A High Assurance Wireless Computing System (hawcs®) Architecture for Software Defined Radios and Wireless Mobile Platforms

In 2004, 2005 and 2006, the authors provided details of wireless network threats discovered during wireless threat analysis studies exposing a potentially serious flaw in the security architecture of software defined radio (SDR), cognitive radios (CR) and wireless mobile platforms. The reconfigurable radio terminal, and the host to which it is attached, are potentially vulnerable to exploitation, malicious reconfiguration and denial of service as a result of Internet based attacks delivered via a wireless signal. These vulnerabilities extend to consumer mobile computing devices with embedded wireless network interfaces including WIFI enabled laptops, PDAs, Smart Phones and Cognitive Radios. Figure 1 In January 2005, the Joint Tactical Radio System (JTRS) issued Change Proposal CP295, “Exposed Black Side” to address this new class of threats to SDRs (Figure 1). The Software Defined Radio Forum also considered these threats in security related Recommendations published in 2006. In November 2006, the “Broadcom Exploit”, one example of this class of vulnerabilities, became public affecting world-wide consumer WIFI installations including those from Apple, Gateway, HP, Dell and eMachines [1, 2] This paper presents an architectural approached called High Assurance Wireless Computing System (HAWCS®) as one way to address such concerns. HAWCS® leverages state of the art separation kernel technology, originally developed for Multiple Independent Levels of Security (MILS) applications, to fortify user end-node integrity and isolate “soft” operating system kernels and applications from network threats such as root kits without the need of additional hardware. HAWCS® addresses CP295 related security flaws in SDR and wireless mobile devices without the need for costly encryption hardware, allowing for greater assurance in mobile eCommerce and endpoint computing.