NASA Open Source - Cyber Security Applications in Space and on the Ground

This is the third article in my series on Space Security.

NASA has recently released its 2014 Software Catalog, featuring a comprehensive list of software titles available for US Government Only, as well as Public use.

Here is an overview of some of the more interesting titles available.  Note that some titles may need to be acquired by contacting NASA directly.

There are multiple publicly available applications in the list which could be tremendously helpful to public and private organizations helping to secure their networks. It is clear to me that NASA is leading the way in the public sector helping to provide resources which can help secure not only other agencies, but private industry as well.

I'd like to give a HUGE shout-out to NASA for releasing all of these great applications!

Ballast: Balancing Load Across Systems ARC-16443-1
Ballast is a tool for balancing user load across Secure Shell Handler (SSH) servers. The system includes a load-balancing client, a lightweight data server, scripts for collecting system load, and scripts for analyzing user behavior. Because Ballast is invoked as part of the SSH login process, it has access to user names. This capability, which is not available in traditional approaches, enables Ballast to perform user-specific load balancing. In addition, Ballast is easy to install, induces near-zero overhead, and has fault-tolerant features in its architectures that will eliminate single points of failure. The software can be downloaded at:
Open Source

@CaffSec Notes: This could potentially be used for automatic redirection of attackers to honeypots. Great security application potential.

BugView ARC-16790-1
Bugview is a Web-based graphical user interface (GUI) service that provides software developers and analysts the ability to configure and execute off-the-shelf static code analysis tools and securely manage imported code releases and analysis results. The service: 1) presents a single interface from which multiple static code analysis tools can be configured and executed; 2) offers a means to automate consistent periodic analysis of each code release; 3) affords the capability to track code changes and identified code issues through progressive build releases: and 4) provides tools for identifying and rejecting false-positive results
Open Source

@CaffSec Notes: Perhaps this should be used in conjunction with any open source software an organization implements, such as OpenSSL.  For bonus points, organizations could contribute any code fixes back to the community, and possibly help avoid the next Heartbleed crisis.

Dyper: Dynamic Perimeter Enforcement ARC-16444-1
I shipped my network flows!
Dyper protects a site from unauthorized network flows. The tool offers dynamic perimeter enforcement by providing a general-purpose mechanism for maintaining least-privilege network security policies while still supporting the full utilization of multiport protocols. Dyper requires no changes to software or practices outside of the perimeter and only minimal changes inside. The software can be downloaded at:

Open Source

@CaffSec Notes: Ok, I really wish they would have named this differently. Also, the can think of a few crappy puns. But the tool itself sounds very promising! Unfortunately it hasn't been released yet.

K9Client ARC-15154-1
Complementing the K9 Rover Control Software (ARC-14587), K9Client is a small set of libraries and applications built on top of ACE/TAO, a free Common Object Request Broker Architecture (CORBA) communications package. The tool allows programs in isolated software bases to communicate with a minimum of shared software using string-based commands and value requests.
General Public Release

@CaffSec Notes: Application isolation is an excellent piece of defense in depth. By restricting communications using basic string-based commands and requests, potential security vulnerabilities such as buffer overflows are mitigated.

NASA UNIX Tool Kit KSC-12269 • KSC-12268 • KSC-12271

The NASA UNIX Tool Kit contains three components that all work together to form a single technology for UNIX administration: (1) Secure, Web-Based UNIX System Administration Tools (KSC-12269) ease the administration  of a large, distributed UNIX system, providing a secure mechanism for creating, modifying, locking, and deleting users. (2) The second component of the software kit is the Client/Server to Create, Modify, and Query VERITAS File System Quotas on an NFS-Mounted File System with a Secure Web-Based Interface (KSC-12268). In this technology, the client (which exists on an internal secure platform with a secure interface) can be accessed from any authorized platform capable of running a Web browser. The server software exists on a UNIX platform configured with the VERITAS file system. (3) The Web-Based IP Address Tool (KSC-12271) provides an easy-to-use system for maintaining IP address information for a network of computers.
U.S. Release Only

@CaffSec Notes: This seems like a very powerful toolkit. It's a shame this release is U.S. Only. However, this restriction just means "For codes available to U.S. persons only, with no further transfer of the software allowed without the prior written approval of NASA". So this could still be extremely useful to U.S. companies.

