a cost effective high assurance layered solution …– 4 red traffic channels (ts-u), 1 ctl (u) –...
Post on 20-May-2020
2 Views
Preview:
TRANSCRIPT
© 2014 Rockwell Collins. All rights reserved.
© 2014 Rockwell Collins. All rights reserved.
A Cost Effective High Assurance Layered Solution for MLS Test Training and LVC 2014 Layered Assurance Workshop 8-Dec, 2014 James Marek
© 2014 Rockwell Collins. All rights reserved.
Introduction
• Solution space to address modern test and training and LVC interoperability issues is an ideal application of layered assurance – Significant security-related scope as well as safety issues – High assurance/robustness is critical to address these issues
• Cost and schedule viability are a serious consideration • This presentation describes a solution which is based on the
principles of layered assurance and composability at multiple levels in the architecture
• All of the elements described herein have completed their individual certification efforts (e.g. NSA Type 1, Common Criteria, etc.)
• The system-level solution is rapidly maturing and is in the process of completing accreditation as part of its fielding
2
© 2014 Rockwell Collins. All rights reserved.
Overview of Problem Space
• Testing – Modern military ranges testing platforms that can each host and
share information at a wide range of classification / caveat / compartment levels
• Training – 3rd, 4th, and 5th gen platforms & UAS, Weapon/Threat sims with
different security levels and requirements for exchange – Coalition partners – Current environment results in reduced training effectiveness
• Common Problem – Need for security enforcing MLS information exchange solution – Enables effective/efficient testing and training to be performed – Affordably control the flow of timely information exchange – Low impact scalable solution that supports
• System-high (at a single-level) through certified MLS operation
3
© 2014 Rockwell Collins. All rights reserved.
Elements of the solution
• Modular building blocks for layered solution • Composibility at the component and system levels • Mobile/Airborne based elements
– MLS Participant Interface Module (PIM) – Multi-Channel MLS NSA Type 1 End Cryptographic Unit (ECU) – High-Throughput Data-Link (HT-DL) – High Accuracy Time Space Position Information (HA-TSPI) – User Interface (UI) with high capacity Data Recorder Device (UI-DRD)
• Ground based elements – Multi-Channel MLS Mission/Debriefing Room Cross Domain Guard (MMMDR-
CDG) – Multi-Channel MLS NSA Type 1 End Cryptographic Unit (ECU) – Data Link Controller (DLC) – System Controller Workstation (SCW) – Mission/Debrief Room Workstation (MDRW) – Portable Test Set (PTS) – Remote Ground System (RGS) – Range Gateways
4
© 2014 Rockwell Collins. All rights reserved.
MLS Participant Interface Module (PIM)
• Multi-Level MILS processing environment
– Configurable at boot time • Works synergistically with ECU &
MMMDR-CDG • Configurable interfaces
– Fibre Channel, 1553, Ethernet, Serial
• CC EAL6+ MILS RTOS – Hosts Multiple SL enclaves & CDG – TS-U info processing, MAC, & flow
control – System-high (single or multiple
channels) & MLS operation • Modular NSA-evaluated CDG
– Flexible user generated rules – e.g. C2, BIT, Status, RTKN
• NSA-evaluated Labeler (“L”) – Bind & check packet labels
• Composed security policy – SK + FE + Labeler
• 1.5”x 3.5” x 6.4” package for easy embedment
– Demonstrating that MLS can be packaged in a constrained pkg
5
© 2014 Rockwell Collins. All rights reserved.
Multi-Channel MLS NSA Type 1 End Cryptographic Unit (ECU)
• MILS-based multi-channel MLS ECU
– 4 red traffic channels (TS-U), 1 Ctl (U)
– 3 black traffic channels (U) • MILS SK hosts KM & control • IP/Ethernet I/O abstracts
encryption from red & black sides – Datalink-agnostic encryption
• Data-In-Transit encryption for off board communication
• Data-At-Rest encryption for on board storage of mission data
• Classification level packet label checking on each channel
• Classification levels configurable based on boot load
• Key and Algorithm agility per channel
• Leverages NSA Type 1 certified Janus cryptographic engine
• 1.5” x 3.5” x 6.4” package
6
© 2014 Rockwell Collins. All rights reserved.
Multi-Channel MLS Mission/Debriefing Room Cross Domain Guard (MMMDR-CDG)
• Based on PIM processor – Significant SW reuse
• Scalable, rack mounted version of the PIM – Cfg’d to filter for mission
& exercise debriefing – Currently on class level /
caveat and mission #
• Open/Modularity supports direct connection of PIM and MMMDR-CDG – Ease system integration,
testing, and debug – Isolation from ECU’s,
datalinks, infrastructure • Note: ECU’s can also be
directly connected – Isolation from the
datalinks, infrastructure
7
© 2014 Rockwell Collins. All rights reserved.
Participant Sub-System
8
© 2014 Rockwell Collins. All rights reserved.
Ground Control System
9
ECU
Guard
DataLink
UI-DRDUI-DRD
UI-DRD
Mission/Debrief RoomMission/Debrief
Rm(s)
SCW
© 2014 Rockwell Collins. All rights reserved.
Typical Application
10
ConstVirt2
Virt1
© 2014 Rockwell Collins. All rights reserved.
