- Data-at-rest and on-the-fly Security
- Secure Efficient Cross-domain Data Sharing
- Automatic Mobile Authentication & Access Control
- Access Control Policy and Validation
- Assured Information Sharing in Clouds
Cybersecurity Secure Efficient Cross-domain Protocols
Coordinating and sharing information across multi-level security (MLS) networks are of great interest in many military applications. However, it is very challenging to accomplish those goals due to the heterogeneous security classifications of different network domains. The recent proposed cross-domain solutions (CDS) provide initial steps to make such applications possible. However, there are still several issues in the existing solutions, and some of them are:
- inefficient authentication;
- privacy leakage;
- unlimited capacity covert channel.
InfoBeyond advocates an Efficient, Secure, and Covert Channel Capacity Bounded (ESC3B) algorithms for the MLS cross-domain environments to address these challenges. First, ESC3B provides an efficient and secure fine-grained authentication scheme which requires each user to store only one key. The key can be used to authenticate several services across the networks. Secondly, an anonymous authentication protocol is provided to the users for service request. The service provider or other third parties cannot infer the user identity and other privacy information. Finally, ESC3B enables reliable communication between network domains by providing feedback channel. The capacity of potential covert channels created by the feedback channel is upper bounded by an arbitrary small value determined by the network designer.
Assured Information Sharing in Clouds
Numerous military database, documentation, and mission-critical information systems are migrated to the clouds, due to cloud cost-efficiency and accessing flexibility. However, the cloud servers are generally untrusted either for data owners or users. InfoBeyond advocates A3IS (Attribute-based Algorithms for Assured Information Sharing) for dynamically and securely data storage, query, and access in a policy-based manner. Basically, A3IS transfers all DoD policies into the corresponding attributes in such a way to validate whether the security policy is enforced for any data manipulation. All the data are encrypted on the cloud servers. The confidentiality and privacy of the owner are protected. On the other hands, only the user satisfying the predefined policies can fetch and decrypt the data with the corresponding keys. For flexible data access, A3IS has the secure fuzzy searching algorithm for users to search the data of his interest from the encrypted data in the cloud. The cloud server is unable to access the decrypted data or infer any additional information. Furthermore, A3IS achieves a fine-granted and flexible access control on the data, having the functions of authentication, authorization, and key distribution for of data owner and users.
Access Control Policy Tool
Access Control (AC) determines the permission of a request in attempt to access certain resources in a software system. It has been greatly used for financial, security, privacy, safety, defense, and many other applications. However, there is no commercial‐ready tool to conveniently and thoroughly compose, test, and verify the policies against potential vulnerabilities. In this project, InfoBeyond advocates the development of a user‐friendly, efficient, reliable, and generic Access Control Policy modeling, verification, and Testing (ACPT) Tool. Our ACPT enhances the NIST’s ACPT design and add several advanced features for achieving high security confidence AC levels such that it can be commercialized. It provides user‐friendly GUI templates for user to compose attributes, enable property tests by a model checker, perform combinatorial tests, and generate XACMAL policies. It specifically improves the NIST’s ACPT design to provide a robust, unified, and generic model checker in an ABAC (Attributed‐based Access Control) framework. Our ACPT will be developed as a standalone software package and web‐based services. The standalone software package can be run in a private server for government and enterprise customers. The web service design facilitates the ACPT webification and evolution in a distributed computing environment for a large number of customers.
InfoBeyond conducted many research on the network security, data security, multi-level security, authentication, assurance, security trustworthy, distributed keying algorithms, covert channel, and cross domain security.