A -- COMPOSABLE HIGH ASSURANCE TRUSTED SYSTEMS

Notice Date

January 16, 2001

Contracting Office

Defense Advanced Research Projects Agency (DARPA), Contract Management Office (CMO), 3701 N. Fairfax Dr., Arlington, VA 22203-1714

ZIP Code

22203-1714

Solicitation Number

BAA 01-24

Response Due

March 5, 2001

Point of Contact

Dr. Douglas Maughan, DARPA/ITO; Fax: (703) 522-7161

E-Mail Address

baa01-24@darpa.mil (baa01-24@darpa.mil)

Description

PROGRAM BACKGROUND: The Defense Advanced Research Projects Agency (DARPA) is developing Information Assurance and Survivability (IA&S) technologies for next generation information systems and networks of the Global Information Grid (GIG) that will support operations envisioned in Joint Vision 2010 (JV2010) and Joint Vision 2020 (JV2020). The Defense Department's Joint Vision 2010 and 2020 call for information dominance in a high-tempo, tightly integrated multi-national environment. In order to gain dominant battlespace awareness, JV2010 and JV2020 stress the need for information superiority; the capabilities to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do the same. To achieve this vision, highly effective IA&S defense strategies, architectures, and mechanisms are needed to protect our own systems and networks. DARPA seeks innovative technology approaches that are measurably effective against practical attacks. Confidence in future systems must be achieved through system and network-level technologies involving approaches such as layered complementary mechanisms that will be cost-effective and scalable within three to five years. Proposed approaches must demonstrate the ability to support the advanced functionality of future trusted systems while maintaining a high level of confidence in the protection of these systems. The suite of programs in the DARPA Information Technology Office (ITO) Information Assurance & Survivability (IA&S) thrust consists of a closely coordinated group of technology programs. These include: the Critical Infrastructure Protection (CIP) program, the Composable High Assurance Trusted Systems (CHATS) program, the Fault Tolerant Networks (FTN) program, and the Dynamic Coalitions (DC) program. The programs will be coordinated by focusing on a joint research vision, joint experimentation, sharing of laboratory facilities for experimentation, and joint principal investigator meetings (where appropriate). This solicitation is for the Composable High Assurance Trusted Systems (CHATS) program. Additional solicitations will be forthcoming for the other programs within the DARPA/ITO IA&S program suite, as well as the DARPA Information Systems Office (ISO) IA&S program suite. For current information see "Solicitations" at http://www.darpa.mil. PROGRAM OBJECTIVE: U.S. Department of Defense (DoD) computer systems and networks are constantly under attack. Such attacks might potentially make systems unusable, degrade performance, lead commanders to make poor decisions due to faulty data, leak valuable secrets, or even leave behind code that could provide continuing back-door access or be activated on a predetermined event to take obstructive action. Some DoD systems might be vulnerable due to increased interconnection and connection to the Internet. Additional vulnerabilities may exist in common COTS products and might be exploited by anyone in the world to attack those DoD systems, which use such products. The DoD needs to develop focused technologies that support continued system operation in the presence of successful attacks, particularly addressing vulnerabilities and issues, which might arise in DoD's emerging network-centric warfare vision. The Composable High Assurance Trusted Systems (CHATS) program will address this need by developing high assurance operating system technologies to protect computer systems from constant attack. These technologies will be developed in concert with the unclassified open-source operating system development community and will have broad applicability to many programs within DARPA and the DoD. These trusted operating system capabilities will be created by engaging the open-source development community in the development of security functionality for existing open-source operating systems. Additionally, DARPA will engage the open-source community in a consortium-based approach to create a "neutral", secure operating system architecture framework. This security architecture framework will then be used to develop techniques for composing OS capabilities to support both servers and clients in the increasingly network-centric communications fabric of the DoD. These technologies are critical for defensive information warfare capabilities and are needed to ensure that DoD systems of the future are protected from imminent attack. This BAA solicits proposals in the following technical topic areas of the Composable High Assurance Trusted Systems (CHATS) program: (1) Enhanced security and compatibility across open source operating systems; (2) System configuration and administration tools and methods; (3) Security audit/analysis/testing/documentation of open source systems; (4) Security policy, security services, critical applications, and hardware support; (5) Assurance methods and tools; and (6) Other innovative topics related to composable high assurance trusted open-source operating systems. Further information can be found in the Proposer Information Pamphlet. PROGRAM SCOPE: The Composable High Assurance Trusted Systems (CHATS) program will focus on the development of the tools and technology that enable the core systems and network services to protect themselves from the introduction and execution of malicious code and other attack techniques and methods. These tools and technologies will provide the high assurance trusted operating systems the security services needed to achieve comprehensive secure highly distributed mission critical information systems for the DoD. This program will fundamentally change the existing approach to development and acquisition of high assurance trusted operating systems technology by advancing the security functionality, security services, and the state of assurance in current open-source operating systems and developing a long-term architectural framework for future trusted operating systems. DARPA anticipates that the CHATS program will be a five-year program. This is the first solicitation under the CHATS program. Given the scope of this BAA, proposals for this BAA should be for 12 to 24 months of base funding with the possibility of additional options. Multiple awards worth approximately $10 million over two years are expected to be made from this BAA. Future