NodeMon—A Visualization Tool For Monitoring System Resource Utilization ARC-15771-1
NodeMon allows distributed resource monitoring via a growler software infrastructure. The tool is tailored to the Altix architecture but is applicable to any Linux system. Individual modules will monitor CPU, memory, and numalink activity. NodeMon will compose large amounts of statistical information and display it through a single graphical window. Please visit the following URL to download the software:
Open Source

@CaffSec Notes: Looks interesting, some possible security applications, such as monitoring for redundancy or possible software/hardware failures.

Tempest LEW-17294
Tempest was created to provide Internet/Intranet connectivity to real-time embedded applications.
U.S. Release Only

@CaffSec Notes: I would imagine this provides a secure connection, if other tools are any indication of the security used in NASA's software development. Once again, U.S. Only, so it could still be useful to U.S. organizations.

Autonomous eXplorer Control System (AXCS) ARC-16721-1

AXCS enables smartphones and other mobile devices to be utilized as a ground-based test bed for operations in extreme environments. For NASA, the technology is currently being used to evaluate hardware for balloon launches. The software’s tool kits provide environmental and situational measurements, command and data handing (CD&H) functions, events timing, data logging, and communications with external devices. AXCS can be downloaded at:
Open Source

@CaffSec Notes: This appears to be a pre-cursor to the PhoneSat and could possibly be used to create your own low-cost entry level satellites based upon Android.

GeoCam, Version 2 ARC-16088-1A
GeoCam is a geospatial system for disaster response that consists of (1) low-cost consumer hardware (i.e., a digital camera or cell phone, position/orientation sensors, and an optional embedded controller) and (2) a Web-based workflow that enables images and other geo-referenced data to be shared and viewed in a variety of ways. GeoCam includes software that computes image location and provides for geo-rectification, KML-formatted geospatial data generation, image management, and geo-referenced data sharing. Please visit the following URL to download the technology:
Open Source

@CaffSec Notes: Taking this software a step further, an organization could incorporate this into their existing security camera systems, and use it for monitoring of data centers/office buildings across the globe.

NASA.rb (formerly fUnit) GSC-15137-1
NASA.rb (formerly fUnit) is a collection of Fortran modules that provide a framework for automating the construction, execution, and reporting of unit tests for Fortran software applications. Support is provided for several aspects of unit testing that are peculiar to scientific technical computing including distributing jparallel applications and parameterized behavior.
Open Source

@CaffSec Notes: Believe it or not, Fortran is still in use on a lot of systems across the globe - most of the systems using Fortran are "critical" systems performing massive calculations. Testing code to ensure it's free of bugs (including security bugs) is very important.

Livingstone 2 (System for Automated Diagnosis and Discrete Control of Complex 
Systems) and Skunkworks (Suite of Supporting Development and Runtime Tools) ARC-14725-1
Livingstone 2 is a reusable artificial intelligence (AI) software system designed to assist spacecraft, life support systems, chemical plants, or other complex systems in operating robustly with minimal human supervision, even in the face of hardware failures or unexpected events. The technology diagnoses the current state of a spacecraft or other system and recommends commands or repair actions that will allow the system to continue operations. A re-engineered version of the Livingstone diagnosis system that was flight tested onboard the Deep Space One spacecraft in 1999, Livingstone 2 contains significant enhancements to robustness, performance, and usability.
Skunkworks is a suite of software tools that support the rapid deployment of model-based representations of complex systems for Livingstone2 via a visual model builder/tester and two graphical user interface tools that provide status information during testing.
Open Source

@CaffSec Notes: Once again, this software could possibly be adapted for use with data center monitoring.

To obtain any of the projects above, please reference the NASA 2014 Software Catalog for instructions.

No comments:

Post a Comment