Policy Guided Isolation and Strategically Shielded Exposure: A Novel Approach to Secure Applications
Agency / Branch:
DOD / USAF
ABSTRACT: It is very challenging to secure applications in today"s networked computer system where applications inherently share various resources and information. In this proposal, we propose a novel approach, called policy guided isolation and strategically shielded exposure, to protect applications in network environments. Our approach combines virtualization techniques with a Policy Machine to provide secure boundaries between applications not only in the memory space, but also in the input space. The Policy Machine is used to reason over security policies that guide application isolation and data sharing among applications. Our approach uses virtualization techniques to provide secure boundaries among the applications, protect the integrity of security policy reasoning and prevent security policy enforcement from being compromised. Additionally, the proposed approach adopts process coloring techniques to keep track of the propagation trace of the shared data. Moreover, the critical services in the proposed approach are strategically separated from applications by using a network shield technique. Finally, the proposed techniques are integrated to protect applications under network wide security policies. BENEFIT: The proposed approach to application protection, policy guided isolation and strategically shielded exposure, provides a feasible solution to protect the applications in a networked environment. The architecture and techniques can be applied to a broad range of military scenarios that involve sensitive information protection including war-time command and control, real-time surveillance network, homeland security, etc. Other potential commercial applications include software industry, banking, law enforcement agency and various civil applications. In essence, the ideas, methods and products resulting from this effort will be applicable to virtually all applications where digital asset protection is needed. The market is quite large and still developing due to the development of computer and software industry. The aggregated commercial market size is estimated to be $600 Million or more. IAI is more than a"think tank", and we have actively pursued with our partners the application of our technologies into actual products. For this proposed effort, in particular, we strongly believe that our work provides the solution needed in practice. It is also reasonable to expect a source of revenue from service contracts related with the actual development of such product for application protection. In addition, IAI will closely work with our partners and collaborator companies such as Raytheon, Lockheed Martin, BAE systems, Boeing, and Telcordia to transfer this technology into the military and commercial world.
Small Business Information at Submission:
Senior Research Scientist
Director, Contracts and Proposals
Research Institution Information:
Intelligent Automation, Inc.
15400 Calhoun Drive Suite 400 Rockville, MD -
Number of Employees:
305 N. University Street
West Lafayette, IN 47907-