1 ia&s ia&s roadmap and its direction dr. jay lala its program manager 23 february, 2000
Post on 04-Jan-2016
214 Views
Preview:
TRANSCRIPT
1
IA&SIA&S
IA&S Roadmap and ITS Direction
Dr. Jay LalaITS Program Manager
23 February, 2000
IA&S Problem Space
Malicious
Code
Multi-Domain/
Multi-Level Security
SituationalUnderstanding
Modeling/Simulation
Semantic Assuranc
e
FormalizedDesign &
Assessment
IntrusionDetection
IASensors
AdaptiveSurvivableNetwork
Infrastructures
PhysicalSecurity
AutonomicResponse
Policy
Courseof ActionProjection
AutoForensics
AdaptiveSurvivable
Architectures
DynamicCoalition
Law Enforcement Policy
ProtectiveMechanisms
Crypto DynamicPolicy
Cyber SensorExploitation
The known core is a fraction of whole IA problem space
IA&S is illuminating key portions of the dark space
Significant identified & unknown problems exist in the dark space
IntrusionAssessment
CyberStrategy
Lifecycle Attacks Insider
Attacks
?
? ?
?
Security of
Mobile Agents
ComposableTrust
IA&S Problem Space
Malicious
Code
Multi-Domain/
Multi-Level Security
SituationalUnderstanding
Modeling/Simulation
Semantic Assuranc
e
FormalizedDesign &
Assessment
IntrusionDetection
IASensors
AdaptiveSurvivableNetwork
Infrastructures
PhysicalSecurity
Policy
Courseof ActionProjection
AutoForensics
AdaptiveSurvivable
Architectures
DynamicCoalition
Law Enforcement Policy
ProtectiveMechanisms
Crypto DynamicPolicy
Cyber SensorExploitation
The known core is a fraction of whole IA problem space
IA&S is illuminating key portions of the dark space
Significant identified & unknown problems exist in the dark space
IntrusionAssessment
CyberStrategy
Lifecycle Attacks Insider
Attacks
?
? ?
?
Security of
Mobile Agents
AutonomicResponse
ComposableTrust
4
IA&SIA&SInformation Assurance and
Survivability
Information Assurance and Survivability
Expe
rimen
tatio
n
Dynamic CoalitionsCoalition Policy Mechanisms
Doug Maughan dmaughan@darpa.mil
Fault Tolerant NetworksTolerant Mechanisms
Doug Maughan dmaughan@darpa.mil
Intrusion Tolerant SystemsTolerant Systems
Jay Lalajlala@darpa.mil
Strategic Intrusion AssessmentAttack Recognition & Correlation
Sami Saydjari ssaydjari@darpa.mil
IA Science & Engineering ToolsDesign Tools & Models
Michael Skroch mskroch@darpa.mil
Autonomic Information AssuranceDynamic Reflexive Systems
Brian Witten bwitten@darpa.mil
Information AssuranceComposable Trust
Sami Saydjari ssaydjari@darpa.mil
Cyber Command & ControlHuman Directed Strategy
Catherine McCollum cmccollum@darpa.mil
Integration
http://dtsn.darpa.mil/iso/
Program Core Areas in the IA&S Problem Space
Malicious
Code
Multi-Domain/
Multi-Level Security
SituationalUnderstanding
Modeling/Simulation
Semantic Assuranc
e
FormalizedDesign &
Assessment
IntrusionDetection
IASensors
AdaptiveSurvivableNetwork
Infrastructures
PhysicalSecurity
Policy
Courseof ActionProjection
AutoForensics
AdaptiveSurvivable
Architectures
DynamicCoalition
Law Enforcement Policy
ProtectiveMechanisms
Crypto DynamicPolicy
Cyber SensorExploitation
IA and IS did initial exploration of the space
IA&S is attacking high leverage problems in newly known parts of the space
IntrusionAssessment
CyberStrategy
Lifecycle Attacks Insider
Attacks
?
? ?
?
