Augmenting CORBA with High Assurance Data Integrity Mechanisms

Period of Performance: 05/19/1998 - 11/19/1998

$70K

Phase 1 SBIR

Recipient Firm

AST Engineering Services, Inc.
12200 E. Briarwood Ave., Suite 260
Englewood, CO 80112
Principal Investigator

Research Topics

Abstract

The ultimate goal of the proposed R&D is to design, develop and validate innovative CORBA-based software security services and compatible hardware architectures which provide high assurance for multi-level secure (MLS) network applications. The proposed approach is innovative in that it is based on the emerging OMG Security Services Specification (SSS) plus a proprietary technique for maintaining the integrity of stored data items. This latter feature is not addressed by the CORBA Security Services Specification and is critical for the trusted implementation of automated release mechanisms (guards) which regulate the flow of data between different MLS protection domains. The Phase I objectives include an assessment of CORBA architectural implications with respect to security evaluation criteria and certification requirements, and the development of an implementation approach for a high assurance data integrity mechanism. This data integrity mechanism is based on public key encryption methods and will prevent unauthorized information flows in conjunction with other security enforcement mechanisms. A proof-of-concept prototype will be developed to demonstrate the feasibility of our data integrity mechanism and explore the limits of scalability for a CORBA-based MLS network architecture to ensure our approach will be usable in realistic operational settings.