You are here

Pantograph: Secure, Cross-domain Object Models

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-14-C-0036
Agency Tracking Number: F13A-T08-0066
Amount: $149,935.00
Phase: Phase I
Program: STTR
Solicitation Topic Code: AF13-AT08
Solicitation Number: 2013.A
Solicitation Year: 2013
Award Year: 2014
Award Start Date (Proposal Award Date): 2013-10-24
Award End Date (Contract End Date): 2014-07-23
Small Business Information
33 Thornwood Drive, Suite 500
Ithaca, NY -
United States
DUNS: 101321479
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Matthew Stillerman
 Technical Director
 (607) 257-1975
Business Contact
 Richard Smith
Title: Controller
Phone: (607) 257-1975
Research Institution
 Cornell University
 Susan L Jones
373 Pine Tree Road
Ithaca, NY 14850-2820
United States

 (607) 255-5014
 Nonprofit College or University

ABSTRACT: Most cross-domain information flows require some human intervention to ensure that the requirements for releasability are met. Such intervention is expensive and slow, and can form a bottleneck in operations. Unfortunately, fully automated sharing of information across security domain boundaries is also fraught with difficulties due to problems with identifying releasable information, and the need to control covert channels. The result so far has been automated information flows that are one-directional or point solutions. ATC-NY and Cornell will develop the Pantograph software suite to address this problem. Pantograph will enable the nearly routine authoring of secure cross domain applicationsdistributed applications with state that is seamlessly shared, in a sanitized form, between the two domains. Building on Fabric, Cornell"s compiler for distributed applications with provable enforcement information flow security, applications compiled with Pantograph will enforce information-flow security between domains. The internal Pantograph protocol will mitigate potential covert channels by sanitizing the protocol messages. A security analyzer will quantify residual covert channel risks inherent in the application. BENEFIT: Cross domain applications developed with Pantograph will provide a very practical way to share information between security domains with very high assurance that information flow policies in both domains are enforced. Inexpensive and straightforward authoring of highly secure cross-domain applications will have three main benefits: (1) Better, more fluid coordination of activities between domains, (2) reduced pressure to"upgrade"all related tasks to the highest sensitivity level, and (3) reduced pressure to allow unsafe sharing to"get the job done". The primary market for Pantograph applications will be the many DoD and intelligence community installations with multiple security domains connected by guards. Critical infrastructure protection will be another market for Pantograph applications, potentially much larger, and with lower barriers to entry. Almost all of our national critical infrastructure is controlled by digital systems that are connected to corporate networks and are thus vulnerable to attack from the Internet. Pantograph applications can enable sharing of specific information between enterprise networks and critical infrastructure control systems, in both directions, with strong guarantees that spurious information flows cannot occur.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government