - Approved for Public Release

Some History on Rockwell Collins relevant to Cybersecurity

Rockwell Collins has been a pioneer in development of High Assurance systems for decades

We have been a pioneer in deployment of commercial technologies in these systems– IP/Ethernet for safety critical Avionics (Federal Aviation Administration (FAA) certified)– Development and deployment of DO-178B Level A (FAA certified) Operating System for Avionics– Development of secure solutions for DoD Communications, Navigation, and Computing

Over 25 years of experience in applying formal methods to: – Security & Safety-critical systems– Formal microprocessor verification – Formal artifacts for NSA evaluations

Over 40 years in Micro-Electronics and Advanced Packaging– Stacked Package, Advanced Flip Chip– Stacked Die (3D Silicon)– Mixed Digital / RF, Advanced materials

Nearly 20 years in Multi-Level Security (MLS) Modular Architectures– Rockwell Collins has been developing, certifying, and deploying – products and technologies to address Multi-Level Security requirements

Formal Methods

Micro-Electronics

MLS Modular Architecture

5 | ©Rockwell Collins 2018 - Approved for Public Release

Disclaimer

Due to time, the presentation is unable to cover all of the range of cybersecurity relevant topics, products, technologies and applications that Rockwell Collins is involved in….

So, The remainder of the presentation takes a deeper dive into an approach to support Cybersecurity for a highly relevant example application with focus on trusted Cross Domain Information sharing and encryption of information

6 | ©Rockwell Collins 2018 - Approved for Public Release

What’s MLS and MILS? Multi-Level Security (MLS) : from CNSS Instruction No. 4009 26 Apr 2010

– Processing information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.

– Basically information flow policy enforced against “labeled” information

Multiple Independent Levels of Security (MILS)– High-assurance security architecture based on the concepts of separation and controlled

information flow; implemented by separation mechanisms that support composability of both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked and tamperproof (NEAT)

– A MILS solution enables one to support both Multiple Single Level (MSL) and Multi-Level Security (MLS) implementations with lower Size, Weight, and Power (SWAP), reduced certification cost & schedule and lower lifecycle costs through the use of layered security controls and mechanisms including separation mechanisms (Separation kernel, Partitioned Communication System, Physical) and application or system specific security policies restricting the information flow only between components in the same security domain or through a trusted security monitor (e.g., Cross Domain Solution (CDS), Encryptors)

Rockwell Collins perspective has been that in most cases, a MILS approach is the best & most cost-effective way to develop MLS systems

7 | ©Rockwell Collins 2018 - Approved for Public Release

Functional Block Diagram for MILS Processing

Processor

Separation Kernel / Type 1 Hypervisor

MiddleWare

Guest OS B

ClassifiedApp #1

MiddleWare

Guest OS A

ClassifiedApp #2

GuardApplication

MiddleWare

Guest OS C

UnclassifiedApp

SL I/ODevice(s)

Partition B Partition CGuard Partition MLS Partition

MLS MiddleWare

MLSDisplay Server

Partition A

MLS GFXI/O

SL I/ODevice(s)

SL I/ODevice(s)

MLS I/ODevice(s)

Complexity moved to “user” space

“user” space“user” space“user” space“user” space“user” space

MILS can take advantage of commercial virtualization technologies being broadly developed for a wide range of cloud and mobile applications

8 | ©Rockwell Collins 2018 - Approved for Public Release

Some MILS Historical Perspective

The MILS concepts proposed in a Dr. John Rushby Paper in 1981 were first embraced for high assurance in the safety domain (1990s)

– Rockwell Collins developed first DO-178B level A partitioned RTOS• LynxOS178• Green Hills and Wind River followed

Rockwell Collins developed and certified first high assurance HW Separation Kernel (SK) - AAMP7 (AdvancedArchitecture Micro Processor 7)

Rockwell Collins in collaboration with LM,AFRL, NSA and Green Hills certified first high assurance SW SK (INTEGRITY-178B) for the F-35 (separates classified data)

Certified May 2005

Certified Nov 2008

Rockwell Collins pioneered practical application of high assurance MILS & Virtualization

9 | ©Rockwell Collins 2018 - Approved for Public Release

• Security infrastructure focused on minimal system impact Low risk for certifications and ATO via High Assurance Designs/Pedigrees Low latency communication channels (Provisioned for RF links) Remote or Over-the-Air Management Protocols User reconfigurable security policies and enforcement across multiple levels

• Formal Methods Security Evaluation co-developed with NSA

• Ability to process up to four security levels spanning TS-U simultaneously

• NSA Type 1 encryption for data in transit and at rest

• Cross Domain Solutions for data segregation by classification levels and caveats

