CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Multiple Independent Levels of Security Architecture: A High Robustness Approach Using COTS

Ben Calloni - Lockheed Martin

Mar 19, 2008

Abstract


Military Specification (MIL-SPEC) has a successfully long but sometimes notorious history in acquisition which led to the creation of high cost items, such as toilet seats and hammers, which precipitated "political embarrassment" for the Department of Defense and the US Government in general. These glitches aside, MIL-SPEC notional ideas offer a pattern for reliability and ruggedness that may be useful in the commercial world particularly with respect to safety and security. The DoD customer base perceives that COTS Standards-based products are a way to reduce cost of ownership and better synergize with commercial technology advancements.

On the other hand, "commercial best practice" and "maximization of the bottom line" policies often lead to system development efforts in the commercial realm, which only focus on getting a product working in time to meet market demand without factoring in reliability and other measures of robustness. All too often, the extra effort required to provide longer term benefits, particularly in the area of safety and security are sacrificed as affecting “the bottom line” too significantly. In the aftermath of 9/11 it is imperative that a collaborative effort between DoD, Gov't, and Business be leveraged. Such effort would borrow the best from DoD in the area of safety and security while maintaining the cost / benefit ratio of commercial enterprise technology that would result in the development of safe and secure, standards-based, commercial software that will enhance the national computer infrastructure.

Video redacted at request of presenter - 2009-07-17

About the Speaker

Dr. Ben Calloni is a Lockheed Martin Fellow for Software Security. He is a senior research program manager of Aeronautics Company in Fort Worth within
Advanced Development Programs (ADP), formerly known as “the Skunk Works". His current research interests are in the area of Information Assurance, partnered with Air Force Research Labs, the National Security Agency, Open Systems Joint Task Force and several commercial off the shelf suppliers, to provide a Multi Level Security infrastructure not only for Department of Defense weapon systems but for Homeland Security as well.

Dr. Calloni serves as the LM Corporate representative to the Object Management Group (OMG), is currently serving on the OMG Board of Directors, and Chairs the Real Time Embedded and Specialized Systems (RTESS) Task Force responsible for developing international standards for RT-CORBA, DDS, UML, and MDA. He is President of the Customer Council of The Open Group consortia, serving on the Board of Directors and is active in the Embedded and Real Time Forum, working with the security sub-committee to develop Common Criteria Protection Profiles for Multilevel Secure Operating Systems, IPv6 and other products. Dr. Calloni also represents Lockheed Martin at the several Department of Defense and Homeland Security interoperability groups. Dr. Calloni has chaired several committees for Fault Tolerance, Security, and Safety critical software systems in these organizations.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.