Information Technology Frontiers for a New Millenium
High Confidence Systems
- Introduction
- NSA HCS research program
- Information survivability
- High performance networking environments
- NSF computing-communications research
- Java security
- National Information Assurance Partnership (NIAP)
- Role-Based Access Control (RBAC)
- NIST software technologies and standards
- Telemedicine and secure patient records
- HCS national research agenda


HCS R&D focuses on the critical information technologies necessary to achieve predictably high levels of system availability, reliability, safety, security, and survivability. A high confidence system is one in which the consequences of its behavior are well understood and predictable. It must withstand internal and external threats and must deal with naturally occurring hazards as well as malicious attacks from a sophisticated and well-funded adversary. Systems that employ HCS technologies will be resistant to component failure and malicious manipulation and will respond to damage or perceived threat by adaptation or reconfiguration.
Security-critical, safety-critical, and life-critical systems are needed in chemical production, electric power generation, financial services, healthcare, manufacturing, oil and gas production, and transportation, as well as in emergency services, law enforcement, and national defense. Systems for power generation and distribution, banking, medical implants, automated surgical assistants, and transportation also need reliable computing and telecommunication technologies.
This section describes representative HCS FY 1999 accomplishments and FY 2000 goals.

NSA HCS research

NSA supports and participates in the Information Security (INFOSEC) Research Council to coordinate its research program with DARPA, DOE, NIST, and the DoD service laboratories. The goal of NSA's HCS research program is to ensure that information assurance (IA) solutions keep pace with leading-edge information technology to provide essential security services. The IA program includes the technology areas of active network defense, secure network management, and network security engineering, and areas of enabling research in cryptography and secure communications technology.

Active network defense

Active network defense provides and coordinates research and advanced technology development to support the DoD's Defensive Information Operations. Recent accomplishments include completion of a study for a DoD Minimum Essential Information Infrastructure (MEII) in response to a Defense Science Board recommendation, and the establishment of the Pacific Institute of Computer Security at the University of California at Davis and SDSC to conduct research and develop tools to support intrusion analysis and computer forensics. Future research efforts will develop new tools and techniques for analyzing various types of attacks, their sources and objectives, and technologies to support manual and automatic response.
NSA has applied the PARENTAGE visualization tool, originally developed for SIGnals INTelligence (SIGINT) applications, to network attack analysis. NSA will investigate additional SIGINT technologies for network defense applications. Future R&D in visual analysis of network attacks will focus on prototypes that display the massive sets of multivariate data associated with very large scale systems. NSA has also begun R&D to determine appropriate automated network responses under different intrusion scenarios. Research in mobile agents will investigate applying this technology to network attack detection and response.

Secure network

Secure network management R&D supports a security management infrastructure by developing secure protocols for information sharing, network control, and monitoring events within information systems. NSA's development of the Internet Security Association and Key Management Protocol (ISAKMP) standard through the IETF provides a flexible capability to secure network connections in order to meet the needs of national security users. Future research will help produce security enhanced Internet protocol specifications, reference implementations, and support at international standards bodies.
NSA is developing a reference implementation of an IPSEC. Along with routing security mechanisms and group key management services, ongoing R&D will focus on proofs-of-concept for key management, fractional keying, and non-cryptographic techniques for multicast communications. Additional research into securing the key management infrastructure will include American National Standards Institute (ANSI) X.509 certificate directory services; management, revocation, and secure binding to security attributes; key generation and recovery; cross-certification from multiple security domains; and trusted time-stamping.

