'Concept Car' Approach Enables User Community to Influence Development of Next Generation Architecture for Collaborative Multi-Level Secure Systems
DoDIIS Worldwide Conference, Detroit, MI—May 2, 2011—Real-Time Innovations (RTI) and Tresys Technology today announced a revolutionary architecture for highly flexible, low-latency cross-domain solutions (CDS) that uses commercial-off-the-shelf (COTS) technologies and is built on the Wind River VxWorks MILS Platform. The solution enables greater flexibility and connectivity, lower cost of maintenance, and reduced risk versus traditional solutions for CDS.
The joint CDS architecture offered by Tresys, RTI, and Wind River replaces traditional proprietary CDS architectures with three components: the Tresys Content Aware Decision and Routing Engine (CADRE) gateway for defining security policies and filters, RTI's Data Distribution Service (DDS) high-performance messaging middleware, and Wind River VxWorks MILS separation kernel. These three components together provide an open, extensible framework that enables lower implementation, maintenance and modification costs. The solution also runs on much less expensive hardware.
Although the architecture is fully designed, the solution's concept car approach welcomes input from the Cross-Domain Community to influence a long-life architecture that is adaptable for even the most unique requirements while still meeting certification and accreditation (C&A) criteria.
Cross domain solutions—which provide access or transfer of data between differing security domains—have traditionally relied on highly proprietary, closed technologies. This often results in high cost and lengthy turnaround time when a system modification is required. Even minor component modifications can require significant recertification efforts.
"Sharing standard data across domain pairs is pretty straightforward these days," said Scott Winn, vice president, business development at Tresys. "When you want to handle varying types of data with low latency, high throughput, and maintenance of QoS, it gets harder. Add in the need to accept myriad new data sources, interoperate with coalition partners, and quickly respond to new mission requirements—it gets harder still. Flexibility combined with high assurance requires a rethinking of how a CDS gets built. By involving the community—via our concept car approach—we are taking a game-changing approach to the design-build process that will provide long-lasting benefits to the entire community."
Basing the joint architecture on the Wind River VxWorks MILS separation kernel secures data flow between multiple security domains. The VxWorks MILS kernel strictly controls data exchange across domains without requiring multiple processors. The VxWorks MILS platform has entered Common Criteria certification at EAL 6+ against the Separation Kernel Protection Profile (SKPP). The Tresys filters and RTI DDS use this secure foundation to connect diverse communication domains into this CDS.
The three technologies work together to provide secure, easy communications:
- Tresys' CADRE architecture and tools deliver flexible, deep content inspection. CADRE builds on the dynamic attributes of DDS to enable easy creation of content filters and provide consistency in the security and quality of the implementation.
- RTI Data Distribution Service high-performance messaging middleware transmits and "normalizes" data between systems in real-time and with content awareness. The middleware supports end-to-end Quality of Service (QoS) and meets real-time performance requirements not currently satisfied by any CDS.
- Wind River VxWorks MILS Platform allows a single processor to host applications running at multiple security levels (e.g., secret and top secret) or from different domains (e.g., Navy and Air Force). This eliminates the typical CDS requirement of segregated user nodes, servers, and network equipment. Applications at multiple security levels can be hosted on a single processor board in secure partitions.
"Creating highly configurable real-time CDS solutions is challenging," states Chip Downing, senior director of aerospace and defense at Wind River. "This solution stack enables wire speed transmission and filtering of multi-level secure (MLS) data in very small footprint devices."
"RTI has a long, successful track record with Wind River and Tresys in advanced, secure communication systems," said David Barnett, vice president of products and markets at RTI. "Our technologies fit together to create compelling and efficient customer solutions, and this platform is another proof point of the power of our joint solutions."
The companies will demonstrate the joint architecture live at the 2011 Department of Defense Intelligence Information Systems (DoDIIS) Worldwide Conference in Detroit, MI on May 1-5, 2011 and at the Wind River Aerospace and Defense Regional Conferences being held across the United States.
About RTI Data Distribution Service
RTI Data Distribution Service is the world's most widely-used implementation of the Object Management Group (OMG) Data Distribution Service (DDS) specification. DDS is the leading messaging standard for integrating distributed real-time applications and systems-of-systems. By bringing the benefits of a Service Oriented Architecture (SOA) to demanding mission-critical systems, DDS dramatically reduces the time and cost required for development, integration, testing, maintenance and upgrades.
About Tresys CADRE
Tresys' CADRE is a concept for sharing information across security domains using off-the-shelf technologies that radically change the way cross domain solutions can adapt to evolving requirements. Built on a custom filtering language coupled with a Tresys proprietary CDS architecture, CADRE permits deep content inspection of data formats and protocols that are "unknown" to the filter, thanks to DDS's ability to abstract the protocol itself.
Real-Time Innovations (RTI) is the world's leading provider of messaging middleware compliant with the Object Management Group (OMG) Data-Distribution Service for Real-Time Systems (DDS) standard. With over 70 percent market share, more than 400 unique projects take advantage of RTI's software and expertise to slash the time and cost of systems integration. These span a broad range of industries including aerospace, defense, finance, intelligence, power generation and transportation. Founded in 1991, RTI is privately held and headquartered in Sunnyvale, CA. For more information, please visit www.rti.com.
About Tresys Technology
Tresys innovates and applies advanced technologies to quickly solve the needs of customers who require agility and responsiveness to meet their security requirements. Leveraging secure open source software, our products and services support the most sensitive security missions around the world. As a result, Tresys enjoys a distinct reputation for shifting the way governments and businesses approach security. For more information, visit: www.tresys.com
# # #
RTI, Real-Time Innovations, RTI Data Distribution Service, Connext and 1RTI are registered trademarks or trademarks of Real-Time Innovations, Inc. All other trademarks are property of their respective companies.