HAMES Project
Carolyn Boettcher of Raytheon gave a brief overview of the HAMES program and turned the spotlight over to John Rushby and Rance DeLong, both of whom are working with Raytheon on various elements of that program.
John Rushby, SRI, provided an overview of the work that is being done on the MILS Integration Protection Profiles (MIPP). His talk offered a good perspective on the complexity and the challenges entailed in creating the integration profile.
Rance DeLong followed with a presentation on MILS Networking Protection System Profile (MNSPP). In the presentation, Rance gave a detailed look at the MILS Network System (MNS), the MNS Protection Profile, the 2009 MNS Use-Case and Architecture Study, Reflections on Applying the 2009 MNS Study Models, Analysis of the 2009 Study Models and Use-Cases, and the 2010 MNSPP Plan.
High Assurance Security Requirements
Dr. Ron Ross, NIST, gave a great presentation on High Assurance Requirements for Federal Information Systems (US Government and Critical Infrastructure), covering the demands and the ramifications for high assurance and trustworthiness from Legislation to Policy to Implementation. He discussed the importance of trustworthiness and what those levels of trust were – from systems to providers.
Ron highlighted many of the relevant NIST documents currently released or soon to be released and provided excellent charts and explanations on how and where the requirements specified in those documents effect high-assurance implementations and providers.
High Assurance Challenges in the Medical Field
Neil Buckley and Rick Hampton from Partners HealthCare System provided a brief overview of some of the operational challenges that hospitals and the medical field face in terms of security, availability, interoperability, and data sharing.
The group was very much engaged and there were very interesting and provocative insights and vertical market-specific requirements that came out of this session.
High Assurance Requirements
Immediately following the presentations there was a Workshop/Discussion on High Assurance Requirements. Rance DeLong covered the work that is being done in the Common Criteria Authoring Environment and Layered Assurance Workshop (LAW).
Evaluation and Certification for High Assurance Security Commercial Products
During this session Joe Bergman talked about the need for a new commercial approach to evaluation/certification, which he has been vetting to government and industry decision-makers, both in the US and in Europe and which has consistently been met with favorable responses.
Rance DeLong presented some of the reasons why the current system isn’t working, drivers behind moving in a new direction, some issues to address, and a path for continuing to explore these issues.
AADL
This was an Open Working Lunch session, which was open to several forums and was very well attended. Ed Roberts presented the details of AADL, which is a very highly accepted language utilized primarily in Europe and one that has significant applicability for modeling high assurance and possibly usable for modeling formal methods-based solutions.
Secure Mobile Architecture
This was a joint session with the Security Forum to progress Secure Mobile Architecture (SMA) including a presentation by Steve Venema on a series of use-cases. Refer to the Security Forum Report.
Wrap-Up
This was a wrap-up on the activities of the RT&ES Forum going forward, led by Sally Long, Joe Bergmann, Glen Logan et al.
This was a valuable and candid discussion with the members on improving the RT&ES Forum, and outlining steps we can take to focus the deliverables, deepen active participation on deliverables, grow the current membership, and increase market awareness and uptake of our deliverables.
