combating short- and long-term cyber threats · 2020-06-10 · combating short- and long-term cyber...

Combating Short- and Long-Term Cyber Threats Stacey A. Dixon, Ph.D. | Deputy Director

Intelligence Advanced Research Projects Activity

25 October 2017

INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)

IARPA Partners & Customers: The Intelligence Community

Coast Guard

Central Intelligence Agency

Army

Navy

Air Force

Na9onal Reconnaissance Office

Na9onal Geospa9al-Intelligence Agency

Na9onal Security Agency

Defense Intelligence Agency

Department of State

Department of Energy

Department of the Treasury

Department of Homeland Security

Federal Bureau of Inves9ga9on

Drug Enforcement Administra9on

Marine Corps


IARPA Mission

IARPA envisions and leads high-risk, high-payoff research that delivers innovative technology for

future overwhelming intelligence advantage

  Ourproblemsarecomplexandmul)disciplinary  Weemphasizetechnicalexcellence&technicaltruth


IARPA Method Bringthebestmindstobearonourproblems

  FullandopencompeHHontothegreatestpossibleextent  World-class,rotaHonalProgramManagers

Defineandexecuteresearchprogramsthat:  Havegoalsthatareclear,measureable,ambiHousandcredible  EmployindependentandrigorousTest&EvaluaHon  InvolveICpartnersfromstarttofinish  Runfromthreetofiveyears  Publishpeer-reviewedresultsanddata,tothegreatestpossibleextent  TransiHonnewcapabiliHestointelligencecommunitypartners


4 Core Research Thrusts


Computing R&D

TRUSTWORTHY COMPONENTS

Gainthebenefitsofleading-edgehardwareandsoTwarewithoutcompromisingsecurity

RevoluHonaryadvancestosolveproblemsintractablewithtoday’scomputers

COMPUTATIONAL POWER

SAFE AND SECURE SYSTEMS

ProtecHngsystemsagainstcyberthreats

“Operate effectively in a globally interdependent and networked environment”


User

ApplicaHon

OperaHngSystem

Hypervisor

Firmware

Hardware


IARPA Cybersecurity-related research

User

TICCAT

CAUSE

STONESOUP

SCITESPAR

VirtUE

ApplicaHon

OperaHngSystem

Hypervisor

Firmware

HardwareRAVEN

HECTOR


Cyber-attack Automated Unconventional Sensor Environment (CAUSE)

  Howcanweforecastcyber-aWackevents,hourstoweeksearlierthanexisHngmethods?

  CAUSEProgramgoals  DevelopandvalidateunconvenHonalmulH-disciplinarysensortechnologythatwillforecastcyber-aWacksandcomplementexisHngadvancedintrusiondetecHoncapabiliHes.


CAUSE Approach


CAUSE Performer Modeling & Analytic Approaches   LearningthespaHo-temporalstructurerelaHngobservablebehaviors(e.g.socialmediainteracHons)withhistoricalcyber-aWackdata

  Learningotherfeaturesfromsensordata(e.g.,Darkwebposts)thatarepredicHveofevents

  FusingnotonlypredicHonsfrommulHplemodels,butsignalsfrommulHplesensorsaswell

  TrainingatranslaHonmodelusingaconvoluHonalneuralnetwork(CNN)approachforfeatureextracHonfromwebsitesinotherlanguages


CAUSE Sensor Research CONVENTIONAL UNCONVENTIONAL

INTERN

AL

NetworkBehaviorAnomalyDetec)on ThermalAnomalyDetec)onEX

TERN

AL

VulnerabilityMen)ons SocialMediaSen)mentAnalysis

ArehighfrequencymenHonsofsoTwarevulnerabiliHesindicaHveoffuturecyber-aWacks?


