Operational Concepts for a Generic Space Exploration Communication Network Architecture

This document is one of three. It describes the Operational Concept (OpsCon) for a generic space exploration communication architecture. The purpose of this particular document is to identify communication flows and data types. Two other documents accompany this document, a security policy profile and a communication architecture document. The operational concepts should be read first followed by the security policy profile and then the architecture document. The overall goal is to design a generic space exploration communication network architecture that is affordable, deployable, maintainable, securable, evolvable, reliable, and adaptable. The architecture should also require limited reconfiguration throughout system development and deployment. System deployment includes: subsystem development in a factory setting, system integration in a laboratory setting, launch preparation, launch, and deployment and operation in space

Parasol: Efficient Parallel Synthesis of Large Model Spaces

Formal analysis is an invaluable tool for software engineers, yet state-of-the-art formal analysis techniques suffer from well-known limitations in terms of scalability. In particular, some software design domains—such as tradeoff analysis and security analysis—require systematic exploration of potentially huge model spaces, which further exacerbates the problem. Despite this present and urgent challenge, few techniques exist to support the systematic exploration of large model spaces. This paper introduces Parasol, an approach and accompanying tool suite, to improve the scalability of large-scale formal model space exploration. Parasol presents a novel parallel model space synthesis approach, backed with unsupervised learning to automatically derive domain knowledge, guiding a balanced partitioning of the model space. This allows Parasol to synthesize the models in each partition in parallel, significantly reducing synthesis time and making large-scale systematic model space exploration for real-world systems more tractable. Our empirical results corroborate that Parasol substantially reduces (by 460% on average) the time required for model space synthesis, compared to state-of-the-art model space synthesis techniques relying on both incremental and parallel constraint solving technologies as well as competing, non-learning-based partitioning methods

Advanced space transportation technologies

A wide range of propulsion technologies for space transportation are discussed in the literature. It is clear from the literature review that a single propulsion technology cannot satisfy the many mission needs in space. Many of the technologies tested, proposed, or in experimental stages relate to: chemical and nuclear fuel; radiative and corpuscular external energy source; tethers; cannons; and electromagnetic acceleration. The scope and limitation of these technologies is well tabulated in the literature. Prior experience has shown that an extensive amount of fuel needs to be carried along for the return mission. This requirement puts additional constraints on the lift off rocket technology and limits the payload capacity. Consider the possibility of refueling in space. If the return fuel supply is guaranteed, it will not only be possible to lift off more payload but also to provide security and safety of the mission. Exploration to deep space where solar sails and thermal effects fade would also be possible. Refueling would also facilitate travel on the planet of exploration. This aspect of space transportation prompts the present investigation. The particle emissions from the Sun's corona will be collected under three different conditions: in space closer to the Sun, in the Van Allen Belts; and on the Moon. It is proposed to convert the particle state into gaseous, liquid, or solid state and store it for refueling space vehicles. These facilities may be called space pump stations and the fuel collected as space fuel. Preliminary estimates of fuel collection at all three sites will be made. Future work will continue towards advancing the art of collection rate and design schemes for pumping stations

Developing and Securing Software for Small Space Systems

The space systems industry is moving towards smaller multi-vendor satellites, known as Small Space. This shift is driven by economic and technological factors that necessitate hardware and software components that are modular, reusable, and secure. This research addresses two problems associated with the development of modular, reusable, and secure space systems: developing software for space systems (the Development Problem) and securing space systems (the Security Problem). These two problems are interrelated and this research addresses them together. The Development Problem encompasses challenges that space systems developers face as they try to address the constraints induced by reduced budgets, design and development lifecycles, maintenance allowances, multi-vendor component integration and testing timelines. In order to satisfy these constraints a single small satellite might incorporate hardware and software components from dozens of organizations with independent workforces and schedules. The Security Problem deals with growing need to ensure that each one of these software or hardware components behaves according to policy or system design as well as the typical cybersecurity concerns that face any information system. This research addresses the Development Problem by exploring the needs and barriers of Small Space to find the best path forward for the space systems industry to catch up with the methodology advancements already being widely used in other software fields. To do this exploration a series of five surveys, referred to as SISDPA, was conducted to assess current attitudes and state of practice among space system developers. This crystallized a need in space system development — modular reusable open networks can help Small Space realize its potential, but there is still need to address certain security threats. This research addresses the Security Problem by augmenting a modular reusable open-network software development framework, called SSM, by adding policy enforcement in the form of authentication, access control, and encryption provisions, to create a new development framework, SSSM. This design and implementation adds security provisions while minimizing the impact on developers using the framework. SSSM is evaluated in terms of developer and system resource burden and shows that SSSM does not significantly increase developer burden and preserves the ease-of-use of SSM

