SBIR-STTR Award

Traditional cyber-security methods are inadequate to address the increasing number of threats within larger and higher-performance networks. The U.S. Computer Emergency Readiness Team (US-CERT), the National Institute of Standards and Technology (NIST), the Department of Energy (DOE) Office of the Chief Information Officer (CIO), and many other organizations report consistent failures within these networks. A key point of failure in securing these networks is the centralized security architecture, which relies heavily on single-point-of-failure network appliances such as firewalls, while insufficiently protecting end systems from compromise. Several commercial-off-the-shelf (COTS) solutions provide distributed security functions for commodity workstations. While these COTS solutions are adequate for standard networks operating at data rates up to 1 Gb/s, no distributed solution has emerged that supports the requirements of DOE high-performance-computing storage and visualization systems that operate at 10 Gb/s and beyond. This project will develop a distributed security platform designed specifically for high-performance networks. Commercial Applications and other Benefits as described by the awardee The new security system should be especially well suited for large-scale high-performance enterprise networks such as those in use in DOE and in large corporations.

Traditional enterprise cyber-security methods are inadequate to address the increasing number of threats, particularly within larger and higher-performance networks. Several government and third party organizations report consistent failures within corporate and federal, state, and local government networks. A key point of failure in securing these networks is the centralized security architecture which relies heavily on single-point-of failure network appliances such as firewalls, while insufficiently protecting the end systems. Several commercial off the shelf (COTS) solutions provide distributed security functions for standard networks operating at data rates up to 1 Gb/s. However, to date, no distributed solution has emerged that supports the requirements of high-performance networks operating at 10 Gb/s and beyond. To that end, we propose to address these problems by developing a distributed security platform designed specifically for high-performance networks. This system will consist of a Secure Network Interface Controller (sNIC) card designed for use in high performance end systems, clusters, storage area networks, etc., along with software for management and support. It will be designed to meet or exceed the security guidelines established by NIST Federal Information Processing Standards (FIPS) Publication 200. In Phase I, Acadia proved the feasibility of an FPGA-based sNIC card capable of operating at 10 Gb/s and beyond. An alpha prototype system which incorporates industry-standard security features such as SSL Encryption Engine, Firewall Engine, and Quality of Service (QoS) Engine operating at 10 Gb/s and a secure Authentication, Authorization, Accounting, and Auditing (AAAA) channel was developed. A thorough study was undertaken to examine the compatibility of widely available remote management and monitoring tools with the proposed system. Commercial Applications and Other

Benefits:
In Phase 2, Acadia will transition the Phase-I feasibility study and the prototype hardware demonstration into a complete system ready for commercialization. We will deliver a complete distributed security solution for high-performance systems on an FPGA-based Secure Network Interface Controller (sNIC) card. The system envisioned here is especially well suited for large-scale high performance enterprise networks such as those in use in DOE and in large corporations