Following Navy Objective Architecture and NESI guidance, most US Navy Surface Combat Systems are integrated using real-time publish-subscribe middleware based on the OMG Data Distribution Service specification (DDS). In order to harden the DDS framework, Real-Time Innovations (RTI) designed a set of Information Assurance extensions to the DDS standard and RTI product with necessary support for Authentication, Access Control, Confidentiality, Integrity, Non-repudiation, Data Tagging, and Auditing. We began the process at OMG to develop a Security addition to DDS, successfully issuing an RFP. RTI prototyped the main aspects of the system: plug-in interfaces, authentication, access control and encryption. In Phase II, RTI will implement the secure plug-in interfaces in its DDS product, and build a plug-in solution for each Information Assurance capability. The RTI solution will integrate the technologies typically used in Navy programs and will allow the Navy and Navy Primes integrate with program-specific security mechanisms.
Benefit: We expect the work done for this proposed SBIR effort will have broad applicability to both commercial and government sectors. Over 300 Aerospace and Defense programs have adopted our DDS technology in the last 3 years; we expect more than half of these users will be interested in the Security Extensions. We have interest in this SBIR from multiple Prime contractors, including some of the largest and most important PEO IWS system integrators. The information assurance/security benefits they see resulting from this effort include having, for the first time, a data-centric international secure DDS standard, a secure DDS data model, and a secure DDS product which they can incorporate into their existing combat systems. Because the solution is minimally intrusive, the solution will not require they re-architect their existing networks to accommodate the new security features. The developed technology will have broad impact on distributed computing infrastructure software where it is important to establish fine-grained trust between data producer and data consumer. This includes the banking, securities, telecommunications, power, medical and transportation industries.
Keywords: data pedigree, Information Assurance, publish-subscribe security, data integrity, data-tagging and labeling, data distribution service security, secure multicast, authentication