Security of
Mobile Agents
AutonomicResponseAIA
ComposableTrust
CC2
DC
SIA
CC2
FTN
IA
ITS
IASET
Small, early explores continuing into dimly glimpsed areas not yet ready for concentrated effort
6
IA&SIA&S20-Year Vision:
Program Investments
IA SET AIA CC2 SIA ITS DC FTN I I I I I Reliable Observation System Detect Malicious Code on the fly Understand adversary intent, predict course Reliable attribution (trace back) Automatic forensics
Reliable Decision & Control System Automatic containment of attacks Expunge malicious Code on the fly Continue mission in face of attack Graceful degradation - self healing properties Deception Strategy and tactics playbook Real time countermeasures development
Safe Multi-level/domain security (MLS) (MDS) Insider threat mitigation Globally coordinated data sharing & mission execution
Well understood science based design capability Measurable levels of assurance Safe havens – critical core - impervious to attack Known emergent properties
SEE
ACT
SHARE
DESIGN
Grey Shading indicates level of investment Thermometer shows expected relative progress in 5 years
7
IA&SIA&SIntrusion Tolerant Systems
Premise Attacks will happen; some will be successful Attacks may be coordinated across multiple sites
Hypothesis Attacks can be detected, contained, and tolerated, enabling continued correct
progress of mission critical applications ITS Program Goals
To conceive, design, develop, implement, demonstrate, and validate tools and techniques that would allow fielding of intrusion tolerant systems.
An intrusion tolerant system is one that can continue to function correctly and provide the intended services to the user in a timely manner even in the face of an attack.
8
IA&SIA&SITS FUNCTIONS & CAPABILITIES
DESIGN VALIDATION
MOBILE CODE/DATA INTEGRITY
MALICIOUS CODE CONFINEMENT
ERROR DETECTION/ TOLERANCE TRIGGERS
ERROR COMPENSATION/RESPONSE/ RECOVERY
Detect design faults; plug exploitable code vulnerabilities; Validate key intrusion tolerant properties
Rapidly distinguish intact & corrupted entities before execution
Monitor software executables
Value & Time Domain Detectors; Comparison & Voting; Acceptance Checks
Survivable Architectures; Graceful Degradation; QoS Trade-OffsSpatial, temporal, design, analytical redundancies; Dynamic reconfiguration
9
IA&SIA&SCapabilities and Enabling
Technologies
Avoid faults. Detect design faults. Plug exploitable code vulnerabilities. Assurance & preservation of software dependability properties via program analysis, annotation and
manipulation tools (Scherlis).
Validate intrusion tolerance. Validate key security properties of intrusion tolerant architectures.
Ontology of intrusion tolerance (Stavridou).
Analytical modeling & simulation. Assure mobile code / data integrity. Rapidly distinguish intact & corrupted entities before
execution. Language-based security: Language-independent PCC safety policy (Appel); Scalable PCC certifying
compiler, prover, & checker (Appel); Provably-secure mobile code format (Franz); Self-enforcing object code using in-lined reference monitors (Schneider).
Confine malicious mobile code and malicious host. Monitor software executables. Protect mobile code.
Sandbox individual active scripts (Ghosh); Mutate mobile code to protect from malicious host (Badger); Wrap programs and mediate all interfaces (Balzer); Monitor COTS s/w via internal binary agents (Agarwal).
10
IA&SIA&SCapabilities and Enabling
Technologies
Detect errors. Detect errors in outputs of applications, utilities, system software. Redundant systems - Rearguards (Schneider). Application-based error detection.
Process errors. Provide forward or backward error recovery. Provide error compensation via redundancy. Recover & respond. Perform QoS trade-offs and graceful degradation to provide continued user services for as many critical functions as possible. Log repair and damages.
Agile objects for rapid reconfiguration & location elusiveness (Chien); Fragmentation redundancy & scattering of objects (Khosla); Digital Semantic Integrity (DSI) mark methods (Rosenthal).
Functional & analytic redundancy; Design diversity; Temporal redundancy; Dynamic reconfiguration & adaptation; Market-based resource allocation; Intrusion-tolerant transaction processing protocols.
top related