Today, modern computing systems are incapable of creating sufficient security protections such that they can be trusted with the most sensitive data while simultaneously being exposed to untrusted data streams.” “Therefore, for the most sensitive computing systems, [the Department of Defense] and commercial industry have in certain places adopted a series of air-gaps — breaks between computing systems to prevent the leakage and compromise of sensitive information.”
Although isolating sensitive IT systems from the internet with air gaps is secure and effective, it carries its own set of risks when information moves between air-gapped and connected systems. In 2015, a Chatham House report found a variety of methods through which air-gapped systems for nuclear power plants and other industrial control systems can be compromised, such as the use of physical flash drives that install malware and long-forgotten, unaccounted-for VPNs and other connections inherent in many older ICS networks.
Many important applications require the co-mingling of private and non-private information, making it difficult to create separation guarantees. Defense Advanced Research Projects Agency is looking for innovations in hardware and software security that can better track and protect sensitive data as it moves from highly secure systems to insecure ones.
The earlier separation is designed into systems, the stronger such protections can be during execution. For the purposes of the GAPS program, we consider ‘high risk transactions’ those in which private information is exposed to public information – and pay particular attention to scenarios that could degrade the protection of sensitive data. GAPS will create hardware and software co-design tools that provably enforce the physical isolation of these high risk transactions. GAPS will also develop security interfaces
Guaranteed Architecture for Physical Security (GAPS) project, announced by DARPA’s Microsystems Technology Office in early January, solicits “innovative research proposals” from contractors who think they can build hardware and software systems with “physically provable guarantees to isolate high risk transactions.” Both the DOD and the commercial industry would benefit from figuring out how to build in better security, the agency argues.
The Guaranteed Architecture for Physical Security program is intended to secure high-risk data transactions and allow consumers to physically track these activities, DARPA said. GAPS contibutors will work to build hardware components and interfaces, develop software co-design tools and integrate these products together. Products that result from the program would be designed to define data separation requirements and provide physically executable protection measures.
GAPS will develop hardware and software architectures that can provide physically provable guarantees around high-risk transactions, or where data moves between systems of different security levels. DARPA wants to ensure that these transactions are isolated and that the systems they move across are enabled with the necessary data security assertions. The intended outputs of this program are hardware and software co-design tools that allow data separation requirements to be defined during design, and protections that can be physically enforced at system runtime.
GAPS will also develop security interfaces that allow users to track sensitive data and ensure that security protections are physically enforced at runtime. The resulting technologies should leverage commercial hardware and software development paradigms and provide a revolutionary advance for both the DoD and security-conscious commercial organizations.
As such, the office wants to approach the problem from a new perspective, ruling out current technologies and solutions like virtual machine managers, diodes or human fusion. Instead, the agency wants a better way to physically track the data it needs to protect.
If GAPS is successful, the barrier to safely enabling high-risk transactions will be substantially lowered, allowing for: a) fast computer to computer transactions; b) a reduced need for unreliable software partitioning solutions; c) more complex system coordination that does not put sensitive data at risk; and d) a commercial ecosystem for components that allow rapid and cost-effective development of complex networks.
“GAPS will create secure hardware and software co-design tools that physically isolate high risk transactions during both system design and system build, and track that such protections are physically enforced at runtime,” the solicitation reads. “If a user wants to compute on sensitive data, the only true assurance is to physically track where the data is and guard all high-risk transactions.”
The project will be split up into three technical areas: components and interfaces, co-design tools and integration and validation. DARPA wants compatibility across the board, so selected vendors or organizations will be required to sign an agreement to communicate and collaborate with each other throughout the project, and the notice encourages the use of combined submissions. Responses are due March 22.
GAPS is part of DARPA’s larger Electronics Resurgence Initiative, a multi-project initiative aimed at moving beyond the traditional limits of Moore’s Law.
Perspecta (PRSP) Receives $6.6 Million Award on DARPA Guaranteed Architecture for Physical Security Program
Perspecta Inc. (NYSE: PRSP), announced today that its innovative applied research arm, Perspecta Labs, was awarded a prime position on the Defense Advanced Research Projects Agency (DARPA) Guaranteed Architecture for Physical Security (GAPS) program. The award, which represents new work for the company, has a total value of $6.6 million, including options, for three phases of work over a 54-month period of performance.
GAPS is part of DARPA’s Electronics Resurgence Initiative (ERI) which aims to create a more specialized, secure and automated electronics industry to serve the domestic commercial sector, while also meeting the unique requirements of the Department of Defense (DOD) for assured electronics. On the program, Perspecta Labs will research, develop, test and validate transformative technologies for secure architecture, including extensions, and tools to programming languages for efficient, provable security.
The Perspecta Labs solution will deliver security technologies for multi-level and cross-domain systems. Specifically, the solution will provide compiler and user tools that support software engineers in efficiently building provably secure architectures that can isolate and protect against high-risk transactions across system life cycles.
“We will leverage our extensive know-how and experience on multi-level security, information assurance and software engineering to provide our DARPA customer with an advanced solution to mitigate against fraudulent components, data exfiltration and the insertion of malicious hardware or software,” said Petros Mouchtaris, Ph.D., president of Perspecta Labs.
References and Resources also include:
https://www.darpa.mil/news-events/guaranteed-architecture-for-physical-security-proposers-day
https://www.fedscoop.com/darpa-wants-move-beyond-air-gap/
https://defensesystems.com/articles/2019/01/09/darpa-air-gap.aspx