• Benchmark of Cross Domain Solutions (CDS) proposed by Boeing.
  Will interact with Boeing experts on the project. Let me know by 8/30.
  • Background:   There are several CDS in use today by DoD and other government agencies.  They are used to exchange information across security domains in many different configurations.  Most of these solutions are designed or tailored for specific network environments and strictly controlled application protocols and data formats.  Although there were some attempts by groups like SABI and TSABI to assess and group these solutions against common information sharing needs; integration and C&A issues made it too complicated and tedious for this effort to become effective.  The new DISTCAP offers some relief by simplifying the C&A process.  However; accurate and more complete information on the existing CDS components, their capabilities and features are still unknown to network integrators and architects.
  • Task description:   Need to investigate all CDS solutions and associated high assurance (EAL-4 and beyond) components (including Security Guards and Control Interfaces) supporting both; MLS and MILS solutions.  Group them by assurance levels and describe their capabilities, special features, OS and applications supported, and other information relevant to this type of implementation.  Include successful certification and accreditation environments, lab evaluations, past performance, maturity, software & hardware architectures/configurations, and customer feedback.
  • Deliverable:    CDS report with analysis of tables and comparisons that can be used by Network Architects and Integrators when searching for best solution to their customer needs in the area.  The report should serve as a COMSUMER REPORT on Cross Domain Solutions.
• Effective Hardening of 5 most popular Operating Systems (OS) proposed by Boeing.
  Will interact with Boeing experts on the project. Let me know by 8/30.
  • Background:   Most popular OS systems software in use today, were designed with some Information Assurance in mind.  Many of them have adequate security features and capabilities.  However; their default configuration is wide-open with most security not-enabled when installed in operational environments.  This leaves the applications and networks using these OS systems exposed to attacks by computer hackers and unauthorized access to their resources. 
  • Task description:   Select the 10 most popular OS systems (e.g., Windows XP, VxWorks, Red Hat, Linux, Solaris, etc.) for this analysis.  Include those used in embedded systems.  Investigate and document the secure hardening procedures that best apply to each OS.  Describe the pros and cons of enabling each one of the available security features.  Also describe any security capabilities that are obviously missing from a particular OS.
  • Deliverable:    OS Secure Hardening report with analysis of tables and comparisons that can be used by IA and IT professionals to quickly configure and ensure OS security is properly enabled.
• AIPSEC: Enhance Asymetric IPSec system for Online Storage Backup.
  • Improve the work done by Murthy Andukuri.
  • Porting to Windows
  • Apply same idea to SSL.
• Secure Information Notification.
  • Implement rolebase secure large scale critical notification. Extend the current SIS framework to include active notification. Current SIS only implement passive web-based information retrieval.
  • One possible solution. Extend Secure Groupware for First Responder system, which utilize Keystone (group key management) and Jabber.

4/28/2005

• Secure Information Sharing, by Ganesh Godavari.

5/3/2005

• Evaluation of Existing Voice over Internet Protocol Security Mechanisms
  & A Recommended Implementation for a SIP-based VoIP Phone, by Brett Wilson and Hakan Evecek

5/5/2005

• Web Service Security, by Maria Lizarraga.

• Smartphone Security, by Sujeeth Narayan.

5/6/2003

• Investigations into BIND Dynamic Update with OpenSSL, by David Wilkinson.
• Virtual Priviate Network, by Jeff Rupp.
• Instant Messenger Security with a focus on implementing security policies in corporate IM services, by Kaushal S Chandrashekar.
• PEAP: Protected Extensible Authentication Protocol (for wireless networks), by Jeremy Taylor.
• Snort: A Network Intrusion Detection Software, by Matt Gustafson and Becky Smith

5/8/2003

• Penetration Testing & Countermeasures by Yu Cai and Paul Fong
• Autonomous Anti-DDoS Network V2.0(A2D2-2), by Sarah Jelinek.
• Snort Attack and Logging Test, by James Horton and Thao Pham.
• Study of Multi-Homing, by Sunil Bhave.
• Project SNUPE, by Patrick Cook.