Philip L. Campbell

On the use of trusted objects to enforce isolation between processes and data

This paper highlights the problem of run-time execution correctness of high-consequence applications in conventional Von Neumann computer architectures. It proposes an approach, trusted objects, in which the application program and data are cryptographically encapsulated in their own environment. The remainder of the paper is organized as follows: after presenting a description of trusted objects, their creation, and their execution, their potential applications are described. Finally, issues and problems requiring further research are discussed.

Department of Defense Instruction 8500.2 “Information Assurance (IA) Implementation:” A retrospective

From the time of its publication on February 6, 2003, the Department of Defense Instruction 8500.2 “Information Assurance (IA) Implementation” (DoDI 8500.2) has provided the definitions and controls that form the basis for IA across the DoD. This is the document to which compliance has been mandatory. For over 9 years, as the world of computer security has swirled through revision after revision and upgrade after upgrade, moving, for example, from DITSCAP to DIACAP, this instruction has remained unrevised, in its original form. As this venerable instruction now nears end of life it is appropriate that we step back and consider what we have learned from it and what its place is in context. In this paper we first review the peculiar structure of DoDI 8500.2, including its attachments, its “Subject Areas,” its “baseline IA levels,” its implicit use of type, signatures (full, half, left, and right), and signature patterns, along with span, and class. To provide context and contrast we briefly present three other control sets, namely (1) the DITSCAP checklists that preceded DoDI 8500.2, (2) the up and coming NIST 800-53 that it appears will follow DoDI 8500.2, and (3) Cobit from the commercial world. We then compare the scope of DoDI 8500.2 with those three control sets. The paper concludes with observations concerning DoDI 8500.2 and control sets in general.

A threat-based definition of IA and IA-enabled products

This paper proposes a definition of “IA and IA-enabled products” based on threat, as opposed to “security services” (i.e., “confidentiality, authentication, integrity, access control or non-repudiation of data”), as provided by Department of Defense (DoD) Instruction 8500.2, “Information Assurance (IA) Implementation.” The DoDI 8500.2 definition is too broad, making it difficult to distinguish products that need higher protection from those that do not. As a consequence the products that need higher protection do not receive it, increasing risk. The threat-based definition proposed in this paper solves those problems by focusing attention on threats, thereby moving beyond compliance to risk management. (DoDI 8500.2 provides the definitions and controls that form the basis for IA across the DoD.) Familiarity with 8500.2 is assumed.

Enforced isolation processes and data

This paper highlights the problem of run-time execution correctness of high consequence applications in conventional Von Neumann computer architectures. It proposes an approach - trusted objects - in which the application program and data are cryptographically encapsulated in their own environment. The remainder of this paper is organized as follows: after the authors present a description of trusted objects, their creation, and their execution, their potential applications are described. Finally, issues and problems requiring further research are discussed.

Final Report for the 10 to 100 Gigabit/Second Networking Laboratory Directed Research and Development Project

The next major performance plateau for high-speed, long-haul networks is at 10 Gbps. Data visualization, high performance network storage, and Massively Parallel Processing (MPP) demand these (and higher) communication rates. MPP-to-MPP distributed processing applications and MPP-to-Network File Store applications already require single conversation communication rates in the range of 10 to 100 Gbps. MPP-to-Visualization Station applications can already utilize communication rates in the 1 to 10 Gbps range. This LDRD project examined some of the building blocks necessary for developing a 10 to 100 Gbps computer network architecture. These included technology areas such as, OS Bypass, Dense Wavelength Division Multiplexing (DWDM), IP switching and routing, Optical Amplifiers, Inverse Multiplexing of ATM, data encryption, and data compression; standards bodies activities in the ATM Forum and the Optical Internetworking Forum (OIF); and proof-of-principle laboratory prototypes. This work has not only advanced the body of knowledge in the aforementioned areas, but has generally facilitated the rapid maturation of high-speed networking and communication technology by: (1) participating in the development of pertinent standards, and (2) by promoting informal (and formal) collaboration with industrial developers of high speed communication equipment.