Current Status of NASA's Heavy Lift Plans

Numerous studies since the Apollo Program of the 1960s have highlighted the benefits of - and the need for - a national heavy lift launch capability to support human exploration, science, national security, and commercial development of space. NASA's most recent and most refined effort to develop that heavy lift capability is the Ares V. Ares V is a key element of NASA's Constellation Program. It s overall goal s part of approved national space policy is to retire the Space Shuttle and develop its successor, complete the International Space Station, and resume human exploration beyond low Earth orbit (LEO), beginning with exploration of the Moon as a step to other destinations in the Solar System. Ares V s first role is that of cargo vehicle to carry a lunar lander into Earth orbit, rendezvous with astronauts launched on the smaller Ares I crew launch vehicle, and perform the trans lunar injection (TLI) mission to send the mated crew and lander vehicles to the Moon. The design reference missions (DRMs) envisioned for it also include direct lunar cargo flights and a human Mars mission. Although NASA's priority from the start of the Constellation Program to the present has been development of the Ares I and Orion crew vehicle to replace the retiring Shuttle fleet, the Ares team has made significant progress in understanding the performance, design trades, technology needs, mission scenarios, ground and flight operations, cost, and other factors associated with heavy lift development. The current reference configuration was selected during the Lunar Capabilities Concept Review (LCCR) in fall 2008. That design has served since then as a point of departure for further refinements and trades among five participating NASA field centers. Ares V development to date has benefited from progress on the Ares I due to commonality between the vehicles. The Ares I first stage completed a successful firing of a 5-segment solid rocket motor. The Ares I-X launch Numerous studies since the Apollo Program of the 1960s have highlighted the benefits of and the need for - a national heavy lift launch capability to support human exploration, science, national security, and commercial development of space. NASA s most recent and most refined effort to develop that heavy lift capability is the Ares V. Ares V is a key element of NASA s Constellation Program. It s overall goal s part of approved national space policy is to retire the Space Shuttle and develop its successor, complete the International Space Station, and resume human exploration beyond low Earth orbit (LEO), beginning with exploration of the Moon as a step to other destinations in the Solar System. Ares V s first role is that of cargo vehicle to carry a lunar lander into Earth orbit, rendezvous with astronauts launched on the smaller Ares I crew launch vehicle, and perform the trans lunar injection (TLI) mission to send the mated crew and lander vehicles to the Moon. The design reference missions (DRMs) envisioned for it also include direct lunar cargo flights and a human Mars mission. Although NASA s priority from the start of the Constellation Program to the present has been development of the Ares I and Orion crew vehicle to replace the retiring Shuttle fleet, the Ares team has made significant progress in understanding the performance, design trades, technology needs, mission scenarios, ground and flight operations, cost, and other factors associated with heavy lift development. The current reference configuration was selected during the Lunar Capabilities Concept Review (LCCR) in fall 2008. That design has served since then as a point of departure for further refinements and trades among five participating NASA field centers. Ares V development to date has benefited from progress on the Ares I due to commonality between the vehicles. The Ares I first stage completed a successful firing of a 5-segment solid rocket motor. The Ares I-X launch successfully demonstrated in suborbital flighhe ability to assemble, prepare, launch, control and recover the Ares I configuration and compare performance to computer models. Component tests continue on the J-2X engine, which will put both the Ares I and Ares V upper stages into orbit. In addition, more than 100,000 parts have been manufactured or on the assembly line for the first J-2X powerpack and the first two development engines, with hot fire tests to begin in 2011. This paper will further detail the progress to date on the Ares V and planned activities for the remainder of 2010. In addition, the Ares V team has continued its outreach to potential user communities in science and national security. Through the Constellation Program, NASA has amassed an enormous knowledge base in the design, technologies, and operations of heavy lift launch vehicles that will be a national asset for any future launch vehicle decision. This early phase of the design presents the best opportunity to incorporate where possible the insights and needs of other users

Analysis and Development of an Online Knowledge Management Support System for a Community of Practice

