An Approach to Secure Remote Computing for Network Centric Operations

摘要

Information security is a critical aspect of a network centric architecture. As a defence force transitions to a network centric organisation strong consideration to system and network security is necessary. One facet of a network centric organisation where it can be difficult to enforce information security is for remote personnel. Information security at the deployed or remote network node often relies upon a mixture of hastily established physical, procedural and logical security mechanisms that may not always provide the same level of assurance as the information security afforded in established and permanent Defence environments. A secure Portable Application Device (secure PAD) provides both portable storage and an execution environment that can allow deployed or remote personnel to upload, from the secure PAD, a trusted standard operating environment to perform secure computing within a network centric organisation. The secure PAD typically includes mechanisms to mitigate data loss, forensic discovery, under-duress threats and cyber, brute-force and physical attacks, whilst enforcing system integrity. This piece considers how the Silicon Data Vault (SDV), a secure PAD, provides a suitable secure portable execution and storage environment to support network centric operations (NCO). The SDV has been designed to satisfy the Australian high assurance requirements to protect highly classified data, yet allow the device to be handled as a lower classified device by remote personnel when the device is powered off. The motivation for the development of the SDV and its concept of operation are presented. The device's high assurance security functionality is enumerated and how the security functions combat logical and physical security attacks is discussed. The paper concludes by considering how some of the novel features of the SDV support NCO theory. The Australian Defence Forces' transition to a network centric organisation is used to provide context for the use of a secure PAD.