SECURING THE FUTURE
THROUGH INNOVATION
THROUGH INNOVATION
STAR Technologies, LLC
A DSCI COMPANY
P.O. Box 447
Eatontown, NJ 07724
732.993.0040 Voice
732.993.0041 Fax
A DSCI COMPANY
P.O. Box 447
Eatontown, NJ 07724
732.993.0040 Voice
732.993.0041 Fax
STAR Technologies, LLC - A DSCI Company - SERVICES
STAR is fully capable of providing a full range of IT-related program management support service activities. We will furnish the necessary personnel, materials, equipment, facilities, and travel required to satisfy the ordered services, capabilities and solutions. STAR will implement an approach using key tenets of Integrated Product and Process Development (IPPD). IPPD is defined as a management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing and supportability processes. We will use this approach to create and manage integrated solutions and provide the optimum match among subcontractors and functional areas. STAR envisions an Integrated "Product" Team (IPT) approach, to maximize the capabilities of each of its Team members and ensure the full set of team skills are brought to bear through both large and small team member participation. The sense of "Product" here is the capabilities and output required, providing infrastructure, facility administration/operation, information management, property and supply management, and other key sub-functions. Our on-site and off-site certified IA workforce are all experienced in security engineering and multiple IA disciplines, are highly educated (80% Bachelor degreed, 20% Master degreed and 2 PhD's), and possess the requisite DoD security clearances.
Biometrics
STAR's experience with IA/Biometric approaches, policies/procedures, test plans, user requirements and technical analyses and recommendations for enhancement alternatives makes our team uniquely qualified to provide engineering support for the development, integration and evaluation of your biometrics solution. By leveraging our vast experience working with various Identity Protection and Management (IP&M) technologies and methodologies as well as lessons learned from the evaluation and recommendation of biometric solutions, execution of DoD biometric pilot programs, and the development of Tactical PKI certificate management and user registration concepts; STAR will support your Biometrics engineering staff in implementing secure logical and physical access controls. At its most secure, your biometric system will enable a multi-factor, multi-modal solution for efficient access to the most secure systems within your network.
Our principle IA engineers have enjoyed a long history of success in supporting the US Army at all classification levels with the creation of their C&A packages, ensuring that hundreds, if not thousands, of Army strategic and tactical computer systems and networks meet or exceed all mandated regulatory standards such as DITSCAP/DIACAP, NIST and DoDIIS. Our highly experienced team possesses the requisite expertise and DoD security clearances to provide the Army, and its customers, with full-service C&A lifecycle support during all phases of the accreditation process. STAR Technologies prides itself on the personal attention given to each system undergoing accreditation. Our IA Team works very closely with system owners and engineers to conduct remediation and implement IA controls to mitigate potential system vulnerabilities. STAR adheres to the philosophy of educating system owners in the area of building in security mechanisms during system design and development rather than overlaying security during the deployment phase. STAR is committed to providing our customers engineering strategies focused on risk reduction while still meeting the critical needs of the mission.
STAR will provide research, development, and engineering support in the evaluation of your proposed Cross Domain Security Solution. As it completes this task, the Team will rely on its vast experience with cross domain security systems already in use. Members of STAR were integral in supporting the Defense Message System, which relied upon a High Assurance Guard to effectively moderate message traffic at both the Classified and Unclassified levels. STAR understands that a Cross Domain Security Solution consists of multiple parts, including a trusted operating system, cross domain guard application, filters for content policy enforcement, PKI for authorized signing lists, firewalls for port/proxy enforcement, and hardware security tokens for key protection and storage. We will evaluate each relevant component of the cross domain security systems under evaluation and utilize formal testing methods during the evaluation process to remain cognizant of the levels of traffic anticipated to pass through the CDS solution.
In addition to the evaluation of cross domain security systems, STAR will support the development of a software interface to ensure that tactical hardware CDS can be effectively managed. In order to do so, an interface must exist that provides an administrator with the ability to rapidly change policy profiles within an accredited Cross Domain Security Solution. A given policy profile, which has been previously accredited, will be chosen through the developed interface and instantiated within affected Cross Domain Security Solutions. In addition to its deep understanding of CDS, STAR will utilize its software engineering expertise to assist in the design, development, test, integration, and accreditation of the software interface. STAR will advocate the use of the interface as a necessary component to emerging cross domain security systems and will work with you from the advanced technology phase thru the fielding phase of this development.
STAR provides embedded IA RDT&E, test, and evaluation support, ensuring that the latest cryptographic technologies and products are available to your requirement. Efforts include High Assurance Internet Protocol Encryptor (HAIPE) evaluation; Secure Voice over Internet Protocol (VoIP) system analysis, Army Key Management Program engineering support; and Program Management. STAR will leverage its expertise in the evaluation and testing of security products, which includes NSA-approved cryptographic algorithms/products, as it supports S&TCD in the testing and certification of COTS products in a lab setting to ensure they meet operational performance needs.
