Third Generation Security (3GS)

13 February 2001

Jaynarayan H. Lala Defense Advanced Research Projects Agency

Advanced Technology Office (ATO)

Program Structure Drivers

• Imperative: Focus technology development to operational systems-driven needs and vulnerabilities

• Conclusions:– Threat: Current and growing threat to DoD ranging from ankle biters to

nation-states• Increasingly sophisticated attacks• Reduced attacker knowledge needed

– Importance: Problem is urgent, of national importance, and DARPA-hard– DARPA role is to perform the critical defensive research necessary to

change the current asymmetric threat situation to potential balance and eventually to strategic advantage

• Provide revolutionary technology -> Tech base programs• Near term: Early operational experimentation to transition technology and get

field experience• Longer term: Comprehensive systems-level approach with strategic thinking -

> Systems program

Networked Computer Systems’ Vulnerabilities

• Mobile / Malicious Code• Attack Multiplier/ Dist. Denial of Service Attacks• Misuse & Insider Threats• Mobile Environments (e.g., wireless transmissions, non-

IP attacks)

Operational Needs

• Enterprise-wide information assurance status– Operational impact of failures/attacks– Automated network defense and management

• Correlation, traceback and attribution• Enterprise-wide course of action determination and prioritized

responses • Secure coalition networks• Operate through attacks• Graceful degradation• Dynamic operating point selection (performance, functionality,

security) – response to INFOCON and indications and warnings

Threat: Classes

Civil disobedience Selling secrets

Harassment

Collecting trophies

Economic intelligenceMilitary spying

Information terrorism

Stealing credit cards

Disciplined strategiccyber attack

Nation-states,Terrorists,Multinationals

Serious hackers

Script kiddies

Curiosity

Thrill-seeking

Copy-cat attacks

Discrediting productsEmbarrassing organizations

Threat : Characteristics

Civil disobedience Selling secrets

Harassment

Collecting trophies

Economic intelligenceMilitary spying

Information terrorism

Stealing credit cards

Disciplined strategiccyber attack

Serious hackers

Script kiddies

Curiosity

Thrill-seeking

Copy-cat attacks

Discrediting productsEmbarrassing organizations

High

Low

High

Low

High

Low

High

Low

INN

OVA

TIO

N

STEA

LTH

PLA

NN

ING

CO

OR

DIN

ATI

ON

Nation-states,Terrorists,Multinationals

Information Assurance Three Generations of Security Technologies

1st Generation1st Generation(Prevent Intrusions)(Prevent Intrusions)

Intrusions will Occur

Some Attacks will Succeed

Cryptography

Trusted Computing Base

Access Control & Physical Security

Multiple Levels of Security

2nd Generation2nd Generation(Detect Intrusions, Limit Damage)(Detect Intrusions, Limit Damage) Firewalls Intrusion Detection

SystemsBoundary Controllers VPNs

PKI

3rd Generation(Operate Through Attacks) Big Board View of Attacks

Real-Time Situation Awareness& Response

Intrusion Tolerance

Graceful Degradation

Hardened Core

Functionality

Performance

Security

Components of Third Generation Security(3GS)

•Technology Base- Organically Assured & Survivable Information System (OASIS)- Cyber Panel - Survivable Wired & Wireless Infrastructure for Military Operations (SWWIM)- Dynamic Coalitions- Fault Tolerant Networks (FTN)- Composable High Assurance Trusted Systems (CHATS)

•Experimentation- Operational Experimentation

•Survivable GIG Systems- Strawman Architecture Study- System Concept Study- Risk Reduction- Design, Implementation- Field Assessment

Survivable GIG System

Cyber Panel

Early Experimentation

OASIS

SWWIM

Early Experimentation

DC/FTN/CHATS

Program Managers

• Dr. Jaynarayan Lala – jlala@darpa.mil, 703-696-7441– Organically Assured Survivable Information Systems, Survivable Global

Information Grid System• Dr. Douglas Maughan – dmaughan@darpa.mil, 703-696-2373

– Dynamic Coalitions, Fault Tolerant Networks, Composable High Assurance Trustworthy Systems

• Ms Catherine McCollum – cmccollum@darpa.mil, 703-696-2353– Cyber Panel, Coalition Partners in Experimentaion

• Mr. Brian Witten – bwitten@darpa.mil, 703-696-2323– Survivable Wired and Wireless Infrastructure for Military Operations,

Partners in Experimentation

www.darpa.mil

OASISIntrusion Tolerant Architecture Objectives

Technical Approach Schedule

COTS

ServersAcceptanceMonitors

Ballot

MonitorsProxy

Servers

Pu Bv Am Sn

P2 B2 A 2 S2

P1 B1 A 1 S1

AuditControl

AdaptiveReconfiguration

requestresponsescontrol

Users/Clients

Protected

Protected

Phase II

Error Compensation,Response, Recovery

DevelopingTechnologyDrops

Real-time Execution Monitors, Error Detection

Phase I

1/01 1/02 1/03

•Construct intrusion-tolerant architectures from potentially vulnerable components•Characterize cost-benefits of intrusion tolerance mechanisms•Develop assessment and validation methodologies to evaluate intrusion tolerance mechanisms

• Real-Time Execution Monitors: In-line reference monitors, wrappers, sandboxing, binary insertion in legacy code, proof carrying code, secure mobile protocols•Error Detection & Tolerance Triggers: Time and Value Domain Checks, Comparison and Voting, Rear Guards•Error Compensation, Response and Recovery: Hardware and Software Redundancy, Rollback and Roll-Forward Recovery• Intrusion Tolerant Architectures: Design Diversity, Randomness, Uncertainty, Agility• Assessment & Validation: Peer Review Teams, Red Team, Assurance Case (Fault Tree, Hazard Analysis, Formal Proofs, Analytical Models, Empirical Evidence)

1/99 1/00

Survivable GIG Systems ProgramSurvivable System Objectives

Systems Approach Schedule

HUB

PC LAN

COTS

Navigation

Other Systems

COP Intel Imagery

...

...

Com

ms

Messaging

Local LAN

•Develop a survivable GIG system, from applications down to communications infrastructure, that can

– operate through a wide class of cyber attacks– gracefully degrade system functionality in the face of attacks– dynamically reconfigure to optimize performance, functionality and survivability

•Develop a Cyber Panel to monitor GIG system health and attack state, and respond to attacks•Demonstrate seamless operation of GIG systems and Cyber Panel, including Cyber Panel-set system operating points

• Follow a requirements-driven systems engineering approach• Build on IA&S technology foundation and prior research

– Develop a strawman survivable GIG architecture for an exemplar C4ISR system, its communications links, and a theater-wide cyber panel that showcases the latest research products and commercial information system survivability technology .

•Design, implement and exercise the integrated Survivable GIG system and Cyber Panel in an operational environment, demonstrating capabilities afforded by emerging technologies and serving as a pathfinder to make other DoD systems survivable.

DMS

SIPRNET

Organic

Links

Intel BCSTs

Tactical

CyberPanel

PriorTechBase

10/00 1/01

3/02

6/03

5/02

3/01

1/01

5/02

8/02 2/04

1/052/04

12/026/02

3/03

Final Validation

Downselect

Revamped Tech Based Projects

3/01

Schedule

PriorTechBase

10/00 1/01

3/02

6/03

5/02

3/01

1/01

5/02

8/022/04

1/052/04

12/02

6/02

3/03

Final Validation

Downselect

Revamped Tech Based Projects

3/01