Guaranteed Data Integrity in the GIG-NCES Environment

Period of Performance: 03/28/2006 - 03/28/2007

$100K

Phase 1 SBIR

Recipient Firm

Assett, Inc.
11220 ASSETT Loop Array
Manassas, VA 20109
Principal Investigator

Abstract

Our approach is to merge two specific areas of our team's expertise to address the SBIR topic of guaranteed data integrity. The first exploits our knowledge and expertise gained in our IA work on DOD systems including the Defense Message System. The second utilizes and extends the foundational work accomplished by the Federated Trust Research Group (FTRG) in the Department of Computer Science at the University of Virginia. The FTRG is currently in year four of an on-going project to determine whether a web services approach is an effective technique for implementing the privacy and security requirements attendant to medical data in accordance with federal HIPAA regulations for multi-domain, multi-enterprise, medical networks supporting e-healthcare applications. To answer that question, UVa's FTRG has developed a security architecture that uses a standards-based approach, SAML, for authenticating users (humans and software), and XACML for resolving authorization issues. This IA framework is breaking new ground to develop effective techniques to achieve federation (trust exchange across trust domain boundaries such as different organizations). A prototype that implements these core functions of authentication, authorization, and federation has been developed. This research will extend these techniques to support guaranteeing data integrity in the GIG/NCO environment.