Information Centric Security

Period of Performance: 07/01/2003 - 04/30/2004

$70K

Phase 1 STTR

Recipient Firm

Tecsec, Inc.
1953 Gallows Road, Suite 220
Vienna, VA 22182
Principal Investigator
Firm POC

Research Institution

George Mason University
4400 University Drive MS 4C6
Fairfax, VA 22030
Institution POC

Abstract

A significant amount of information-at-rest is available for exploit by a disloyal insider. The need is to compartmentalize the information-at-rest so that only those roles that are allowed to should have access to it. Information compartmentalization means that a disloyal insider will only have access to a subset of the information. This controls the amount of information a disloyal insider would access, such that damage containment can be done in localizing the domain where the compromise occurs. This serves as a line of defense to be fused with other component technologies to form an integrated solution required for a Defense in Depth. This working model shall demonstrate a combination client and server version based on ANSI X9.69 for a representative operational environment. An analysis will be conducted related to the Security Targets (ST) and Targets of Evaluation (TOE) that will be developed in accordance with published Protection Profiles (PP). The ST and TOE will be based on those security objectives and requirements required for NIAP at EAL 4. The design will incorporate tamper resistance functionality by adding hardware and other capabilities for an eventual FIPS 140-2 certification. The information centric security system will meet the following categorized objectives: access control, key management, data protection, interoperability, audit trail and logging, system misuse and damage assessment, as well as modes of operation. Applicable markets for this research include homeland security and defense, healthcare, and digital and asset rights management