A Cost Effective High Assurance Layered Solution for MLS Test Training and LVC

Transcription

1 A Cost Effective High Assurance Layered Solution for MLS Test Training and LVC 2014 Layered Assurance Workshop 8-Dec, 2014 James Marek 2014 Rockwell 2014 Collins. Rockwell Collins.

2 Introduction Solution space to address modern test and training and LVC interoperability issues is an ideal application of layered assurance Significant security-related scope as well as safety issues High assurance/robustness is critical to address these issues Cost and schedule viability are a serious consideration This presentation describes a solution which is based on the principles of layered assurance and composability at multiple levels in the architecture All of the elements described herein have completed their individual certification efforts (e.g. NSA Type 1, Common Criteria, etc.) The system-level solution is rapidly maturing and is in the process of completing accreditation as part of its fielding 2

3 Overview of Problem Space Testing Modern military ranges testing platforms that can each host and share information at a wide range of classification / caveat / compartment levels Training 3rd, 4th, and 5th gen platforms & UAS, Weapon/Threat sims with different security levels and requirements for exchange Coalition partners Current environment results in reduced training effectiveness Common Problem Need for security enforcing MLS information exchange solution Enables effective/efficient testing and training to be performed Affordably control the flow of timely information exchange Low impact scalable solution that supports System-high (at a single-level) through certified MLS operation 3

4 Elements of the solution Modular building blocks for layered solution Composibility at the component and system levels Mobile/Airborne based elements MLS Participant Interface Module (PIM) Multi-Channel MLS NSA Type 1 End Cryptographic Unit (ECU) High-Throughput Data-Link (HT-DL) High Accuracy Time Space Position Information (HA-TSPI) User Interface (UI) with high capacity Data Recorder Device (UI-DRD) Ground based elements Multi-Channel MLS Mission/Debriefing Room Cross Domain Guard (MMMDR- CDG) Multi-Channel MLS NSA Type 1 End Cryptographic Unit (ECU) Data Link Controller (DLC) System Controller Workstation (SCW) Mission/Debrief Room Workstation (MDRW) Portable Test Set (PTS) Remote Ground System (RGS) Range Gateways 4

5 MLS Participant Interface Module (PIM) Multi-Level MILS processing environment Configurable at boot time Works synergistically with ECU & MMMDR-CDG Configurable interfaces Fibre Channel, 1553, Ethernet, Serial CC EAL6+ MILS RTOS Hosts Multiple SL enclaves & CDG TS-U info processing, MAC, & flow control System-high (single or multiple channels) & MLS operation Modular NSA-evaluated CDG Flexible user generated rules e.g. C2, BIT, Status, RTKN NSA-evaluated Labeler ( L ) Bind & check packet labels Composed security policy SK + FE + Labeler 1.5 x 3.5 x 6.4 package for easy embedment Demonstrating that MLS can be packaged in a constrained pkg 5

6 Multi-Channel MLS NSA Type 1 End Cryptographic Unit (ECU) MILS-based multi-channel MLS ECU 4 red traffic channels (TS-U), 1 Ctl (U) 3 black traffic channels (U) MILS SK hosts KM & control IP/Ethernet I/O abstracts encryption from red & black sides Datalink-agnostic encryption Data-In-Transit encryption for off board communication Data-At-Rest encryption for on board storage of mission data Classification level packet label checking on each channel Classification levels configurable based on boot load Key and Algorithm agility per channel Leverages NSA Type 1 certified Janus cryptographic engine 1.5 x 3.5 x 6.4 package 6

7 Multi-Channel MLS Mission/Debriefing Room Cross Domain Guard (MMMDR-CDG) Based on PIM processor Significant SW reuse Scalable, rack mounted version of the PIM Cfg d to filter for mission & exercise debriefing Currently on class level / caveat and mission # Open/Modularity supports direct connection of PIM and MMMDR-CDG Ease system integration, testing, and debug Isolation from ECU s, datalinks, infrastructure Note: ECU s can also be directly connected Isolation from the datalinks, infrastructure 7

8 Participant Sub-System 8

9 Ground Control System Guard ECU SCW DataLink UI-DRD UI-DRD UI-DRD Mission/Debrief Mission/Debrief Rm(s) Room 9

10 Typical Application Virt1 Virt2 Const 10

11 Summary Presented solution for modern test/training/lvc MLS needs Applies layering and abstraction Focus on modularity and composability MILS building blocks to reduce C&A cost, schedule, and risk Enables cost effective implementation for range of applications Supports several modes of operation as needed by users (e.g. system-high, MSL, MLS) Not simply a proposed concept but is Founded on Technology Readiness Level (TRL) 6+ certified products and technologies Currently finishing accreditation through deployment for both domestic and international applications to solve MLS test, training, and LVC challenges 11

