2007 Issue 2 - Raytheon

raytheon

2007 Issue 2 - Raytheon

Feature

Continued from page 15

A workflow is usually comprised of several

steps. A typical Two-Person Review workflow

is shown below.

Initiation Phase

Upload File(s)/directory structure(s)

File uploaded via Web form, remote file

path or Java Applet

Select User selects release workflow from

Workflow those they have permission to utilize

Typical Two-Person Review FTP Workflow

Step 1: User selects destination(s) from

Select possible destination defined

Destination in the workflow

Step 2: User selects appropriate classification

Select from available classifications

Classification for the destination(s)

Step 3: User can modify the names of

Set Remote file(s)/directory structure(s) for the

File Path remote destination system

Step 4: User reviews previously defined

Self Sign release information and asserts the

appropriateness of the request by

digitally signing the release package

Step 5: System performs an automated

“Dirty Word” review of release package for

Search classification-related issues based

oncontextual search of the

released file(s)

Step 6: System performs an automated

File Type review of release package for

Check inappropriate and/or allowed

file types

Step 7: “Second person” approver reviews

Approve file(s) and the results of the

and Sign automated checks before asserting

the appropriateness of the request

by digitally signing the release

package. Release packages can

also be reverted to correct

information if required.

Step 8: Signed (or unsigned) release

FTP Send packages are transferred via FTP

tothe appropriate destinations

16 2007 ISSUE 2 RAYTHEON TECHNOLOGY TODAY

Human Review Manager

As a release request is processed through a

HRM workflow, the status of the request is

tracked for display on the Request Manager

Web interface, or its status is available for

query by the HRM Request Client. The HRM

also automates e-mail notifications to

reviewers, provides for release packaging

and meta-data generation, and produces a

comprehensive audit trail of the release,

review and transfer process.

The HRM has been deployed on dedicated

Windows-based or Solaris-based machines

and is comprised of two Java Servlet Web

applications with a backend mySQL database

running under an Apache Tomcat

Web server. The HRM application provides

the workflow features for release and

review, while a separate Web application

known as the Login Enabler (Pending

Patent #064747.1151) provides a reusable

and extendable single sign-on and user/

group management capability, which has

been integrated into the HRM’s functionality.

Publisher

Web

user

File transfer

request

Status

Application with

Request Manager API

File(s)

File(s)

File transfer

request

Status

Sign

E-mail

notice

Status

FTP

HRM

File

Server

Firewall

HRM File

System

Approve

and Sign

Releasing

agent(s) Web user

Typical HRM Deployment Architecture

FTP

Server

Write

to DVD

Raytheon has fielded HRMs in support

of customers in both the U.S. and U.K.

markets. The HRM meets the Protection

Level 2 (PL2) with configurations up to PL4

possible when combined with appropriate

boundary devices. Within the U.K., the

HRM has been evaluated to the SYS3

level (which approximates to a Common

Criteria 3 evaluation, without all of the

formal paperwork). • Monty McDougal

monty_d_mcdougal@raytheon.com

PROFILE: JAY LALA

Upon earning

his doctorate

degree in instrumentation

from

MIT, Jay Lala,

Ph.D. embarked

on an impressive

25-year

career at Draper

Laboratory,

where he

designed and

developed

fault-tolerant

computers for mission- and safety-critical

applications. These included the swim-by-wire

ship control computer for the SEAWOLF nuclear

attack submarine and the flight-critical computer

to control all on-board functions of the NASA

X-38 crew return vehicle.

In 1999, Lala joined the Defense Advanced

Research Projects Agency (DARPA) as a program

manager where DARPA’s Information Assurance

& Survivability programs provided him with an

opportunity to achieve his vision of integrating

the two previously distinct and parallel disciplines

of fault tolerance and computer security.

Working at DARPA enabled Lala to change the

security paradigm from prevention and detection

to intrusion tolerance and self-healing.

“Intrusion tolerance moves from the classical

computer and network security approach of prevention

— where you build all types of forts and

moats to keep attackers out — to intrusion tolerance

where you design systems that, even when

some parts fail or are successfully attacked, continue

to operate and degrade gracefully to perform

all the mission-critical functions correctly,” he

explained.“Self-healing or self-regenerative systems

go beyond that — they diagnose root cause and

remove vulnerability exploited by the attacker.”

At the end of his four years at DARPA, a congressionally

mandated term-limit, Lala was awarded

the Office of Secretary of Defense Medal for

exceptional public service for helping improve

the security of our nation’s networks.

Since joining Raytheon in 2003, Lala has been

integral to several key wins. He understands our

customer needs, especially in Mission Assurance,

and has a thorough comprehension of the science

and technology landscape that enables him

to provide state-of-the-art solutions. Lala’s background

and experiences in fault-tolerant computers,

as well as changing a mindset from prevention

to intrusion tolerance and self-healing

systems, is closely aligned with Raytheon’s pursuit

of Mission Assurance.

More magazines by this user
Similar magazines