Whether a bit of information is private, proprietary, or sensitive to national security, systems owners and users have little knowledge about where their information resides or of its movements between systems. For example, when a user enters information on a phone, it is difficult to provably track that the data remains on the phone or whether it is uploaded to a server beyond the device. The national defense and security communities are similarly left with little transparency when it comes to ensuring that sensitive information is appropriately isolated, particularly when it’s loaded to an internet-connected system.
“As cloud systems proliferate, most people still have some information that they want to physically track – not just entrust to the ether,” said Walter Weiss, DARPA program manager. “Users should be able to trust their devices to keep their information private and isolated.”
But isolating a system completely disconnected from all methods of data transfer is an unrealistic security tactic. To advance government, business, financial, social, and academic learning and research transactions, modern computing systems must be able to communicate with other systems, including those with different security requirements.
Currently, commercial and defense organizations often leverage a series of air-gaps, or breaks between systems, to keep the most sensitive computing devices and information secure. However, interfaces to such air-gapped systems are typically added in, not baked in, and are exceedingly complex for the systems operators as they implement or manage them.
To create scalable solutions that provide safe, verifiable methods of tracking information and communications between systems, DARPA launched the Guaranteed Architecture for Physical Security program. “The goal of GAPS is to develop hardware and software architectures that can provide physically provable guarantees around high-risk transactions, or where data moves between systems of different security levels,” DARPA reported in a release.
The intent is to ensure that these transactions are isolated and that the systems they transit are armed with verifiable secure data security. The intended outcomes are hardware and software co-design tools that allow data separation requirements to be defined during design, and protections that can be physically enforced at system runtime, DARPA said.
GAPS is divided into three research areas that will address: (1) the creation of hardware components and interfaces; (2) the development of software co-design tools; and (3) the integration of these components and tools, as well as their validation against exemplar Department of Defense systems.
“The new hardware components and interfaces are designed to provide system designers with a library of hardware tools to securely isolate data during transactions. The software co-design tools could someday allow developers to easily employ GAPS hardware components without requiring changes to their existing development processes and frameworks,” DARPA explained.
The integration and validation of the hardware and software architectures on DoD systems could be used to demonstrate the capability and maturity of the GAPS approach for the kinds of problems DoD system integrators currently face, and expect to see in the future.
Lastly, commercializing the resulting technologies is also an objective of the program. The verifiable security properties created under GAPS may also help create safer commercial systems that could be used for preserving proprietary information and protecting consumer privacy, DARPA said.
DARPA will hold a Proposers Day Jan. 23, 2019 from 9:00am to 2:30pm (EST) at the DARPA Conference Center, located at 675 North Randolph Street, Arlington, Virginia 22203, to provide more information about GAPS and answer questions from potential proposers. For details on the event, including registration requirements, please see here.
A Broad Agency Announcement that fully describes the GAPS program structure and objectives can be found here.
GAPS is part of the second phase of DARPA’s Electronics Resurgence Initiative (ERI)—a five-year, upwards of $1.5 billion investment in the future of domestic, U.S. government and defense electronics systems. Under ERI Phase II, DARPA is exploring the development of trusted electronics components, including the advancement of electronics that can enforce security and privacy protections. GAPS will help address the DoD’s unique requirements for assured electronics while helping to move forward ERI’s broader mission of creating a more robust, secure and heavily automated electronics industry.