Network security

Network security engineering is concerned with providing information security in a networked environment characterized by globally distributed systems and services coupled with dynamic and pervasive information sharing and collaboration. This R&D addresses issues critical to secure hardware, software, and networked systems. Boundary definition addresses the problem of identifying and protecting network borders in order to establish points for monitoring, controlling, and defending against cyber attack. Boundary protection is currently managed primarily by high performance ATM firewalls that filter communications based upon addressing data, and NSA uses the commercialized results of research in this area to protect its internal networks. New research will develop high assurance, high performance boundary protection devices that add the ability to filter on the data itself or on specific protocols, with a goal of higher efficiency and effectiveness and much higher data rates than currently possible. In order to develop appropriate IA solutions, NSA is also undertaking a program to assess the security implications of advanced ATM network switching technologies, such as IP switching.
NSA's Technology Demonstration center provides a showcase for many of the agency's most innovative developments. Access to the facility is controlled by a customized fingerprint recognition system, pictured at the left.
NSA research addresses security issues in the use of object technology. Researchers are identifying security problems of greatest concern to distributed object-based computing and developing solutions for adoption by the Object Management Group's (OMG) Common Object Request Broker Architecture (CORBA).
In operating system security R&D, NSA created the security-related components incorporated into the Fluke operating system developed by the University of Utah. Future research will focus on prototyping additional security components such as a security policy server, a security services negotiation server, and a cryptographic subsystem that includes operating system servers for cryptography and authentication.
Network security engineering research also includes identification and authentication (I&A) technologies applied to people, files, security policies, and hardware. NSA transfers robust and reliable biometric and smartcard I&A technologies to industry. The FY 2000 program highlights research on basic biometrics identification technologies, fingerprint recognition, face and speaker recognition, faster algorithms, and evaluation of currently installed prototype systems. Proof-of-concept models will be available to demonstrate a network computer capable of high assurance switching among different classification levels of information. NSA assurance research includes work on verifying key generation and nuclear command and control designs, reducing risks in executing untrusted Java code downloaded from remote Internet sites, and high assurance modeling of security and trust policies. Finally, NSA research aimed at providing protection from hands-on physical tampering will employ industry partnerships to leverage the commercial market to develop a protective coating for semiconductor chip wafers and to develop a unique, easily produced, secure coating for Government use.

Face recognition can provide instant hands-free access control to computer workstations. Pictured above left and right are two views of an experimental 3-D face recognition system being tested at NSA. The system uses infrared imaging techniques. Pictured left is an NSA researcher preparing to test the face recognition system using a computer-controlled precision positioning platform.


As the Nation's primary resource for cryptography, NSA provides the Federal government's cryptographic algorithms. Backed by the highest level of cryptomathematics expertise, NSA designs new algorithms for the unique requirements of the military, DoD, and the intelligence community. NSA's multi-year public key cryptography research effort will produce designs for efficient public key algorithms and protocols, faster and more efficient arithmetic techniques, elliptic curve software, proactive authentication techniques, related technical support, and public key cryptography standards support.
Quantum computing is a new and powerful threat to traditional cryptography. NSA researchers have begun to counter this threat by employing key exchange techniques that use quantum physics as a basic protection mode. Recent research has demonstrated the feasibility of key exchanges over 47 kilometers of fiber optic cable. NSA will also devise new classes of cryptoalgorithms that are not susceptible to attacks by quantum computing techniques.

The unit pictured above is part of an NSA research effort to perfect the use of single photons to carry encrypted messages across fiber optics. This state-of-the-art technique defeats attempts to intercept communications. Pictured right is a closeup of an experimental quantum cryptography system. The next research phase will attempt to shrink this lab bench prototype into a transportable unit. NSA's quantum cryptography experiments have demonstrated the feasibility of this new technology. With continued research, this technique may soon prove to be a practical and powerful method to protect critical information.

NSA leads government-wide efforts to develop standardized interfaces to integrate cryptography into widely used applications software. Security services such as authentication and encryption can be more easily incorporated into commercial products using a cryptographic API (CAPI). This allows users to easily select the level of protection they need, ranging from commercially developed software algorithms from companies such as RSA Data Security Inc., to DoD-developed hardware technology such as Fortezza. NSA will develop high assurance reference implementations of CAPIs and standards for broader classes of security service, such as those being studied in the Common Data Security Architecture (CDSA). Researchers will provide a comprehensive suite of security capabilities to protect data ranging from simple files and email to complex multimedia communications.