Summary
• Presented solution for modern test/training/LVC MLS needs • Applies layering and abstraction • Focus on modularity and composability • MILS building blocks to reduce C&A cost, schedule, and risk • Enables cost effective implementation for range of applications • Supports several modes of operation as needed by users (e.g.
system-high, MSL, MLS) • Not simply a proposed concept but is
– Founded on Technology Readiness Level (TRL) 6+ certified products and technologies
– Currently finishing accreditation through deployment for both domestic and international applications to solve MLS test, training, and LVC challenges
11
© 2014 Rockwell Collins. All rights reserved.
© 2014 Rockwell Collins. All rights reserved.
Backup
These elements are included in the paper and have a limited role in the layered assurance. However, due to time constraints they are not covered in the main brief
12
© 2014 Rockwell Collins. All rights reserved.
© 2014 Rockwell Collins. All rights reserved.
Participant Elements
© 2014 Rockwell Collins. All rights reserved.
High-Throughput Data-Link (HT-DL)
• Employs uplink, downlink, and peer-peer crosslink services with packet rates roughly 4 to 5 times greater than legacy pod-based range instrumentation
• Relay routes are self-forming, out to 4 hops • Manual routing can be managed between user-selected nodes
– Datalink range for a single-hop route is 100 nmi air-air, and 130 nmi air-ground.
• 6.6 lbs. is miniaturized to roughly half the weight of existing equipment
• Partitioned into a Transceiver Modem (TRM) module (6.6”) and a Power Amplifier (PA) module (11”), each having a 3.5” x 1.4” cross section
• Selectable to use built-in Type 3 encryption • Type 1 encryption is provided external to the datalink to enable
more modularity and support alternate datalinks easy datalink upgrade without NSA recertification
© 2014 Rockwell Collins. All rights reserved.
High Accuracy Time Space Position Information (HA-TSPI) • Critical element of any test/training system • Feeds testing exercises as well as on-board weapon and threat
simulations • Enhanced system modularity and composibility due to
independent isolated TSPI function • Leverages the Rockwell Collins high accuracy miniature
Selective Availability Anti-Spoofing Module (SAASM) GPS • Includes state-of-the-art Inertial Measurement Unit (IMU)
technology • Tightly coupled together to provide:
– Real-Time Horizontal (x, y) and Vertical (z) position accuracy of 0.5 meters RMS
– Real-Time Horizontal (x, y) and Vertical (z) velocity accuracy of 0.03 m/sec RMS
– Real-Time Attitude accuracy of 0.1 degrees RMS
15
© 2014 Rockwell Collins. All rights reserved.
User Interface (UI) with high capacity Data Recorder Device (UI-DRD) • Modular User Interface to support:
• Remote key loading and zeroization for encryption and GPS
• Hosts user removable solid state storage media for mission
data recording – Storage media is also able to store configuration data and files – Supports over-the-air configuration/loading option
16
© 2014 Rockwell Collins. All rights reserved.
© 2014 Rockwell Collins. All rights reserved.
Ground Elements
© 2014 Rockwell Collins. All rights reserved.
Data Link Controller (DLC)
• Commercial computing platform
• Hosting management software for – Ground-based and participant package datalink modules – Datalink network – Information flow to and from ground and airborne nodes
• Hosts an EAL4 certified OS and conforms to DISA STIG
guidelines for cyber security
18
© 2014 Rockwell Collins. All rights reserved.
System Controller Workstation (SCW)
• Commercial computing platform • Hosting mission and participant management software • Supports configuration for ground and airborne elements, as
well as key distribution • Hosts an EAL4 certified OS and conforms to DISA STIG
guidelines for cyber security • Allocated a port on the MMMDR-CDG which filters range traffic
to and from the SCW • Operates in a “blind administration” mode
– Not typically accessing range participant traffic, but primarily focused on command and control functions that manage the range assets participating in exercises
• Plays a part in the layered security architecture – Managing encryption keys – Cfg and control functions for airborne/mobile/ground elements
19
© 2014 Rockwell Collins. All rights reserved.
Mission/Debrief Room Workstation (MDRW)
• Commercial computing platform
• Hosting mission management and debrief application software
• Hosts an EAL4 certified OS and conforms to DISA STIG guidelines for cyber security
• Allocated a port on the MMMDR-CDG which filters range traffic (live, recorded playback or a hybrid)
• Functionality reuse from the SCW
• Uses isolation and independent configuration & management with respect to the other elements of the system for added layer of security 20
© 2014 Rockwell Collins. All rights reserved.
Portable Test Set (PTS)
• Man-portable miniature ground sub-system
• Capable of being carried around the range to support wired remote operations
• Also supports configuration, test, and debug of airborne equipment spread across the range locale
• Each PTS includes a ruggedized laptop computer that hosts an EAL4 certified OS and conforms to DISA STIG guidelines for cyber security
• Leverages some common software from the SCW and MDRW
21
© 2014 Rockwell Collins. All rights reserved.
Remote Ground System (RGS)
• Includes – Datalink – Optional weather sensor – Ability to remotely power manage the RGS elements
• One or more RGS datalinks are used to provide area coverage
(diversity) for the ground-based DLC (Data Link Controller)
• They can also support extended range for airborne platforms through relay functionality
• The weather sensor augments accuracy when operating an RGS in a GPS-denied mode
22
© 2014 Rockwell Collins. All rights reserved.
Range Gateways
• A variety of flexible computing and networking equipment and associated protocol translation and formatting software & firmware are also key elements of the range system to enable inter/intra-range operability and bridging to legacy systems
23
top related