10 | ©Rockwell Collins 2018 - Approved for Public Release

MILS based MLSCROSS DOMAIN SOLUTIONS and ENCRYPTOR

11 | ©Rockwell Collins 2018 - Approved for Public Release

SecureOne™ Product Family: Turnstile™

UCDSMO Baseline Listed(Unified Cross Domain Solution Management Office)

In-production & fielded Developed with NSA DCID 6/3 PL5 Accreditation Hardware Separation Kernel

(AAMP7) Simultaneous TS-U data segregation

½ width 1U, 19” rack-mount Suitable for high-robustness:

Capable of bridging TS-U networks Bi-directional guard capability

SecureOne™ Guard Engine Launch Product

12 | ©Rockwell Collins 2018 - Approved for Public Release

SecureOne™ Product Family: MicroTurnstile™

Army program for development with Navy support for evaluation Soldier wearable, USB powered Integrated with multiple versions of the NettWarrior system including Rifleman Radios, and Android devices

Based on AAMP7 and SecureOne Guard

Extremely small CDS form factor 2.85 in3 (1.2”x 4.0”x0.6”)

Less than one (1) watt total power consumption

Exceptionally light weight, 2.3 ounces without cabling

13 | ©Rockwell Collins 2018 - Approved for Public Release

SecureOne™ Product Family: Tactical Guard Processor (TGP) Common Range Integrated Instrumentation System of Systems (CRIIS) developed, accredited,

and fielded on multiple Major US Air Force and Navy ranges

SecureOne Guard Engine on MILS Common Criteria Evaluation Assurance Level 6+ SK Simultaneous TS-U data labeling, segregation, guarding, and processing

Rugged tactical Airborne/Mobile modules including secure data bus access Up to 6 Ethernet interfaces per module (Ground Guard Drawer includes 2 Tactical Guard Processors (TGPs)) I/O Card hosts 1553, serial, and F-35 Fiber Channel I/O as well

1553:1.0”x3.5”x6.0”; 1.1#; ~15W @5VDCF35 FC:1.1”x3.5”x6.0”; 1.2#; ~25W @5VDC

CDS only: 0.75”x3.5”x6.0”; 0.8#; ~10W @ 5VDC

14 | ©Rockwell Collins 2018 - Approved for Public Release

MLS Encryption: KOV-74 End Cryptographic Unit (ECU) Common Range Integrated Instrumentation System of Systems (CRIIS) developed, certified, accredited,

and deployed Based on AAMP7 and JANUS Crypto Engine First in the World NSA MLS Type-1 Certification

NSA Type 1 Certified: 30-Sep-2014 In-line Network Encryption Device for Data-at-Rest and Data-in-Transit Over-the-Air Ignition and Key Management for reduced logistics impact Key Agility allows for virtual channels and System High configuration 4 Red (TS-U), 3 Black (U), 1 Control (all 10/100 Ethernet) Internet Protocol (IP) Layer encryption, Datalink Agnostic

Low-SWAP, Airborne/Ground Mobile qualified LRU < 15W @ 5VDC, 1.6#, 3.5”x6.0”x1.44”

15 | ©Rockwell Collins 2018 - Approved for Public Release

Application of MLS for Test/Training/LVC

DLTDLC

Rm #3

EAL-6 Guard4-Channel

Crypto

Ground Subsystem

USAR

STS

USAR

STS

Rm #2 Rm

#1

F/A-18 Secret HighU

SARS DLT

4-Channel CryptoEAL-6 Guard

TS

Platform SubsystemU

SARS

TSData Bus

USAR

S DLT

4-Channel CryptoEAL-6 Guard

TS

Platform SubsystemU

SARS

TSData Bus

F-35

Live, Virtual, or Constructive entities can be supported

Think in terms of “Top Gun” training with 10 to over 100 aircraft

16 | ©Rockwell Collins 2018 - Approved for Public Release

Conclusions

Security and Cybersecurity are critical elements of all the systems we build today

Rockwell Collins has been a pioneer in development of high assurance systems using commercial technologies

Virtualization Technologies to support MILS are becoming much more practical due to significant commercial investments

Cross Domain Solutions and Encryption products built using MILS enables high assurance MLS

High Assurance MILS products and technologies have been successfully deployed for FAA certified Avionics and MLS Test/Training/Live-Virtual-Constructive (LVC) applications

These approaches and technologies are broadly applicable for a wide range of domains which also require cybersecurity protection of information

– Banking & Financial– Insurance– Medical– Online sales– Mobile, Cloud, and Internet Connected Devices (IOT)– Etc.

17 | ©Rockwell Collins 2018 - Approved for Public Release

Points of Contact

TechnicalJim MarekJim.Marek@RockwellCollins.com319-295-4225

Business DevelopmentLowell BuchholzLowell.Buchholz@RockwellCollins.com319-295-8629