2014 GCN AWARDS
AppVet speeds mobile devices, apps to the battlefield
- By William Jackson
- Oct 07, 2014
The military’s desire for secure, reliable and inexpensive mobile devices and apps has led to the development of a simple, open-source web service and framework for vetting mobile applications that can be used across government and by commercial developers.
Project at a glance
Office: National Institute of Standards and Technology, in collaboration with George Mason University, under the DARPA TransApps program
Technology used: A framework of software assurance methodology, power and reliability analysis techniques, and standards-based cryptographic solutions
Time To Implementation: Project began in early fiscal 2012, and the framework became operational that year. Funding ended in April 2014
Before: Military personnel in the field had to use costly, heavy communications equipment with limited functionality, or acquire and test commercial devices that were outdated by the time they could be put to use.
After: Personnel have access to current commercial devices and applications that can be tested in hours. AppVet has tested thousands of applications, exposing numerous security vulnerabilities.
AppVet, which is available as a free open source download, is a framework that speeds the testing workflow with a user friendly interface for submitting apps, accessing reports and assessing risk. Application Program Interfaces also let AppVet be easily integrated with a variety of clients, including app stores and third-party analysis tools, both static and dynamic.
The tool was developed under the Defense Advanced Research Projects Agency’s TransApps program by a team headed by the National Institute of Standards and Technology and which included George Mason University.
“It’s been used as an operational system since 2012,” said Craig Schlenoff, group leader of the Cognition and Collaboration Systems Group in the Intelligent Systems Division at NIST.
The first users were in the Defense Department, which has used it to securely deploy more than 3,000 commercial smartphones in the battlefield. The departments of Justice and Homeland Security were also interested in adopting AppVet, and it was used to test mobile devices that were used to provide security for the 2012 presidential inauguration. “It’s slowly picking up steam, and people are getting interested in it,” Schlenoff said.
NIST was approached by DARPA for help in putting commercial mobile devices and applications more quickly into the hands of warfighters. Their challenge was to quickly vet the security and reliability of the hardware and software for military needs on a large scale. NIST led a multi-organizational effort that developed innovative methods for security, testing and evaluation of hardware and software to securely deploy off-the-shelf smartphones and applications in military field operations.
Facing intense pressure, high stakes and complex technical challenges, the team developed an unprecedented security infrastructure and evaluation framework, accelerating the deployment of secure devices into a harsh environment.
AppVet uses software assurance methods, power and reliability analysis techniques as well as standards-based cryptographic solutions. The NIST team also designed a unique smartphone security architecture lets the government keep pace with the fast-paced mobile industry while adhering to strict security requirements, replacing the costly model of long development times and government-specific solutions.
The NIST tool is also is a meaningful reference implementation for the private sector that can help in the development of secure devices and applications. This can help agencies solve problems associated with the bring-your-own-device movement, which can introduce unmanaged and untrusted personal devices into the government workplace.
Since becoming available in 2012, AppVet has proved itself by eliminating the need for older, heavy radio equipment in the field, improving situational awareness and helping to save soldiers’ lives. In one instance, soldiers in Afghanistan surrounded by the Taliban were able to use a mobile device to pinpoint an enemy position and direct fire at them. In another, a Medevac app was used to locate a helicopter landing zone so that a wounded soldier could be quickly evacuated, saving precious minutes.
The effort not only brought together both academic and government researchers and developers, but also allowed researchers from different departments at NIST – the Information Technology Lab and the Engineering Lab – to work together.