• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Security Infrastructure

SIGMA Project

Sigma is a research project investigating security and interoperability for heterogeneous distributed systems. We are exploring and prototyping security technology for the control of distributed applications interoperating in large-scale heterogeneous computing environments based on the Common Object Request Broker Architecture (CORBA).

Summary
The SIGMA project has three principal objectives:

• Develop security mechanisms for protecting an enclave by controlling access by other enclaves with which it interoperates.
• Improve the state of the art of security mechanisms for object-oriented distributed systems.
• Extend interoperability access controls to apply to heterogeneous security mechanisms and disparate policies of different enclaves.

CORBA is an emerging international standard for interoperable object-oriented distributed computing. Security services within CORBA systems have been minimally addressed in practice, and security services for interoperability between enclaves are an open research issue. The SIGMA project is investigating the integration of and interoperation of security technologies into CORBA-based distributed computing environments. Our focus is on architectures and technologies that allow controlled, selective exchange of object-oriented services among enclaves which differ in security policy, mechanism, and assurance. The SIGMA project encompasses architecture studies and prototyping efforts in three areas:

• CORBA services in a high-assurance trusted multi-level enclave;
• Object-oriented access control mechanisms for CORBA, based on our Domain and Type Enforcement (DTE) research.
• Development of ORB Gateways that selectively filter object requests entering an enclave.

New Ideas

• Security for distributed application interoperation between various kinds of enclaves.
• Distributed application middleware integrated with high assurance distributed security technology.
• Access-controlled CORBA application interoperation between multi-level systems, unclassified systems, and classified system-high systems.
• CORBA compatible security mechanisms based on object-oriented extensions of Domain and Type Enforcement (DTE)

Impact

• Increase the role of trusted systems in distributed planning and C3 operations.
• Extend distributed application support to MLS applications on high-assurance trusted systems.
• Provide tailorable DTE mechanisms for access controls on distributed application interoperation between enclaves and within an enclave.
• Common framework for increased security for COTS, legacy, and custom MLS applications.

The ITO Project Summary Form provides more information on recent accomplishments and plans.

Credits:
Sigma is funded by DARPA's Information Technology Office (ITO) and funded and managed by Rome Laboratories.