I am looking forward to Defence Systems and Equipment International (DSEi), the world's largest fully integrated international defence exhibition, which is being held in London from 8-11th September 2009. In preparation for the event, I've been setting up some Wind River VxWorks MILS 2.0 demos on a Curtiss-Wright VPX6-185 board.
VxWorks MILS is Wind River's implementation of the Multiple Independent Levels of Security (MILS) security architecture, which can host applications running at different security classifications, including multilevel secure (MLS), on the same platform. VxWorks MILS is able to do this by implementing information flow control, data isolation, periods processing and damage limitation, whilst ensuring that data does not leak from one partition to another through either overt or covert channels. The demos also show how Wind River Workbench can perform concurrent debugging of multiple partitions, which is invaluable when developing multi-partition systems.
I've also been working on some modifications to a Wind River VxWorks MILS demo which is representative of a real-world application, a Cross Domain Solution (CDS). This filters packets of data between different networks based on the security classification of the data, and uses multiple partitions to implement sender and receiver on different interfaces.
The demo currently uses a simple encryption algorithm for data passed over the black network (which wouldn't present much of a challenge to GCHQ/CESG or NSA). So I am intending to replace this with a stronger encryption algorithm which is more appropriate to the application.
However, I've been presented with a challenge as most of the encryption algorithms in the public domain are available as C language source code, but my colleague has implemented the black host application in Java. Ironically, after some thought, I decided (as a C programmer) it would be easier for me to port the host Java application to C rather than to port the encryption algorithm to Java.
Now, as I've done that, I just need to decide which encryption algorithm to use. I have the C source code for the encrypt algorithm for the German Enigma cipher machine (which I have seen working), but unfortunately not the decrypt algorithm. However, I have also found a nice crypto algorithm with encrypt and decrypt routines in C, but when I looked through the source code I noticed that it assumed that it was running on a little-endian processor, and I want to run the encrypt on little-endian and decrypt on big-endian, so it looks like I have some more work to do!
Anyway, if you would like to see the VxWorks MILS demo running and discuss how it works, or would like to discuss your security requirements, you'll be able to find me on the Curtiss-Wright stand (724). See you there!
Paul Parkinson is a Principal Systems Architect with Wind River in the UK, working with Aerospace, Defence and Security customers across EMEA. Paul's professional interests include Information Security (InfoSec), Integrated Modular Avionics (IMA) and Intelligence Surveillance Target Acquisition Reconnaissance (ISTAR) systems.
Subscribe to RSS feed.
Comments