A Modular Approach To Trusted System Design For Arms Control Treaty Verification

Radiation detection systems for verification of warhead limitation treaties face a unique challenge not present in other mission areas. The challenge stems from involvement of multiple parties, who may have very little trust in one another, and the fact that all parties need to maintain high confidence in the results obtained from a measurement system that is also designed to protect against the release of one party’s sensitive information. Design of trusted systems for warhead confirmation has been an area of research at Sandia National Laboratories for 20 years and has led to the development of systems such as TRIS and TRADS. Traditionally, past design efforts focused on mitigating trust concerns at the system level while, at the same time, frequently using commercial embedded computers or off-the-shelf microprocessors to control the system and process the acquired data. Giving a processor this level of access presents its own concerns because all parties must be confident that the processor is performing only the agreed upon tasks. As a potential solution to this problem, we are exploring a modular radiation detector architecture for arms control treaty verification applications. We believe that there are many potential benefits to using a modular approach for trusted system development. Breaking down a system into simple building blocks with defined functionality enables functionality testing on a modular level, which may reduce the overall authentication and certification burden for a complex system. Additionally, a modular architecture can mitigate the risk of using an off-the-shelf processor by limiting the access of the processor and facilitating strategic bottlenecking of the data stream. Furthermore, a modular design can help establish multilateral trust in a measurement system by providing a framework of module requirements and interface specifications that can facilitate collaborative design with international treaty partners. We have started exploring this concept by developing a notional architecture that will accommodate several systems with differing capabilities that may be relevant to future warhead confirmation measurement agreements. This talk will further discuss our ongoing efforts towards the development of a modular architecture and the perceived benefits of a such a design.