Abstract: The present invention is a methodology for developing high-assurance computing elements. The method may comprise one or more of the following steps: (a) receiving a plurality of requirements detailing intended behavior of a high-assurance computing elements; (b) creating a model based on the requirements; (c) generating higher order language (HOL) code based on the model; (d) simulating the behavior of the computing elements from the HOL code; (e) generating test cases based on the model; (f) translating the model into a verification tool-specific format; and (g) formally verifying the model using a verification tool.

Abstract: The present invention is directed to routing information between networks of differing security level. Communication to/from each network is handled by a dedicated Offload Engine (OE). Each OE interfaces to a Guard Engine through a Guard Data Mover (GDM) and includes an interface for connecting to an external network. A first OE receives a data packet from a first network intended to be transmitted to a second network. The Guard Engine analyzes the data packet. The Guard Engine includes an ACL (Access Control List) which are rules data packets must meet before being passed onto a destination network. If allowed, the Guard Engine delivers the data packet to the second network via a second OE utilizing a GDM associated with the first OE and a GDM associated with the second OE. The architecture of the present invention reduces the time and effort needed to attain high-assurance certification.

Abstract: A method and apparatus for improved algorithm and key agility for a cryptosystem, comprising a CAM-type key manager. The key manager uses two memories, an index RAM and a key RAM, to virtualize each algorithm or key using pointers from the index RAM to the key RAM, allowing simple reference to algorithm/key pairs, and to dynamically allocate storage for keys. An autonomous free memory management design improves latency in future key write operations by transforming the search for free location addresses in the key RAM memory into a background task, and employing a free address stack. The index RAM is resizable so that data for a plurality of cryptographic algorithms may be stored dynamically.

Abstract: The present invention is a methodology for developing high-assurance microcode. The method may comprise one or more of the following steps: (a) receiving a plurality of requirements detailing intended behavior of microcode (b) creating a model of microcode behavior; (c) generating microcode based on the model; (d) generating test cases based on the model; (e) simulating the behavior of the microcode; (f) translating the model into a verification tool-specific format; and (g) formally verifying the model using a verification tool.

Abstract: The present invention provides a high speed data encryption architecture in which fabric elements are communicatively coupled to one another via a hardwired interconnect. Each of the fabric elements includes a plurality of wide field programmable gate array (FPGA) blocks used for wide datapaths and a plurality of narrow FPGA blocks used for narrow datapaths. Each of the plurality of wide FPGA blocks and each of the plurality of narrow FPGA blocks are communicatively coupled to each other. A control block is communicatively coupled to each of the fabric elements via the hardwired interconnect to provide control signals to each of the fabric elements. The fabric elements are used to implement cryptographic algorithms.