Adversarial Penetration Testing can provide an assessment of potential vulnerabilities and risks to your computer network. Our technique is to compromise, deny service and gather information on the target during the attack by simulating an attack by a hacker. Government agencies and commercial entities can then find and mitigate the security risks of their networks before a would-be attacker has the opportunity to exploit vulnerabilities. Our proprietary tool kit can help protect you system on a scale far greater than any commercially available product. We continue to test and update our vectors to compliment any penetration testing we perform.
Successful key management is critical to the secure use of your crypto system. Allow STAR to help you achieve that success by providing experienced research, development, and engineering support for your key management necessities. We are familiar with an assortment of techniques relating to the generation, safeguarding, storage, and exchange of key material. We can enhance and partner with the panel of experts you form in cryptographic protocols, key algorithms, and Communications Security (COMSEC) electronic key management. Our experienced and trained workforce can conduct an analysis of your key distribution design. Let us help choose and apply the proper tools which will best assist in performing that analysis. STAR can develop and customize M&S software for precise and ultimate results.
Your requirements may include the implementation or utilization of EKMS (Electronic Key Management System). STAR can help provide assistance and an understanding of the common EKMS components and standards that facilitate interoperability between government and civilian agencies.
STAR engineers are currently supporting source code analysis activities designed to debug and analyze detailed software code structures in an effort to prevent the introduction of malicious code. We utilized the experiences gained from these activities in order to effectively recommend innovative techniques to increase the security posture of applications used in both sustaining base and tactical net-centric operational environments. Our proprietary source code analysis capabilities can be leverage to analyze the source code of software code structures to help ensure that the introduction of new applications is secure. STAR engineers look for specific instances of suspect code and seek to identify the presence or absence of programming language best business practices, secure programming best business practices, backdoors, suspect comments, input validation testing, and various other common programming vulnerabilities. Our methodology includes inspecting the software build environment, compiling the code under evaluation, performing compilation verification through Message Authentication Code techniques, analyzing the compilation log, and utilizing the source code analysis tools where necessary.
Modeling and Simulation is a discipline for developing a level of understanding of the interaction of the parts of a system, and of the system as a whole. Since all models are simplifications of reality there is always a trade-off as to what level of detail is included in the model. If too little detail is included in the model one runs the risk of missing relevant interactions and the resultant model does not promote understanding. If too much detail is included in the model the model may become overly complicated and may preclude the development of understanding. STAR engineers' ability to clearly convey an understanding of what makes sense and what doesn't is a direct result of the skill and talent obtained through years of experience in developing models and performing simulations.
The increased reliance on wireless networks has resulted in businesses becoming more concerned about wireless network security. An unsecured wireless network is an open invitation to hackers to walk right into your computer and steal your personal information, upload malware, and otherwise terrorize you. As regulatory compliance continues to emerge as a primary reason for tightening information and network security controls, Network Managers need to provide end users with freedom and mobility while ensuring the integrity of corporate information and systems. Learn more about solutions to both wired and wireless network security by contacting the experts at STAR today.
STAR is highly experienced with DoD organizations chartered to build, implement, operate, and maintain information security architectures critical to the protection of information operations. To date, the team has played a key role in areas such as the DoD IA requirements analysis, definition, validation, and verification processes emphasizing Joint Interagency Multinational Interoperability (JIMI). The Information Assurance staff has maintained longstanding memberships in several DoD and Army IA technical forums to ensure that all IA architecture solutions/technologies proposed and/or developed are properly aligned with the customers vision, goals, and objectives. STAR currently supports tasks involving the technical security assessment of deployed IA tools and tools being considered for deployment. This extensive evaluation routinely results in the discovery of zero day vulnerabilities and technology gaps with each product tested. The Tool Development task is geared toward developing a product that will automate the security patching of LINUX systems in tactical and strategic environments. Through its previous and current ongoing work, STAR has extensive experience with: Windows workstations, Laptops, Windows servers, Blade servers, Routers, Switches, Uninterruptible power supply, Audio/video switching equipment, Video servers, Large-scale display and VTC technology.
The main focus of Software Separation is to identify and assess hazards through auditing the actions of users for all applications and cross domains to prevent unauthorized access to data/information in an Information System. A Software Separation architecture must employ various assurances that each classification level of data/information is kept separate and do not intermingle. These hazards may be:
· Internal
- An unauthorized user attempts to gain access to higher classification levels of date for which he/she is not authorized.
- An authorized user attempts to acquire information for the purpose of unauthorized use.
- An authorized user attempts to acquire information for the purpose of unauthorized use.
· External
- A vehicle is captured intact and the encryption/decryption keys have not been zeroized, thereby allowing the captor to use the system operationally or access the data/information within the Information System.
There are several levels of hazard severity. By assessing credible actions that unauthorized users might take to gain access, risk mitigations can be determined to ensure unauthorized users cannot accidentally or covertly access data/information due to architectural deficiencies. The risk of loss is unlikely depending on the number of security layers implemented. Through the use of Role Based Access Control and Auditing risk mitigators can keep risk low.
