Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF DECEMBER 04, 2014 FBO #4758
MODIFICATION

A -- Innovative Cross-Domain Cyber Reactive Information Sharing (ICCyRIS)

Notice Date
12/2/2014
 
Notice Type
Modification/Amendment
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of the Air Force, Air Force Materiel Command, AFRL/RIK - Rome, 26 Electronic Parkway, Rome, New York, 13441-4514, United States
 
ZIP Code
13441-4514
 
Solicitation Number
BAA-RIK-14-02
 
Point of Contact
Gail E. Marsh, Phone: 315-330-7518
 
E-Mail Address
Gail.Marsh@us.af.mil
(Gail.Marsh@us.af.mil)
 
Small Business Set-Aside
N/A
 
Description
The purpose of this modification is to make the following changes to SECTION I, "Funding Opportunity Description": 1) Add an additional topic, "Real Time Mobile Authentication" to the General Focus Areas ; 2) Delete in its entirety the general topic entitled "Incorporate Enterprise Security Features into Mobile/Tactical Systems" from General Focus Areas ; 3) Delete all of the current focus areas descriptions under Focus Areas for FY16 ; and 4) Add four updated focus area topics to Focus Areas for FY16 No other changes have been made. 1) Added to General Focus Areas Applicable to all FYs: Real Time Mobile Authentication Many mobile users, especially field operators and tactical users, require mobile devices to be unlocked or readily available at any time throughout the mission. Long passphrases can be difficult to remember and may require attention that directs their vision away from the battlefield. Unfortunately, leaving the devices unlocked poses a large security risk if the phones are lost or stolen. By leveraging the sensors on the device (ex. Camera, GPS, Accelerometer (Gate), Humidity, Temperature) along with new wearable technology (Blood pressure, Heart Beat, Body Temp) advanced policies can be created to authenticate the user with the mobile device and keep mission critical applications unlocked and ready to use. These policies should be dynamic and adapt to the environment of the user. For example, complete operations such as locking the device or in certain locations wiping the device entirely. The measures of effectiveness will measure will be measured on authentication false positive/negative rates, impacts to battery life, CPU performance, I/O performance and tactical use-cases. 2) Delete from General Focus Areas Applicable to all FYs: Incorporate Enterprise Security Features into Mobile/Tactical Systems 3) Delete from Focus Areas for FY 16 the following topics: a. Secure Data Containers b. Adaptive Filter Workflows c. Cross Domain Solution (CDS) Load Balancing and Failover d. Mobile Android Multi-Biometric Acquisition (MAMBA) 4) Added to Focus Areas for FY 16: Multi-Level-Security Mobile Secure Foundation Currently we are tracking two major technical approaches for Multi-Level Security (MLS) on Commercial Off-The-Shelf (COTS) hardware running the Android ecosystem. The first approach utilizes a hypervisor to separate multiple virtual machines' operations within the secure device. The second utilizes Security Enhanced (SE) Android policy to separate (sets of) processes. Both of these efforts have disparate strengths and weaknesses, as measured by performance, battery life, boot and access times, and other metrics. Other technical approaches to achieve assured Multi Level Security operation within the Android ecosystem may also be viable, if they can be brought to a similar or higher degree of maturity as well as accomplishing the rest of the tasking by the end of this effort. This effort is to provide a secure foundation for additional development in mobile devices for multiple DoD/IC use cases. As such, the solution chosen must follow accreditation guidelines throughout the effort and ideally have zero outstanding technical issues which would preclude accreditation. Additionally, the chosen solution must adhere to the relevant portions of the Mobility Capability Package protection profiles and National Information Assurance Partnership (NIAP) guidelines. The architecture shall include components selected from the National Security Agency Commercial Solutions for Classified (CSfC) such as Data at Rest, Data in Transit, Mobile Device Management, etc. Finally, it is important that the solution be compatible with military needs for current and future tactical usage, including the continued usage of hardware peripherals. The successful solution will be based on commodity hardware, and ideally with commodity firmware utilizing hardware-based attestation (e.g. Trusted Platform Module (TPM), ARM TrustZone, Samsung KNOX, etc.) through the boot cycle and normal operation of the device. Solutions featuring custom operating systems and firmware are not ideal as they are expected to have higher procurement and maintenance costs and requirements, among