CAUSE Program Challenges   Challenge#1:GroundTruth

  EventTypes:atypologydefiningtherelevantcyber-aWackeventspaceisnecessaryforpredicHvemodelingandanalyHcs

  HighFidelity:accuratepredicHonofeventdetailsadvancesthestate-of-the-artofcyber-aWackforecasHngandprovidesuHlityfordeployingeffecHvedefensivemeasures

  LessonsLearned:developingreliabledatacollecHonandencodingprocessesisparamountforexecuHngasuccessfulprogram


CAUSE Program Challenges   Challenge#2:Transparency

  Cybersecurityanalystsarereluctanttoadoptblackboxsystemsthatfailtorevealthedecisionprocessandlacktransparency

  AprogramobjecHveistopromotetransparencybyprovidinganAuditTrailcapabilitytorevealthedecisionprocessandconnectthedots

  NarraHveprovidescontextaboutthewarningfromAuditTraildetails


CAUSE Technical Challenges   HighDimensionalDataSources

  PerHnentdatasources(e.g.,socialmedia,darkweb,news)areinherentlynoisyandhavehighdimensionality

  Keychallengetoextractfeaturesandreducedimensionality

  SensorResearch  ConvenHonalandunconvenHonalsensorsrelyonbothinternal(e.g.,securityappliance)andexternaldatasources

  SensorsmeasuremulH-modalobservablesignalssuchassenHment,outrage,andintentfrommulHpledatasources

  KeychallengetomeasurenoisysignalsindicaHveofcyber-aWacks


Virtuous User Environment (VirtUE)

  Howcanwedevelopuserenvironmentsthataremoredynamic,secure,auditable,transferrable,andefficientthanthecurrentofferingsprovidedbytradiHonalphysicalworkstaHonsandcommercialVirtualdesktopinfrastructure?


VirtUE Program Goals   UsethetechnologiesofthecloudtocreateanewuserinterfacethatmiHgatesuser-basedcomputerthreatsinthegovernment’scompuHngenvironment-“AbeWerVirtualDesktopInfrastructure”

  MiHgatethisComputerSecurityConundrum:  Computerusersareresponsibleformostofourcurrentsecurityincidents.Spear-Phishing,MaliciousWebcontent,usercarelessnessormalice

  UsersneedconvenientaccesstocompuHngresourcestomaintainproducHvityandachieveorganizaHonalgoals


Build a Dynamic, Securable User Environment Using the Cloud – A “Virtue”

“a virtual appliance built specifically for the purpose of safe, user-interactive computing tasks in the cloud”


Redesign the Legacy User Environment Leveraging the Cloud


DBAdminVirtue

SharePointUserVirtue

AuditorVirtue

Emailuservirtue

InternetConsumervirtue

Documentcreatorvirtue

User interacting with 6 virtues in one interface

Provide a Clever Presentation Interface Merging User’s VirtUEs


Scientific advances to Continuous Insider Threat Evaluation (SCITE)

  HowcanweadvancethescienceandpracHceofinsiderthreatdetecHon?

  ProgramGoals:  ModelandforecasttheperformanceofexisHngandproposedinsiderthreatdetecHonenterprises

  DevelopanewclassofacHveindicatorsandassociatedautomateddetecHontools

  Status:programinprogress


Security and Privacy Assurance Research (SPAR)

  WhatdoyoudowhenaqueryistoosensiHvetoshare,andbulkingesHonofthedataraisesprivacyissues?

Query

Clientlearns:•  Response•  Querypolicy•  Otherrecordcontents•  Otherclients’queries

Serverlearns:•  Querystructure•  Querycontents•  Queryresponse•  Cross-querytrends

Client Server Database,Policy


SPAR Program Goals   CreatesystemsthatguaranteeprivacywhilealsomaintainingcertainsecuritycharacterisHcs

  GivesassurancetoadataownerthatonlyrelevantinformaHonisshared  SupportsapracHcalsetofquerytypesandscalestorealisHcdatabasesizes

  EnablescollaboraHonbetweennon-tradiHonal/occasionalpartners,andadministraHonwithoutaccesstocontent


SPAR Sharing Architecture Query

Client learns: •  Response •  Query policy •  Other record contents •  Other clients’ queries

Server learns: •  Query structure •  Query contents •  Query response •  Cross-query trends

Third party learns: •  Query structure •  Cross-query trends •  # of records returned •  Query contents •  Record contents

Encrypted (DB)

Client Server

Third Party

DB, Policy

•  Third Party learns limited information about DB and Queries

•  Third Party management jointly decided by Client/Server


Homomorphic Encryption Computing Techniques with Overhead Reduction (HECTOR)

  Challenge:TobalancetheneedsofpolicycompliancewithprovidingaccesstodataneededtoprotectnaHonalsecurity.

  Goal:Developacomprehensivesetofcryptographictools,programminglanguages,designandverificaHontoolstoenablenon-cryptographicexpertsystemarchitectsandapplicaHondeveloperstodevelopsecuredistributedapplicaHonsleveragingadvancedcryptographictechniques.

