TITLE: Shipboard Cross
Domain Secure Solutions
Electronics, Ground/Sea Vehicles, Nuclear Technology
ACQUISITION PROGRAM: Columbia
Class - ACAT ID program
The technology within this
topic is restricted under the International Traffic in Arms Regulation (ITAR),
22 CFR Parts 120-130, which controls the export and import of defense-related
material and services, including export of sensitive technical data, or the
Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls
dual use items. Offerors must disclose any proposed use of foreign nationals
(FNs), their country(ies) of origin, the type of visa or work permit possessed,
and the statement of work (SOW) tasks intended for accomplishment by the FN(s)
in accordance with section 5.4.c.(8) of the Announcement. Offerors are advised
foreign nationals proposed to perform on this topic may be restricted due to
the technical data under US Export Control Laws.
OBJECTIVE: Develop a
cross-domain solution for secure networks specialized operating applications
and interfaces between systems of differing security classifications.
DESCRIPTION: The security of
discrete activities operating within the same network environment under strict
requirements for zero data mixing or “spills” is a challenge. Cross- domain
data flows impeded by time-consuming release procedures prevent fluid and
effective operations. The situation also encourages the entire activity to be
carried out at the highest security level to avoid sharing the data between
Such applications would serve to coordinate activities and maintain data
consistency between domains. Such split applications would also reduce the
need for ad hoc forms of communication between the domains, whose security is
difficult to ensure. Critically, such applications must not enable unintended
flows of information between domains. Thus, this SBIR topic focuses on the
design of the protocol that ties the two parts of the application together as
the key challenge.
While the information being processed by the cross-domain solution will be
classified, the system without data will be unclassified.
This SBIR topic seeks two kinds of developments: 1) Protocols or classes of
protocols of practical interest to the Navy Strategic Systems Program (SSP)
that can be securely operated between security domains, and/or 2) Practical
means for determining that instances and implementations of such cross-domain
protocols are secure and correct.
The two main parts of the application should run without special privileges in
their domains. However, the module that interprets the protocol within the
guard is highly privileged, and therefore the highest degree of trust in its
correctness and security is of key importance. This component of the system
must either be very simple so that manual inspection is feasible, or there must
be some other means or strategy for ensuring correctness. Assume that the
straightforward operation of the distributed application for its intended
purpose is well within the security policy that will be defined as part of this
development. This topic focuses on ensuring that the protocol cannot also
serve as a conduit for covert communications, or that the bandwidth of such
covert channels is limited. Respondents should describe what kind of protocol
their system will support, what sorts of cross-domain applications that
protocol will enable, and what the overall usefulness of such applications
would be in a cross-domain setting. Additionally, the protocols should
configure/control the identified hardware to obey the controls and should be
identified as part of a software/hardware solution. Respondents should also
indicate why it is at least plausible that their selected class of protocols
will be secure. Of particular interest will be theoretical advances that
enable larger classes of protocols to be handled securely or that enable
automated analysis of protocols to ensure that they are secure with
PHASE I: Define a class of
protocols operating across domain boundary with a strategy for protecting
protocol as it passes through a guard. Provide a security argument/analysis
that details a bandwidth limit on the covert channel(s) that could be supported
by this protocol. Phase I will also include plans to develop a prototype
application under Phase II.
PHASE II: Based on the work
completed during Phase I and the proposed Phase II plan, implement tools to
support the class of protocols selected including the guard component, and any
automated protocol analysis that is necessary to ensure security. Construct a
sample cross-domain application using a protocol from that class that meets
security requirements and augments the selected hardware for those protocols.
Illustrate the security argument in concrete form for this application. The
prototypes should be delivered with basic functionality testing by the end of
Phase II. During Phase II, it would be advantageous to utilize the FCS
development platform located in Pittsfield, MA to coordinate and execute MISM
prototype verification and validation testing in the SSBN-R Advanced
Development Lab (ADL) and Engineering Test System (ETS).
PHASE III DUAL USE
APPLICATIONS: Solve the multi-domain coordination problem for the Navy
customer. This design can be applicable for future applications that require
handling data in-between multiple security domains. Work with automated guard
vendor to install and test protocol checking module. Apply technique to
protect communications between multi-network systems. Integrate guard
component within existing hardware/software systems. A tested prototype should
be delivered by the end of Phase III.
1. U.S. Defense Information
Systems Agency (DISA) Cross Domain Solutions (CDS) 101. http://www.disa.mil/network-services/enterprise-connections/mission-partner-training-program/cds-101
2. Department of Defense
Instruction (DODI) 8510.01: “Risk Management Framework (RMF) for DoD
Information Technology.” https://www.hsdl.org/?view&did=793050
KEYWORDS: Cross Domain;
Network Security; Protocol; Data Security; Classification Interface; Cross
** TOPIC NOTICE **
These Navy Topics are part of the overall DoD 2018.1 SBIR BAA. The DoD issued its 2018.1 BAA SBIR pre-release on November 29, 2017, which opens to receive proposals on January 8, 2018, and closes February 7, 2018 at 8:00 PM ET.
Between November 29, 2017 and January 7, 2018 you may talk directly with the Topic Authors (TPOC) to ask technical questions about the topics. During these dates, their contact information is listed above. For reasons of competitive fairness, direct communication between proposers and topic authors is not allowed starting January 8, 2018 when DoD begins accepting proposals for this BAA.
However, until January 24, 2018, proposers may still submit written questions about solicitation topics through the DoD's SBIR/STTR Interactive Topic Information System (SITIS), in which the questioner and respondent remain anonymous and all questions and answers are posted electronically for general viewing until the solicitation closes. All proposers are advised to monitor SITIS during the Open BAA period for questions and answers and other significant information relevant to their SBIR/STTR topics of interest.
Topics Search Engine: Visit the DoD Topic Search Tool at sbir.defensebusiness.org/topics/ to find topics by keyword across all DoD Components participating in this BAA.
Proposal Submission: All SBIR/STTR Proposals must be submitted electronically through the DoD SBIR/STTR Electronic Submission Website, as described in the Proposal Preparation and Submission of Proposal sections of the program Announcement.
Help: If you have general questions about DoD SBIR program, please contact the DoD SBIR Help Desk at 800-348-0787 or via email at email@example.com