other reasons. Measures of effectiveness will include the ability to integrate with existing technologies and abide by all of current and future NSA Mobility publications. The solution shall also adhere to strict requirements of battery life, CPU performance, I/O performance, boot-up times, and tactical application integration. CDS High Availability Cross Domain Solutions (CDS) are typically less resilient than our other information technology (IT). Today we can support CDS load balancing and failover via typical mechanisms if the CDS protocols support it. There are, however, multiple technical shortfalls that limit the usability of these techniques, including the inability to: provide CDS load information to commodity load balancers, maintain configuration synchronization between multiple CDS and the ability to detect and recover from CDS failure. The purpose of this effort is to develop techniques to address these CDS availability concerns. Measures of effectiveness will include extensibility of approach to multiple CDS, ability to integrate with off-the-shelf tools for load balancing, information assurance acceptability and efficient utilization of network bandwidth for communication between components. Cross Domain Machine-to-Machine (M2M) Mediation Layer A common approach to addressing cross domain information sharing requirements is cross-domain enablement of the underlying information technology (IT) that facilitates information sharing intra domain. Cross domain enablement of the machine-to-machine (M2M) protocols that support this IT is challenging because M2M protocols often have attributes that do not match typical CDS transfer characteristics. Some common examples include: non-atomic transactions (require more than one CDS transfer in order to complete), transactions that require ACK/NACK (CDS transfers are usually one way and may not provide failure notification) and transactions that are dependent upon one another (CDS are typically stateless and transfers are independent of one another). The purpose of this effort is to develop a mediation layer that can act as a foundation for M2M communications over a CDS. This mediation layer will be the integration point for specific protocol termination services (e.g. - DB transactions, Web Services) and would handle the necessary information management and CDS data flow understanding to map between M2M interface requirements and CDS transfer capabilities. Measures of effectiveness will include ease of integration with a new set of M2M data flows, native M2M protocol independence, ability to protect end system data integrity from CDS filtering issues, solution performance (throughput and latency) and ease of recovery when issues arise (e.g. - CDS is unavailable, CDS filters misconfigured and start failing transactions). Dynamic Mobile Device Management (DMDM) In order to provide secure containers for multiple compartments within mobile devices, a dynamic method to manage mobile devices using a secure Operating System (such as SE-Android) is required. This topic is to develop and demonstrate an innovative method for the management of such a device. This following management capabilities must be considered: support for multiple compartments on a single mobile platform, dividing each container into separate compartments, each with their own storage, key store, and applications; the ability to provide flexible policies for the communication of all applications with each other and the device; provide high-level enforcement of applications to operate as specified by policy within a container; provide typical device management which includes: user management, device lock-down, container isolation protection, tamper resistance, and remote management (including the ability to wipe the device if compromised); provide continual assessment of the devices security state and make appropriate actions when that state is compromised. The prototype delivered must incorporate as many of these capabilities as possible and demonstrate successful container separation, device and policy management, and attestation of device security. The solution must adhere to the relevant portions of the Mobility Capability Package protection profiles and National Information Assurance Partnership (NIAP) guidelines. The measures of effectiveness will be measured on application performance, agility to tactical low-no communication situations and the ability to integrate with components from the National Security Agency Commercial Solutions for Classified (CSfC) such as Data at Rest, Data in Transit, Mobile Device Management, etc.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/BAA-RIK-14-02/listing.html)
 
Record
SN03585005-W 20141204/141202234706-9edf265ddf9bae31e194cc0ff13dca93 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.