The purpose of this study was to investigate how particular business practices, focusing on those occurring in multi-site non-governmental organization (NGOs), could be enhanced by use of a knowledge management system (KMS). The main objective of this KMS is to enhance business processes and save costs for a multi-site NGO through streamlining the organizational practices of knowledge creation, storage, sharing and application. The methodology uses a multiple perspective approach, which covers exploration of the problem space and solution space. Under exploration of problem space, interviews with employees of the NGO are done to identify core problem that the organization faced. Still under exploration of problem space, organization’s knowledge management maturity was assessed through an online questionnaire. The methodology then moved on to exploration of problem space. During the exploration of problem space, the requirements gathering and definition process was done through a combination of interviews with company employees and by completing a systematic literature review of best practices. The requirements were used to design system architecture and use-case models. The prototype for a Community of Practice (COP) support website was developed and investigated in test cases. The tests showed that the prototype system was able to facilitate asynchronous communication through the creation and management of events, creation and management of collaboration groups, creation of discussion topics and creation of basic pages. Furthermore, security capabilities were tested in terms of login functionality. Lastly page load times were tested for eight different scenarios. The system performance was found to be satisfactory because the scenarios covering crucial system requirements aspects had a response time of below 11 seconds. An exception was the landing page, which after login took 26 seconds to load. It is believed that creation of a platform that enables, and records, user interaction, easy of online discussions, managing groups, topics and events, are all major contributors to a successful knowledge management approach

Designing Effective Logic Obfuscation: Exploring Beyond Gate-Level Boundaries

The need for high-end performance and cost savings has driven hardware design houses to outsource integrated circuit (IC) fabrication to untrusted manufacturing facilities. During fabrication, the entire chip design is exposed to these potentially malicious facilities, raising concerns of intellectual property (IP) piracy, reverse engineering, and counterfeiting. This is a major concern of both government and private organizations, especially in the context of military hardware. Logic obfuscation techniques have been proposed to prevent these supply-chain attacks. These techniques lock a chip by inserting additional key logic into combinational blocks of a circuit. The resulting design only exhibits correct functionality when a correct key is applied after fabrication. To date, the majority of obfuscation research centers on evaluating combinational constructions with gate-level criteria. However, this approach ignores critical high-level context, such as the interaction between modules and application error resilience. For this dissertation, we move beyond the traditional gate-level view of logic obfuscation, developing criteria and methodologies to design and evaluate obfuscated circuits for hardware-oriented security guarantees that transcend gate-level boundaries. To begin our work, we characterize the security of obfuscation when viewed in the context of a larger IC and consider how to effectively apply logic obfuscation for security beyond gate-level boundaries. We derive a fundamental trade-off underlying all logic obfuscation that is between security and attack resilience. We then develop an open-source, GEM5-based simulator called ObfusGEM, which evaluates logic obfuscation at the architecture/application-level in processor ICs. Using ObfusGEM, we perform an architectural design space exploration of logic obfuscation in processor ICs. This exploration indicates that current obfuscation schemes cannot simultaneously achieve security and attack resilience goals. Based on the lessons learned from this design space exploration, we explore 2 orthogonal approaches to design ICs with strong security guarantees beyond gate-level boundaries. For the first approach, we consider how logic obfuscation constructions can be modified to overcome the limitations identified in our design space exploration. This approach results in the development of 3 novel obfuscation techniques targeted towards securing 3 distinct applications. The first technique is Trace Logic Locking which enhances existing obfuscation techniques to provably expand the derived trade-off between security and attack resilience. The second technique is Memory Locking which defines an automatable approach to processor design obfuscation through locking the analog timing effects that govern the function of on-chip SRAM arrays. The third technique is High Error Rate Keys which protect probabilistic circuits against a SAT-based attacker by hiding the correct secret key value under stochastic noise. We demonstrate that all 3 techniques are capable of overcoming the limitations of obfuscation when viewed beyond gate-level boundaries in their respective applications. For the second approach, we consider how architectural design decisions can influence hardware security. We begin by exploring security-aware architecture design, an approach where minor architectural modifications are identified and applied to improve security in processor ICs. We then develop resource binding algorithms for high-level synthesis that optimally bind operations onto obfuscated functional units to amplify security guarantees. In both cases, we show that by designing logic obfuscation using architectural context a designer can secure ICs beyond gate-level boundaries despite the presence of the rigid trade-off that rendered prior obfuscation techniques insecure

Architectural Optimization for Confidentiality Under Structural Uncertainty

More and more connected systems gather and exchange data. This allows building smarter, more efficient and overall better systems. However, the exchange of data also leads to questions regarding the confidentiality of these systems. Design notions such as Security by Design or Privacy by Design help to build secure and confidential systems by considering confidentiality already at the design-time. During the design-time, different analyses can support the architect. However, essential properties that impact confidentiality, such as the deployment, might be unknown during the design-time, leading to structural uncertainty about the architecture and its confidentiality. Structural uncertainty in the software architecture represents unknown properties about the structure of the software architecture. This can be, for instance, the deployment or the actual implementation of a component. For handling this uncertainty, we combine a design space exploration and optimization approach with a dataflow-based confidentiality analysis. This helps to estimate the confidentiality of an architecture under structural uncertainty. We evaluated our approach on four application examples. The results indicate a high accuracy regarding the found confidentiality violations