Secure communications

Information transport and its associated infrastructure must demonstrate high assurance capabilities in times of crisis and attack. NSA research encompasses the following enabling technologies: speech coding, wireless communications, high speed cryptography, and optical networking.
Coding research will develop low bit rate algorithms required for digitizing, encrypting, and transmitting tactical voice communications. Wireless research will investigate and counteract the vulnerabilities of the wireless services, use the results to influence standards, provide select demonstrations of critical wireless technologies, and perform the testing, evaluation, and verification needed to ensure the solutions work effectively. NSA has developed technologies to allow the use of STU-III secure voice services over the European GSM cellular communications system, thereby extending the life of DoD's secure voice technology. Two new technology developments include a terminal for demonstrating wireless multimedia communications for the military and a collaborative effort with the Army Communications Electronics Command to overcome some of the denial-of-service vulnerabilities of tactical cellular communications.
Research in high speed secure communications techniques includes higher performance microelectronics, advanced packaging, and highly efficient cryptographic algorithms. Researchers are consulting with customers to address their security problems. In cryptography, NSA will develop a proof-of-concept 10 Gbps ATM encryptor. Optical communications researchers will develop proof-of-concept optical logic technology and switching devices for cryptographic applications, with a longer range goal of incorporating this technology into a completely photonic key generator.

Information survivability

DARPA is developing technologies to protect DoD's mission-critical systems against attack upon or through the supporting information infrastructure. This will lead to stronger protection, higher performance, and more cost-effective security solutions scalable to several thousand sites, satisfying defense requirements for secure and survivable systems.
Information survivability focuses on early prototypes of hardware and software technologies to protect large scale heterogeneous systems used over a wide performance range in diverse threat environments. DARPA is developing survivability technologies to mitigate national and defense computing infrastructure vulnerabilities that could be exploited by an information warfare enemy. Intrusion detection systems will allow attacks on the defense infrastructure to be detected, damage to be assessed, and an appropriate response to be taken while allowing crisis-mode operation of critical infrastructure components.
DARPA is developing high confidence networking technologies -- including security mechanisms, value-added security services, and robust networking protocols designed to facilitate continuous operations in hostile environments -- that will be integrated into the network infrastructure.
High confidence computing systems that provide modular security services and mechanisms, provide high reliability for distributed computations, and allow geographically-separated parts of an organization to interact as if they shared a common security perimeter are also under development. This also includes secure and fault-tolerant operating systems, firewalls, and system management tools. Assurance and integration tools will aid the development of high assurance and trusted systems and the ability to reason about their security properties.

High performance

NASA is developing technologies to help achieve high confidence in system safety, including new techniques and applications for network security and reliability in high performance networking environments and effective network management to implement administrative policies including security, QoS, and routing in complex, high performance networks.

NSF computing-

NSF's Computing-Communications Research (C-CR) program supports research on fault-tolerant and redundant hardware structures and high confidence systems.

Java security

NSF is supporting a secure Internet programming project at Princeton University that focuses on the security of mobile code systems such as Java, JavaScript, and ActiveX. Researchers examining the Java language and both the HotJava and Netscape browsers that support it have discovered a number of flaws that compromise security. These include implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. Research also examines the underlying tension between the openness desired by Web application writers and the security needs of their users and explores ways both might be accommodated.

National Information
Assurance Partnership

NIST and NSA are partners in the National Information Assurance Partnership (NIAP), a program to enhance the quality of information security products and increase consumer confidence in those products that have been objectively evaluated. To help businesses and consumers choose commercial off-the-shelf (COTS) computer security products ranging from firewalls to database management systems, the two agencies are developing a program to ensure that these information technology products meet international standards. The program will be centered on the Common Criteria, an international standard for computer security products.
Common Criteria-based evaluations will take place in accredited private-sector laboratories, and NIAP will validate the results. NIAP will issue Common Criteria certificates, which will be recognized by other signatory countries in the Common Criteria Mutual Recognition Agreement.
The goals of the program include:

  • Operating a Common Criteria-based evaluation system
  • Providing for security evaluations in private-sector laboratories
  • Ensuring that these evaluations meet consistent standards, resulting in increased confidence in the products
  • Increasing availability of evaluated products
  • Creating a climate conducive to the export of the products
  • Developing high quality, cost effective, public domain test methods and tests

