Pulse


Pulse

By GCN Staff


NIST to help IT developers build in security

The National Institutes of Standards and Technology has launched an effort to develop guidelines for building security into IT systems from the beginning instead of at the end of the IT development process.

NIST, which is asking for public comment on initial guidelines for the project, said it wanted to bring in “widely recognized systems and software engineering principles to bear on the problem of information system security from the beginning … rather than trying to tack it on at the end.”

"We need to have the same confidence in the trustworthiness of our IT products and systems that we have in the bridges we drive across or the airplanes we fly in," said Ron Ross, a NIST Fellow.

The guidelines represent an effort to bring the principles of building reliable physical structures to software engineering design, according to NIST.

“Systems security engineering processes, supported by the fields of mathematics, computer science and systems/software engineering, can provide the discipline and structure needed to produce IT components and systems that enjoy the same level of trust and confidence,” according  to NIST.

NIST has released the first set of those guidelines for public comment in a new draft document, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems.

The current draft -- and the first stage of the planned process -- describes the fundamentals of systems security engineering and covers 11 core technical processes in systems and software development.

Later public drafts will add material supporting principles of security, trustworthiness and system resilience; use case scenarios; and important nontechnical processes such as risk management and quality control procedures.

NIST asked for comments on the draft by July 11, 2014, which should be sent to sec-cert@nist.gov. NIST expects to publish the final, complete version of the engineering guidelines by December 2014.

Posted on May 27, 2014 at 8:31 AM0 comments


Boeing launches MicroTAC tactical data analytic platform

Boeing has developed a new tactical data analytic suite – called MicroTAC – that the company says provides an information advantage to warfighters, even when network connectivity may be unavailable or unsuitable for the mission.

Running on a lightweight, battery-powered portable device similar to a laptop, MicroTAC can continuously accept data in the field and almost immediately provide an accurate picture of the unfolding information environment, according to Boeing.

While tactical data analysis requires an Internet connection, a MicroTAC user can accept new data, such as from a flash drive, search and analyze it and access predictive analytics while disconnected from networks.

“When warfighters bring MicroTAC into theater, they have a full suite of deployable analytic technologies at their fingertips to take in, analyze and disseminate information in near real-time, especially when communications are unreliable,” said Jeff Brown, director of Boeing’s Intelligence Systems Group.

MicroTAC is fully integrated with Boeing’s existing TAC software, which persistently monitors data and extracts relevant information in real time.

Posted on May 23, 2014 at 9:22 AM0 comments


Multi-device BYOD management from a single console

Absolute Software Corp. announced Absolute Manage 6.5, which allows IT managers to automate BYOD polices for employee-owned computers, along with tablets and smartphones from a single console, the company said in an announcement.

Absolute Manage 6.5, which offers full BYOD support for Mac and Windows computers, provides enrollment workflows as well as remote and automated security for corporate and employee-owned devices, including smartphones, tablets and laptops.   

The automated workflow allows users to enroll their devices through a portal using their corporate credentials. Following authentication, Absolute Manage automatically applies device configurations, security settings and software apps directly to the device.     

With the latest release, Absolute Manage will also support Samsung KNOX, a containerization solution native to Samsung’s hardware and Android OS.  It also includes Cisco’s Identity Service Engine, a network security feature that provides compliance reporting and enforcement for devices connecting to enterprise networks. 

“Many of our customers are receiving requests from employees to bring their personally-owned devices to work. But corporate IT doesn’t want to use multiple consoles and products to secure this range of form factors,” said Errol Olsen, interim CEO at Absolute Software. “The release of Absolute Manage 6.5 will support the Absolute unified IT vision, allowing IT to manage all employee-owned devices from a single console.”


Posted on May 23, 2014 at 9:30 AM0 comments


UMD establishes orbital debris research center

The University of Maryland announced the establishment of the Center for Orbital Debris Education and Research (CODER) to address the problem of orbiting space debris and serve as a hub for academic, industry, and government research collaboration.

"CODER is the first academically led center established to address the full range of issues surrounding the orbital debris problem," said founding faculty member and associate professor of aerospace engineering Raymond Sedwick in the university’s announcement.

"Most existing organizations focus on just one aspect of the problem—tracking, modeling, remediation, mitigation, policy, etc.—but CODER will serve as a research collective to provide expertise in all of these areas."

CODER will spearhead research in each area of orbital debris, including modeling, tracking, mitigation and remediation, assist in developing international policies regarding orbital debris, and serve as a clearinghouse for orbital debris knowledge and findings.

Posted on May 22, 2014 at 10:31 AM0 comments


DARPA posts catalog of software and research results

The Defense Advanced Research Projects Agency recently posted an online catalog designed to give the computer science community a central source for updates on DARPA software development, research results and technical publications.

The Open Catalog is “a curated list of DARPA-sponsored software and peer-reviewed publications,” the R&D agency said, which would make available information “that may lead to experimental results and reusable technology to benefit multiple government domains.”

“Making our open source catalog available increases the number of experts who can help quickly develop relevant software for the government,” said DARPA program manager Chris White. “Our hope is that the computer science community will test and evaluate elements of our software and afterward adopt them as either standalone offerings or as components of their products.”

The initial Open Catalog offerings included software toolkits and peer-reviewed publications from the XDATA program in DARPA’s Information Innovation Office. The project aims to develop computational techniques and software tools for processing and analyzing large, imperfect and incomplete data sets.

DARPA said the catalog reflects its interest in building communities around government-funded software and research. If the R&D community shows sufficient interest, DARPA will continue to make updates and other information available, said the agency.

Today, the catalog includes licensing information for project software , links to the external project page or contact information, and a link to the code repository for the project.

Programs in the current catalog currently include:

Active Authentication, a  program that seeks to develop novel ways of validating the identity of computer users by focusing on unique aspects of individuals through software-based biometrics.

Crowd Sourced Formal Verification, which that aims to investigate whether large numbers of non-experts can perform formal verification faster and more cost-effectively than conventional processes. The goal is to transform verification into a more accessible task by creating fun, intuitive games that reflect formal verification problems. Playing the games would effectively help software verification tools complete corresponding formal verification.

Detection of Psychological Signals, which aims to develop novel analytical tools to assess psychological status of warfighters in the hopes of improving psychological health awareness.

Posted on May 22, 2014 at 11:17 AM0 comments