The Multiple Independent Levels of Security (MILS) project, sponsored by the U.S. Air Force Research Lab (AFRL) and cofunded by the F-22 and F-35 program offices, is paving the way toward independently validated, or certified, commercial off-the-shelf (COTS) products for use in highly robust security environments. As I prepared to write this column on MILS, a very old memory practically forced itself into my conscious thought.
I recall a principle my father taught me when I was young. It had to do with quality products. You see my father was an electronics repairman. Thanks to training received during World War II, he established his own TV and radio repair shop in the Midwest. I would spend hours watching him work to repair these electronic devices. Those were the days of vacuum tubes. Repairing radios and televisions was more cost-effective than today’s approach of total product replacement.
My father insisted on quality parts. He knew that in the long run it was more cost-effective for him and his customers to use more expensive parts that would last. This "quality first" attitude carried over to purchases for our home. Mom knew that if a lamp, electric frying pan or toaster did not have an Underwriters Laboratories (UL) tag on it, dad would insist on it going back. That tag represented a level of quality and safety that he trusted. He understood the design rigors through which the manufacturer labored to produce a safe and reliable product. He also appreciated the independent audit and certification.
Now in the early days, as UL was being established, there were many companies unwilling to fund such extra expense. But as the notion of UL-approved became more mainstream, I’m quite certain the amortized cost of certification did not substantially affect a company’s bottom line.
The Common Criteria, an information assurance evaluation and validation scheme for commercial software, is doing for COTS software security what UL did for home electrical device safety. The process provides consumers with assured products, independently validated by a National Information Assurance Partnership (NIAP) laboratory for use in information security environments. In the case of avionics systems, independent validation of flight critical systems via the RTCA DO-178B process is well established and supported by commercial vendors. The new, additional certification associated with the MILS project, provides high robustness information security for these commercial-based components. The MILS project team, composed of government personnel, DoD contractors and commercial vendors, is working with various software standards, using the Common Criteria to establish the information assurance (IA) requirements in the form of product-specific protection profiles.
What has been most notable is that the work on the protection profiles has been done in open consortiums such as the Object Management Group and the Open Group, in which users and vendors interact in honest and deliberate discussions to work out just what IA requirements a "secure kernel," MILS CORBA (common object request broker architecture), or Rapid IO should meet.
Major integrators have too often experienced software vendors’ sales staffs making outlandish promises only to discover after purchase that the product doesn’t perform as advertised, support the promised functionality, or worse is so "buggy" that it fails to function at all!
Apparently this problem has rung true with the U.S. government, as well. Over the past few years, initiatives in the Office of the Secretary of Defense and now the Department of Homeland Security have resulted in the formation of regular workshops known as Software Assurance Forums. These working groups include participants from government program offices, Department of Defense prime contractors, universities and vendors. The focus is to move toward assured software in all aspects: safety, security and quality. One of the key discussions has been in the area of "independent validation."
I am amazed at the breadth of support coming from many software companies, welcoming such independent audits. Apparently they, too, realize the value of the "UL-like" stamp of approval when it comes to selling products!
Dr. Ben Calloni, a research program manager at Lockheed Martin Aeronautics Co., is a member of the Object Management Group and the Open Group, serving on the board of directors of both organizations. He is the Lockheed program manager for the AFRL MILS project.