Keeping a system completely disconnected from all means of information transfer is an unrealistic security tactic. Modern computing systems must be able to communicate with other systems, including those with different security requirements. Today, commercial and defense organizations often leverage a series of air-gaps, or breaks between systems, to keep the most sensitive computing devices and information secure. However, interfaces to such air-gapped systems are typically added in after the fact and are exceedingly complex, placing undue burden on systems operators as they implement or manage them.
To create scalable solutions that provide safe, verifiable methods of tracking information and communications between systems, DARPA launched the Guaranteed Architecture for Physical Security (GAPS) program. The goal of GAPS is to develop hardware and software architectures that can provide physically provable guarantees around high-risk transactions, or where data moves between systems of different security levels. DARPA wants to ensure that these transactions are isolated and that the systems they move across are enabled with the necessary data security assertions. The intended outputs of this program are hardware and software co-design tools that allow data separation requirements to be defined during design, and protections that can be physically enforced at system runtime.
GAPS is divided into three research areas that will address:
1) the creation of hardware components and interfaces;
2) the development of software co-design tools; and,
3) the integration of these components and tools, as well as their validation against exemplar Department of Defense (DoD) systems.
The new hardware components and interfaces are designed to provide system designers with a library of hardware tools to securely isolate data during transactions. The software co-design tools could someday allow developers to easily employ GAPS hardware components without requiring changes to their existing development processes and frameworks. Finally, the integration and validation of the hardware and software architectures on DoD systems could be used to demonstrate the capability and maturity of the GAPS approach for the kinds of problems DoD system integrators currently face, and expect to see in the future.
Commercializing the resulting technologies is also an objective of the program. The verifiable security properties created under GAPS may also help create safer commercial systems that could be used for preserving proprietary information and protecting consumer privacy.
GAPS is part of the second phase of DARPA’s Electronics Resurgence Initiative (ERI) – a five-year, upwards of $1.5 billion investment in the future of domestic, U.S. government and defense electronics systems.