  Status:TheBroadAreaAnnouncementclosesonDecember1st.


Securely Taking on Executable Software of Uncertain Provenance (STONESOUP)

  HowcanwebenefitfromhighlyfuncHonalsoTwareproducedbyaglobalizedindustrywithoutpuhngtheenterpriseatrisk?

Is this SOUP safe?

SOUP


STONESOUP Accomplishments   ProtectssystemsbyautomaHcallyprevenHngsoTwareweaknessesfrombeingexploited

  AutomaHcallyfindsandmiHgatesexploitablesecurityvulnerabiliHesinsoTware

  Analyzesprograms,notthedataprocessedbyprograms  FindsflawsthatleadtoinsecureprogramcondiHons,ratherthanlookingforknownaWackpaWerns

  Status:Programendedin2015  ToolsarehostedonlinebyNIST.SearchIARPASTONESOUPNIST


Circuit Analysis Tools (CAT) and Rapid Analysis of Various Emerging Nanoelectronics (RAVEN)

  Microelectronicsdesignsareadvancingfasterthanourcapacitytoanalyzethem.

  HowdowekeepupwithmicroelectronicswhennextgeneraHoncircuitsare10,000xsmallerthanahumanhair?


Circuit Analysis Tools (CAT)   Developtoolsforintegratedcircuitanalysisatfuturetechnologynodes,specificallythe22nmnodeandbeyond.

  Analysistoolscapableofworkingwithadvancedpackagesincludingbutstackeddie.

  ToolsandtechniquesmustaddressanalysisandimagingchallengesforwhichtherearecurrentlynosoluHons.

  ProgramStatus  Programcomplete.  Commercialproductsareinthemarketplace.


Rapid Analysis of Various Emerging Nanoelectronics (RAVEN)

  TheRAVENprogramaimstodevelopaprototypeanalysistoolforacquiringimagesfromalllayersina1cm2areaofa14nmintegratedcircuit,within25days.

  Programgoalsinclude:afullyautomatedprototypetoolcapableofrapidimageacquisiHonfromanindividualchip.


Trusted Integrated Chips (TIC)   Over90%oftheworld’sintegratedcircuitfoundrycapacityiscontrolledbynon-UScompanies.

  HowcanweleveragethisglobalinfrastructurewhileprotecHngintellectualpropertyandensuringsecurity?


TIC Program Goals   EnsuretheU.S.IntelligenceCommunitycanobtainthehighestperformancepossibleinintegratedcircuits.

  Obtainassurancethatdesignsaresafeandsecure–notcompromisedwithmaliciouscircuitry.

  Ensuresecurityofdesigns,capability,andperformancewhilesimultaneouslyprotecHngintellectualproperty.

  RealizesecuresystemscombiningadvancedCMOSwithhighervaluechips.


TIC Technical Accomplishments   Demonstratedsplit-manufacturingofintegratedcircuitsusingastate-of-the-artuntrustedFEOL(FrontEndofLine)foundryandatrustedBEOL(BackEndofLine)foundry.

  130nm,65nm,and28nmnodes.

  ProgramStatus  Programisinitsfinalphase.  Findingsarebeingsharedwithgovernmentandindustry.


IARPA Cybersecurity-related research

User

TICCAT

CAUSE

STONESOUP

SCITESPAR

VirtUE

ApplicaHon

OperaHngSystem

Hypervisor

Firmware

HardwareRAVEN

HECTOR


How to Engage with IARPA iarpa.gov|301-851-7500

[email protected]

RESEARCH PROGRAMS

“SEEDLINGS” RFIS AND WORKSHOPS

Opportuni)estoEngage:PRIZE

CHALLENGES

MulH-yearresearchfundingopportuniHesonspecifictopics.

Noproposalsrequired.SubmitsoluHonstoourproblems–ifyoursoluHonsarethebest,youreceiveacashprizeandbraggingrights.

OpportuniHestolearnwhatiscoming,andtoinfluenceprograms.

Typicallya9-12monthstudy;youcansubmityourresearchproposalatanyHme.WestronglyencourageinformaldiscussionwithaPMbeforeproposalsubmission.

•  ReachouttoourProgramManagers.•  ScheduleavisitifyouareintheDCareaorinvite

ustovisityou

combating short- and long-term cyber threats · 2020-06-10 · combating short- and long-term cyber...

Documents