- If you want secure intersystem communications and strong node/application authentication over a wide variety of communication protocols including: point-to-point (e.g., TCP, UDP, SCTP, RapidIO, VME, PCI, et al) and point-to-multipoint (e.g., IP Multicast, FireWire, USB, Link16, et al).
- If you want each user community to be able to independently control system authorization and manage their own security. Security enforcement is automatically coordinated.
- If you want high-assurance COTS middleware, certified to the highest levels of the Common Criteria. With PCSexpress, the communications security policy is enforced by a component that is based upon years of research by Objective Interface in cooperation with the DoD, major defense prime contractors, and academia.
System integrators are under increasing pressure to provide strong security for their systems, while providing greater functionality and flexibility to the Warfighter. At the same time budget pressures dictate that programs have fewer dollars to spend.
PCSexpress™ is high-performance, real-time communications software that provides securely separated communications channels between systems.
PCSexpress is the definitive implementation of the MILS Partitioning Communication System architecture. It saves size, weight, and power while decreasing certification and accreditation costs.
PCSexpress provides complete control of each information flow between applications in a distributed system. And, provides high robustness separation of data throughout network communications.
- Enables High-Performance Communications - The total zero-copy architecture optimizes the performance of network communications and minimizes security overhead. Latency (delay for delivering the first byte) and bandwidth reduction (delay added to each additional byte) are optimized specifically for each Separation Kernel platform. Exhaustive benchmarking has shown that bandwidth is most severely constrained by the number of times that data buffers are copied by applications, stacks, and middleware. Objective Interface has worked directly with each Separation Kernel vendor to implement secure data transfer between partitions without copying.
- Enables Fault Tolerant Systems - The PCSexpress design precludes a single point of failure. This means:
- the PCSexpress security infrastructure safely survives node and communication link failures, and
- system architects can configure applications that survive node and communication link failures.
- Enables Agile (and Secure) Network Configuration - PCSexpress provides safe and secure dynamic addition and reconfiguration of deployed, active channels. This enables systems to react quickly to changing requirements and facilitates Network Centric Operations.
- Application Transparent - The strong security capabilities of PCSexpress are provided in a form that isolates application code from the complexity of the security functions (identification, authentication, authorization, policy administration, etc.). Thus, applications can evolve independent of the security function. The administration of the security function is independent of the applications.
- Enforces Information Flow - Allowing security administrators to set security policies as explicit information flows between robustly separated subjects. Information flow-based policy administration is simpler and more adaptable to changes in requirements than a lattice-based policy (Bell-LaPadula write-up/read-down, Biba read-up/write-down, etc.).
- Safeguards Information Flow - PCSexpress communication channels are protected with high assurance. PCSexpress performs strong node and application authentication before data is allowed to flow. Bandwidth allocations are enforced guaranteeing Quality of Service. Covert timing and storage channels are suppressed. Distributed key supercession and promotion of key generations to deployed systems ensure confidentiality and integrity of data. Forward secrecy for group and point-to-point communication is maintained. The bottom line is that applications can communicate more securely without implementing additional security functions.
- Provides Trustworthy Separation - Multiple physical networks are no longer required to guarantee that data with different security levels (TOP SECRET vs. SECRET) or belonging to different Communities of Interest (SECRET NOFORN vs. SECRET NATO) will remain separate. PCSexpress cryptographically separates multiple data flows. Duplicate “air gap” communication links used to ensure separation can now be collapsed down to a single physical channel based on COTS networking equipment. Traffic on one logical flow cannot affect, or even be detected by, the parties exchanging data on any other logical flow. Projects realize significant savings in size, weight and power as well as cost.
- PCSexpress is NEAT!
The Separation Kernel foundation plus the high-assurance engineering process that produced the PCSexpress software means that PCSexpress is:
N on-bypassable —the security functions cannot be circumvented
E valuatable —the security functions are small enough and simple enough to be mathematically verified and evaluated
A lways invoked —the security functions are invoked each and every time
T amperproof —subversive code cannot alter the operation of the security functions by exhausting resources, overrunning buffers, or other forms of making the security software fail
- Robustly Supports Independent Management of Distributed Authorizations - Centralized policy management is not required. Each user community can independently specify and manage their own security policies including constraints on policy interaction. Policies are automatically combined to control authorization.
- Enables Secure Communications Over Untrusted Networks -PCSexpress assumes that the network is not trustworthy. Data is safeguarded before it is placed in the custody of the communications infrastructure. Not relying upon the network to have any security properties enables the system designer to utilize COTS protocol stacks, network interfaces, transmission media, hubs, switches, and routers without exposing distributed data to additional threats.
- Makes Development, Accreditation, Deployment, Operation and Maintenance of High-Assurance Distributed Systems Affordable - The MILS architecture significantly increases the protection, reduces time to develop, and reduces schedule risk of deploying technology to provide high-assurance systems that are both safe and secure.
PCSexpress is high-assurance COTS security software for building high-performance, GIG-connected systems. Objective Interface developed PCSexpress specifically for high assurance certification, including: Common Criteria EAL 6+, DCID 6/3 PL 5, DO-178B Level A. Its many benefits include:
- Independent of communications protocols
- Key to Multiple Independent Levels of Security (MILS)
- Critical component of MILS that extends the Separation Kernel's policy enforcement to distributed systems
- Protects investment in legacy applications
- Lets legacy network applications run without change, allowing existing code bases and libraries to remain essentially unmodified even though their security requirements have changed or increased
- Simplifies secure application deployment so developers can concentrate on the application without worrying about securing how that application communicates
- Allows quick reaction to changing requirements without changes to the applications
- Enables Coalition Force Operations - PCSexpress makes it easy to create and connect a wide variety of communities of interest on a secure basis. This means that for the first time, coalition force network operations can easily separate the communication between coalition partners so that each partner can quickly access authorized information without manual intervention
- Allows agile networking
- Ability to bridge between networks and across domains provides the capability that Network Centric Operations (NCO) demands. This capability allows the Warfighter to leverage information supremacy
Please fill out an Information Request form to learn more how you can use PCSexpress to transparently build high-assurance network communications regardless of the types of communications architecture you use for your applications.