12 Backup These elements are included in the paper and have a limited role in the layered assurance. However, due to time constraints they are not covered in the main brief 2014 Rockwell 2014 Collins. Rockwell Collins. 12

13 Participant Elements 2014 Rockwell 2014 Collins. Rockwell Collins.

14 High-Throughput Data-Link (HT-DL) Employs uplink, downlink, and peer-peer crosslink services with packet rates roughly 4 to 5 times greater than legacy podbased range instrumentation Relay routes are self-forming, out to 4 hops Manual routing can be managed between user-selected nodes Datalink range for a single-hop route is 100 nmi air-air, and 130 nmi air-ground. 6.6 lbs. is miniaturized to roughly half the weight of existing equipment Partitioned into a Transceiver Modem (TRM) module (6.6 ) and a Power Amplifier (PA) module (11 ), each having a 3.5 x 1.4 cross section Selectable to use built-in Type 3 encryption Type 1 encryption is provided external to the datalink to enable more modularity and support alternate datalinks easy datalink upgrade without NSA recertification

15 High Accuracy Time Space Position Information (HA-TSPI) Critical element of any test/training system Feeds testing exercises as well as on-board weapon and threat simulations Enhanced system modularity and composibility due to independent isolated TSPI function Leverages the Rockwell Collins high accuracy miniature Selective Availability Anti-Spoofing Module (SAASM) GPS Includes state-of-the-art Inertial Measurement Unit (IMU) technology Tightly coupled together to provide: Real-Time Horizontal (x, y) and Vertical (z) position accuracy of 0.5 meters RMS Real-Time Horizontal (x, y) and Vertical (z) velocity accuracy of 0.03 m/sec RMS Real-Time Attitude accuracy of 0.1 degrees RMS 15

16 User Interface (UI) with high capacity Data Recorder Device (UI-DRD) Modular User Interface to support: Remote key loading and zeroization for encryption and GPS Hosts user removable solid state storage media for mission data recording Storage media is also able to store configuration data and files Supports over-the-air configuration/loading option 16

17 Ground Elements 2014 Rockwell 2014 Collins. Rockwell Collins.

18 Data Link Controller (DLC) Commercial computing platform Hosting management software for Ground-based and participant package datalink modules Datalink network Information flow to and from ground and airborne nodes Hosts an EAL4 certified OS and conforms to DISA STIG guidelines for cyber security 18

19 System Controller Workstation (SCW) Commercial computing platform Hosting mission and participant management software Supports configuration for ground and airborne elements, as well as key distribution Hosts an EAL4 certified OS and conforms to DISA STIG guidelines for cyber security Allocated a port on the MMMDR-CDG which filters range traffic to and from the SCW Operates in a blind administration mode Not typically accessing range participant traffic, but primarily focused on command and control functions that manage the range assets participating in exercises Plays a part in the layered security architecture Managing encryption keys Cfg and control functions for airborne/mobile/ground elements 19

20 Mission/Debrief Room Workstation (MDRW) Commercial computing platform Hosting mission management and debrief application software Hosts an EAL4 certified OS and conforms to DISA STIG guidelines for cyber security Allocated a port on the MMMDR-CDG which filters range traffic (live, recorded playback or a hybrid) Functionality reuse from the SCW Uses isolation and independent configuration & management with respect to the other elements of the system for added layer of security 20

21 Portable Test Set (PTS) Man-portable miniature ground sub-system Capable of being carried around the range to support wired remote operations Also supports configuration, test, and debug of airborne equipment spread across the range locale Each PTS includes a ruggedized laptop computer that hosts an EAL4 certified OS and conforms to DISA STIG guidelines for cyber security Leverages some common software from the SCW and MDRW 21

22 Remote Ground System (RGS) Includes Datalink Optional weather sensor Ability to remotely power manage the RGS elements One or more RGS datalinks are used to provide area coverage (diversity) for the ground-based DLC (Data Link Controller) They can also support extended range for airborne platforms through relay functionality The weather sensor augments accuracy when operating an RGS in a GPS-denied mode 22

23 Range Gateways A variety of flexible computing and networking equipment and associated protocol translation and formatting software & firmware are also key elements of the range system to enable inter/intra-range operability and bridging to legacy systems 23