Role-Based Access
Control (RBAC)

In the increasingly complex IT environment, careful and correct specification of access control rules for access to online documents, capabilities, or systems is both critical and increasingly difficult, since traditional methods focus on individual users, files, or other system objects. In the real world, access is managed based on the role or roles that a user assumes in the course of work. NIST has pioneered a new access control model, Role Based Access Control (RBAC), that better meets the needs of user organizations. NIST is implementing this model in a number of environments, including a Web-based application.

NIST software
technologies and

NIST works in several areas to create software development and analysis tools, testing technologies, and standards:

  • Software quality. NIST is developing models, methods, and tools for tracing software processes to variables and resources, helping industry to improve the quality of software development and maintenance. Topics include formal methods, semantic correctness, performance assessment, and benchmarking.

  • Software analysis. NIST researchers are developing tools for static and dynamic software analysis, focusing on measuring conformance to specifications and diagnosing causes of deviations from specifications. Initial R&D will be conducted on static analysis tools for program slicing, generating testing paths, and on object classes to detect pre- and post-condition violations in Web applets. NIST is developing experimental software designs and standard reference software with known errors for measuring the effectiveness of software development and testing methods.

  • Software assurance. NIST provides technologies to produce high integrity, affordable software for productive use. NIST will provide guidance to establish fundamental life cycle processes to develop and maintain quality software and advanced development, evaluation, and measurement technologies to address specific assurance problems.

  • Conformance testing. NIST is developing performance testing scenarios, testing procedures, and test suites to help industry, the user community, and testing laboratories with conformance standards testing. NIST works with other standards organizations to capture and incorporate conformance criteria early in the test cycle.

  • Software standards. NIST makes technical contributions to standards-making bodies, representing the interests of the Federal user community, and serves as liaison with standards committees. NIST developed and maintains the online retrieval system for Federal Information Processing Standards (FIPS).

Telemedicine and
secure patient records

In FY 1999, NLM continued to support research in technologies for storing and transmitting patients' medical records while protecting the accuracy and privacy of those records. Current projects promote the application of HCS technologies to healthcare, including telemedicine collaboration technologies to allow healthcare providers to deliver realtime treatment to patients in remote locations.

HCS national research

In addition to the base research program already underway, the HCS agencies are developing an HCS national research agenda for new research in technologies to provide assured construction of high confidence systems. This agenda focuses on the critical information technologies needed to address challenges such as increased reliance on software and on a commodity technology base, increased scale and complexity, stress due to system performance demands, demand for interconnectivity, rush to market, and threat. The goals of the agenda are to:

  • Provide a sound theoretical and technological basis for assured construction of safe, secure systems
  • Provide software, hardware, and system engineering tools that incorporate ubiquitous, application-based, domain-based, and risk-based assurance
  • Reduce the effort, time, and cost penalty of system assurance activities
  • Provide a technology base of public domain, advanced-prototype implementations of high confidence technologies to enable rapid adoption
  • Provide measures or other evidence justifying confidence
To accomplish these goals, the agenda proposes research in HCS foundations to provide supporting theory and a scientific basis for achieving high confidence in safety-critical, security-critical, and other high-consequence systems. It proposes research in HCS design, tool, and language technologies for building assurance into systems; includes an engineering and experimentation component to provide reference implementations of components and system classes that typically require high confidence; illustrates HCS technology implementation and aids adoption; and provides for evaluation. The agenda includes pilot projects and demonstrations that will apply the HCS technologies to user domains, addressing agency systems of mission scale and importance.
The preparation of the HCS research agenda contributed to the design of the IT2 initiative, of which it is a part.
The High Confidence Systems Working Group will dedicate the HCS National Research Agenda to the memory of Andy Arenth of NSA, who served as the Working Group's Co-Chair. Andy skillfully energized and guided the group in establishing a unified vision of the end goal. His contributions and leadership are gratefully acknowledged and will be sorely missed.