· Employ strong authentication for all users.
· Successful login requires user authentication.
· Successful login requires user authentication.
· Decrypted private keys are held within a key-holding agent or hard token.
· Login is replaced by login Proxy in each application domain.
· Login is replaced by login Proxy in each application domain.
Assist mitigation of IA risks and issues via experimentation and data analysis.
Provide insight into the collective effects of a defense-in-depth strategy on end to end network performance.
Provide insight into the collective effects of a defense-in-depth strategy on end to end network performance.
Enable the early evaluation of emerging security techniques and solutions within a Live, Virtual, Constructive environment.
Evaluate the network effects of dynamic security policy management techniques.
Evaluate the network effects of dynamic security policy management techniques.
Conduct system-in-the-loop LVC analyses to determine the efficiency and suitability of current IA COTS solutions and technologies for application in DoD deployed operational environments.
Before defensive or offensive measures can begin, an understanding of the threats to a system or components is vital. Malicious outsiders/insiders threaten to sabotage information from either remote sources or internally to assist adversaries. But non-malicious insiders can also pose a threat by accidentally misconfiguring systems. STAR engineers continue to work on projects involving both government and commercial entities, have developed a full threat matrix, and as new or existing areas of weakness are uncovered, our engineers will provide precautionary measures and solutions that will make your system disaster-resistant.
Certification and Accreditation (C&A)
Cross Domain Security Solutions (CDS)
Cryptographic Services
Intrusion Detection/Preventions Systems
Face Recognition
Key Management (KM)
Malicious Code Analysis
Modeling and Simulation (M&S)
Secure Wireless LAN
Security Evaluation and Management Systems
Software Separation
Test and Experimentation
Vulnerability Assessments
A software-based face recognition platform.
Can be used for face identification (one-to-many matching) as well as face verification (one-to-one matching).
Designed for dynamic environments such as proactive surveillance, border control solutions, and more stable / cooperative environments such as physical access control, computer security, transaction authentication, and document control.
Face recognition has several advantages over other biometric solutions such as fingerprint, iris, voice and hand geometry.
Face recognition is unobtrusive and does not require active or cooperative participation to obtain a useful database.
The patent-pending core technologies behind DSCI Face Authentication and Identification platform lies in novel algorithms for pattern recognition based on properties of edit distances applied to images.
Can be used for face identification (one-to-many matching) as well as face verification (one-to-one matching).
Designed for dynamic environments such as proactive surveillance, border control solutions, and more stable / cooperative environments such as physical access control, computer security, transaction authentication, and document control.
Face recognition has several advantages over other biometric solutions such as fingerprint, iris, voice and hand geometry.
Face recognition is unobtrusive and does not require active or cooperative participation to obtain a useful database.
The patent-pending core technologies behind DSCI Face Authentication and Identification platform lies in novel algorithms for pattern recognition based on properties of edit distances applied to images.
DSCI STAR FACE is operational on all platforms listed here
As a member of Team DSCI, STAR Technologies receives a steady stream of government funded innovations that are used primarily for classified military applications. We are able to utilize our highly talented and experienced teams at DSCI to transition these innovations into emerging commercial markets and optimize project planning by collaborating, marketing, financial and technical information. With over fifty combined years of IA Research, development, engineering, logistics and programmatic experience, together with over a hundred years of combined military C4ISR and operations experience, our top-notch staff consistently delivers high quality IA solutions and services. In addition, our unclassified internal research and development (IRAD) projects result in commercial off the shelf (COTS) products that will provide security enhancements to existing systems, which can be deployed to other government system providers.
Public Key Infrastructure (PKI)
Successful implementation of a PKI and the PK-Enabling of your applications depends on solid business process analysis combined with extensive in-depth understanding of the numerous components of PKI. STAR's engineers have designed and developed a PKI for the Army's highly mobile tactical austere environment and continue to conduct research, development, testing and integration on the validation, directory, token and certificate authority components of PKI for various customers. Additionally, STAR's software developers created a Registration Authority software package that allows for robust credentials management. Let us help develop the most appropriate PKI for your environment whether that environment is medical, logistics, finance or defense. Our workforce is experienced in requirements and business analysis, architecture development, testing, certification and accreditation, and implementation of PKI.
"Reality by Design"
MRS
The Mobile Facial Recognition Suite is comprised of high resolution, high frame rate cameras for data collection. Collected data is transmitted to a vehicle mounted authentication/identification server. On the server, DSCI's proprietary image acquisition and facial recognition algorithms perform one or many functions. These functions include identification of individuals on watch-lists, enrollment of groups of individuals as "all-hostile" or "All-Friendly" populations, and enrollment of individuals within a crowd as either friendly or hostile. Enrollment functions and database updates are all performed in real-time.
Science Techniques and Advanced Research Technologies