Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/3/2020
05:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

DHS Awards $1 Million Phase 2 Contract to Waverley Labs to Deploy the Dynamic AccessID (TM) Network

Next generation software-defined perimeter ICAM solution to support crisis and emergency managers to conduct identity proofing on the fly.

WASHINGTON – August 3, 2020 — – Waverley Labs, a pioneer in Software Defined Perimeters (SDP) and digital risk reduction solutions, today announced it has been awarded a $1 million contract from the Department of Homeland Security (DHS) Science and Technology Directorate’s (S&T) Small Business Innovation Research (SBIR) program.

Following the Phase 1 development of a prototype for use of state issued drivers’ licenses, Phase 2 is to deploy Waverley Labs’ Dynamic AccessIDTM Network, to improve identity proofing on the fly for crisis and emergency managers.

During an emergency, Incident Managers are challenged in their ability to rapidly proof identities with valid credentials for first responders to access systems of interest (e.g. visitor systems, camera systems etc.). Existing ICAM solutions are closed, place onerous restrictions on the trust mechanism, do not account for mobile environments and are static in nature.

Currently it is difficult to onboard systems that use federated credentials from untrusted parties. The Dynamic AccessIDTM Network will enable Incident Managers to quickly identify, vet and approve emergency personnel based on existing identification credentials (bring-your-own credentials or BYOC) such as a drivers’ license, government issued smart card, personal identification verification card (PIV), and first-responder-owned devices (bring-your-own-devices (BYOD).

Much like a banking ATM network where cards from other banks are accepted for cash dispensing from ATMs, Waverley Labs’ Dynamic AccessIDTM Network is the first commercial infrastructure that provides the ability to dynamically associate disparate credentials and devices with first responder systems and physical security systems. 

During emergencies, systems of interest that leverage Waverley Labs’ Software Defined Perimeter for protection, can accept certificates issued by the Incident Manager for dynamic access to these systems ONLY for that emergency. The Dynamic AccessIDTM Network will not only provide a multi-jurisdictional trust mechanism for a specific emergency, but also the ability to securely on-board first responders to use said emergency systems. Once implemented it will have proved the much needed identity proofing capability for any Zero Trust implementation for successful commercialization.

“For the first time, crisis and emergency managers can standup secure ephemeral networks, dynamically federate participants and onboard privately-owned systems on-the-fly while ensuring that access control continues to be managed by the system owners,” said Juanita Koilpillai, Founder of Waverley Labs.  “This much needed ability to proof identities as part of the ICAM process represents the last mile in achieving a true Zero Trust solution.

In addition to delivery of the Dynamic AccessIDTM Network, Phase 2 will enlist participation and testing of the network with government organizations and commercial enterprises.

“The early and current ICAM systems are long overdue for improvements and modernization. For emergencies, federation and managing access based upon ICAM guidelines remains non-existent,” said Jeff Friedman, Chief Executive Officer of Building Intelligence. “Waverley Lab’s development of the Dynamic AccessID Network is not only a brilliant and important breakthrough for emergency services, it will ultimately save lives and protect first responders. For many industries, Dynamic AccessID has many broader applications.”

To learn more about identity proofing and reducing risk using the SDP check out this white paper. Waverley Labs worked closely with the Cloud Security Alliance (CSA) to develop the first commercial SDP specification and recently co-authored the CSA’s new white paper – Software Defined Perimeter and Zero Trust.

About Waverley Labs

Waverley Labs is a leading provider of digital risk management software and services that helps large organizations reduce their exposure to digital risk. Its products and services range from the industry’s first open source software defined perimeters (SDPs) for large federal agencies, to the assessment, quantification, and mitigation of digital risk from the business perspective. Waverley Labs worked closely with the Cloud Security Alliance (CSA) to develop the first commercial SDP specification and recently co-authored the CSA’s new Software-Defined Perimeter (SDP) Architecture Guide.

Waverley Labs works closely with NIST and the Cloud Security Alliance to provide thought leadership in digital risk management. For more information visit http://www.waverleylabs.comor call (800) 401-5180.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...