BAAs are expected under the CHATS program that will address longer-term, high assurance concepts for open source operating systems. Proposed research should investigate innovative approaches and techniques that lead to or enable revolutionary advances in the state-of-the-art. Proposals are not limited to the specific strategies listed above, and alternative visions will be considered. However, proposals should be for research that substantially contributes towards the goals stated, i.e. improving the security functionality, services, and assurance of existing open source operating systems. Research should result in prototype hardware and/or software demonstrating integrated concepts and approaches. Integrated solution sets embodying significant technological advances are strongly encouraged over narrowly defined research endeavors. Proposals may involve other research groups or industrial cooperation and cost sharing. GENERAL INFORMATION: The Defense Advanced Research Projects Agency/Information Technology Office (DARPA/ITO) requires completion of a Broad Agency Announcement (BAA) Cover Sheet Submission for each Proposal, by accessing the URL below: http://www.dyncorp-is.com/BAA/index.asp?BAAid=01-24. After finalizing the BAA Cover Sheet Submission, the proposer must submit the BAA Confirmation Sheet that will automatically appear on the web page. Each proposer is responsible for printing the BAA Confirmation Sheet and submitting it attached to the "original" and each designated number of copies. The Confirmation Sheet should be the first page of your Proposal. Failure to comply with these submission procedures may result in the submission not being evaluated. Detailed information and instructions are outlined within the Proposer Information Pamphlet (PIP). Proposers must submit an original and 4 copies of the full proposal and 8 electronic copies (i.e., 8 separate disks) of the full proposal (in Microsoft Word '97 for IBM-compatible, PDF, Postscript, or ASCII format on one 3.5-inch floppy disk or one 100 MB Iomega Zip disk). Each disk must be clearly labeled with BAA 01-24, proposer organization, proposal title (short title recommended) and Copy (number) of 8). The full proposal (original and designated number of hard and electronic copies) must be submitted in time to reach DARPA by 4:00 PM (ET) Monday, March 5, 2001, in order to be considered. Proposers must obtain the BAA 01-24 Proposer Information Pamphlet (PIP), which provides further information on the areas of interest, submission, evaluation, funding processes, and full proposal formats. This pamphlet may be obtained by fax, electronic mail, mail request to the administrative contact address given below, or at URL address http://www.darpa.mil/ito/Solicitations.html. Proposals not meeting the format described in the pamphlet may not be reviewed. This Commerce Business Daily (CBD) notice, in conjunction with the BAA 01-24 PIP and all references, constitutes the total BAA. No additional information is available, nor will a formal RFP or other solicitation regarding this announcement be issued. Requests for same will be disregarded. The Government reserves the right to select for award all, some, or none of the proposals received. All responsible sources capable of satisfying the Government's needs may submit a proposal that shall be considered by DARPA. Historically Black Colleges and Universities (HBCUs) and Minority Institutions (MIs) are encouraged to submit proposals and join others in submitting proposals. However, no portion of this BAA will be set aside for HBCU and MI participation due to the impracticality of reserving discrete or severable areas of this research for exclusive competition among these entities. Evaluation of proposals will be accomplished through a scientific review of each proposal using the following criteria, which are listed in descending order of relative importance: (1) Overall Scientific and Technical Merit: The overall scientific and technical merit must be clearly identifiable. The technical concept should be clearly defined and developed. Emphasis should be placed on the technical value of the development and experimentation approach. (2) Innovative Technical Solution to the Problem: Proposed efforts should apply new or existing technology in a new way such as is advantageous to the objectives. The plan on how offeror intends to get developed technology and information to the open source community should be considered. (3) Potential Contribution and Relevance to DARPA Mission: The offeror must clearly address how the proposed effort will meet the goals of the undertaking. The relevance is further indicated by the offeror's understanding of the operating environment of the capability to be developed. (4) Offeror's Capabilities and Related Experience: The qualifications, capabilities, and demonstrated achievements of the proposed principals and other key personnel for the primary and subcontractor organizations must be clearly shown. (5) Plans and Capability to Accomplish Technology Transition: The offeror should provide a clear explanation of how the technologies to be developed will be transitioned to the open source operating system baselines. Technology transition should be a major consideration in the design of experiments, particularly considering the potential for involving potential transition organizations in the experimentation process. (6) Cost Realism: The overall estimated cost to accomplish the effort should be clearly shown as well as the substantiation of the costs for the technical complexity described. Evaluation will consider the value to Government of the research and the extent to which the proposed management plan will effectively allocate resources to achieve the capabilities proposed. All administrative correspondence and questions on this solicitation, including requests for information on how to submit a proposal to this BAA, must be received at one of the administrative addresses below by 4:00 PM (ET) Monday, February 26, 2001; e-mail or fax is preferred. DARPA intends to use electronic mail and fax for some of the correspondence regarding BAA 01-24. Proposals MUST NOT be submitted by fax or e-mail; any so sent will be disregarded. The administrative addresses for this BAA are: Fax: 703-522-7161; Addressed to: DARPA/ITO, BAA 01-24; Electronic Mail: baa01-24@darpa.mil; Electronic File Retrieval: http://www.darpa.mil/ito/Solicitations.html; Mail to: DARPA/ITO, ATTN: BAA 01-24, 3701 N. Fairfax Drive Arlington, VA 22203-1714.

Web Link

http://www.darpa.mil/ito/Solicitations.html (http://www.darpa.mil/ito/Solicitations.html)

Record

Loren Data Corp. 20010118/ASOL012.HTM (W-016 SN50A9O6)