• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Security Infrastructure

SIGMA - DARPA/ITO Project Summary

Objective:
The SIGMA project has three principal objectives: develop security mechanisms for protecting an enclave by controlling access by other enclaves with which it interoperates; improve the state of the art of security mechanisms for object-oriented distributed systems; extend interoperability access controls to apply to heterogeneous security mechanisms and disparate policies of different enclaves.

Approach:
The Common Object Request Broker Architecture (CORBA) is an emerging international standard for interoperable object-oriented distributed computing. Security services within CORBA systems have been minimally addressed, and security services for interoperability between enclaves are an open research issue. The SIGMA project is a 3-year research effort to investigate the integration of and interoperation of security technologies into CORBA-based distributed computing environments. Our focus is on architectures and technologies that allow controlled, selective exchange of object-oriented services among enclaves which differ in security policy, mechanism, and assurance. The SIGMA project encompasses architecture studies and prototyping efforts in three areas: 1) development of ORB Gateways that selectively filter object requests entering an enclave. 2) CORBA services in a high-assurance trusted multilevel enclave; 3) object-oriented access control mechanisms for CORBA, based on our Domain and Type Enforcement (DTE) research.

Recent Accomplishments:

• Designed and developed prototype ORB Gateway which provides single point of external access to object services of an enclave. The ORB Gateway mediates outside object requests based on nature of the request and attributes of the requester. The gateway is able to interpret security attributes from other enclaves and map these into domains and types. Demonstrated the ORB Gateway to several DoD audiences and provided initial prototype for evaluation for use in advanced technology demonstration programs.
• Designed and developed framework for distributed authentication services component of ORB Gateway. The framework consists of a trust manager and trust specification language, a domain specification language and a high level design for a domain driver. This framework is being extended to support multiple authentication methods.
• Developed an MLS ORB prototype based on TIS's Trusted Mach System. This prototype provides high assurance security mechanisms for within an enclave.
• Designed and specified a DTE-based language (DTEL++) for expressing security policy for CORBA objects. The language provides flexible fine grained control and is scaleable. Developed a prototype compiler for DTEL++ which includes a tool for checking consistency between DTEL++ and IDL.
• Performed initial integration of DTEL++ into DTE UNIX Kernel, a research ORB (ILU), and the ORB Gateway.

Current Plan:

• Extend and enhance ORB Gateway prototype to include management interfaces. Complete integration of authentication framework and DTEL++ processing in ORB Gateway.
• Develop above kernel Object Oriented DTE (OO-DTE) for plug-in to COTS ORB on mainstream O/S.
• Design and develop heterogeneous interoperability demonstration consisting of ORB Gateway, DTE kernel supported OO-DTE, and OO-DTE plug-in to COTS ORB.
• Perform technology transition of the project prototypes to DARPA's Advanced Information Technology Services Reference Architecture.

Technology Transition:
The Sigma project is engaging in a variety of technology transfer and technology collaboration efforts. We are involved in technology transfer activities in support of DARPA sponsored advanced technology demonstrations such as JTF ATD, AJP ACTD, and JWID. We are beginning to transition results in the AITS reference Architecture. We provided an initial prototype of the ORB Gateway to the Mitre Corporation for experimentation and evaluation.

Our second major area of technology transfer is in the areas of standards development. We are members of the OMG and participate in OMG Security SIG and Object Services Task Force. We helped draft the recent OMG RFP on CORB and Firewalls with input from vendors and other OMG members.