Story image

CSIRO's Data61 builds innovative security platform for defence sector

07 Sep 2017

CSIRO’s Data61 has developed new technology for government and defence staff that allows them to access multiple computer networks without compromising security.

Currently, government and defence staff use multiple segregated computer networks to maintain and classify data. This, according to Data61, is complicated when staff need to access multiple networks at the same time and transfer data between those networks.

The technology, dubbed ‘Cross-Domain Desktop Compositor’ (CDDC), provides a single interface for staff, which works well in areas with limited physical workspace such as ships, Data61 says.

“In an age where security is at a premium, a new approach to cyber security is needed. The CDDC platform is an example of how we can fundamentally change the way real-world systems are built and engineered, with trustworthiness assured to the highest degree possible without sacrificing usability,” comments DST researcher Mark Beaumont.

The CDDC also provides a seamless and fully integrated secure system, as well as additional functionality such as controlled data transfer and copy-paste.

According to Data61, solutions in the market often trade off security and usability against each other. Buyers who favour usability are more vulnerable to attacks and data leakage between secret networks.

However those who favour security prohibit simultaneous access to data from multiple domains on the same screen.

Behind the CDDC technology is Data61’s seL4 microkernel operating system, which is also used in autonomous helicopters and trucks.

“We have proved that seL4 enforces very strong security requirements, and is free of many classes of security vulnerabilities that plague commodity systems. In the CDDC we are using seL4 to support an integrated view of information, while providing fine-grained control of information flows, including controlled cut-and-paste between separate networks,” explains Toby Murray, senior research in Data61 Trustworthy Systems Team.

The company plans to market CDDC after the Australian Department of Defence conducted successful trials.

“We have developed a roadmap to commercialise this product with the defence market and support from the Defence Innovation Hub,” adds CSIRO’s Data61 CEO Adrian Turner.

“Data61 has world-leading expertise in designing and building trustworthy systems. We have partnered with the DSTG Group to overcome tough cyber-security challenges through deep science, engineering and user experience design.”

The company says that while CDDC is primarily focused on defence, its applications can be extended across government, enterprise, banking, health and autonomous systems.

“It will also be interoperable with existing desktop infrastructure, and cheaper than traditional low to medium assurance products. Existing solutions are often complex and expensive to deploy and maintain – in contrast the CDDC is plug and play,” Beaumont comments.

“We will also enable a local supply chain to develop the platform for further global applications,” Turner concludes.

The CDDC is a finalist in three categories in this year’s 2017 National iAwards. The iAwards recognise technology innovations that have a positive impact on the community.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.