third generation security (3gs) 13 february 2001 jaynarayan h. lala defense advanced research...
TRANSCRIPT
Third Generation Security (3GS)
13 February 2001
Jaynarayan H. Lala Defense Advanced Research Projects Agency
Advanced Technology Office (ATO)
Program Structure Drivers
• Imperative: Focus technology development to operational systems-driven needs and vulnerabilities
• Conclusions:– Threat: Current and growing threat to DoD ranging from ankle biters to
nation-states• Increasingly sophisticated attacks• Reduced attacker knowledge needed
– Importance: Problem is urgent, of national importance, and DARPA-hard– DARPA role is to perform the critical defensive research necessary to
change the current asymmetric threat situation to potential balance and eventually to strategic advantage
• Provide revolutionary technology -> Tech base programs• Near term: Early operational experimentation to transition technology and get
field experience• Longer term: Comprehensive systems-level approach with strategic thinking -
> Systems program
Networked Computer Systems’ Vulnerabilities
• Mobile / Malicious Code• Attack Multiplier/ Dist. Denial of Service Attacks• Misuse & Insider Threats• Mobile Environments (e.g., wireless transmissions, non-
IP attacks)
Operational Needs
• Enterprise-wide information assurance status– Operational impact of failures/attacks– Automated network defense and management
• Correlation, traceback and attribution• Enterprise-wide course of action determination and prioritized
responses • Secure coalition networks• Operate through attacks• Graceful degradation• Dynamic operating point selection (performance, functionality,
security) – response to INFOCON and indications and warnings
Threat: Classes
Civil disobedience Selling secrets
Harassment
Collecting trophies
Economic intelligenceMilitary spying
Information terrorism
Stealing credit cards
Disciplined strategiccyber attack
Nation-states,Terrorists,Multinationals
Serious hackers
Script kiddies
Curiosity
Thrill-seeking
Copy-cat attacks
Discrediting productsEmbarrassing organizations
Threat : Characteristics
Civil disobedience Selling secrets
Harassment
Collecting trophies
Economic intelligenceMilitary spying
Information terrorism
Stealing credit cards
Disciplined strategiccyber attack
Serious hackers
Script kiddies
Curiosity
Thrill-seeking
Copy-cat attacks
Discrediting productsEmbarrassing organizations
High
Low
High
Low
High
Low
High
Low
INN
OVA
TIO
N
STEA
LTH
PLA
NN
ING
CO
OR
DIN
ATI
ON
Nation-states,Terrorists,Multinationals
Information Assurance Three Generations of Security Technologies
1st Generation1st Generation(Prevent Intrusions)(Prevent Intrusions)
Intrusions will Occur
Some Attacks will Succeed
Cryptography
Trusted Computing Base
Access Control & Physical Security
Multiple Levels of Security
2nd Generation2nd Generation(Detect Intrusions, Limit Damage)(Detect Intrusions, Limit Damage) Firewalls Intrusion Detection
SystemsBoundary Controllers VPNs
PKI
3rd Generation(Operate Through Attacks) Big Board View of Attacks
Real-Time Situation Awareness& Response
Intrusion Tolerance
Graceful Degradation
Hardened Core
Functionality
Performance
Security
Components of Third Generation Security(3GS)
•Technology Base- Organically Assured & Survivable Information System (OASIS)- Cyber Panel - Survivable Wired & Wireless Infrastructure for Military Operations (SWWIM)- Dynamic Coalitions- Fault Tolerant Networks (FTN)- Composable High Assurance Trusted Systems (CHATS)
•Experimentation- Operational Experimentation
•Survivable GIG Systems- Strawman Architecture Study- System Concept Study- Risk Reduction- Design, Implementation- Field Assessment
Survivable GIG System
Cyber Panel
Early Experimentation
OASIS
SWWIM
Early Experimentation
DC/FTN/CHATS
Program Managers
• Dr. Jaynarayan Lala – [email protected], 703-696-7441– Organically Assured Survivable Information Systems, Survivable Global
Information Grid System• Dr. Douglas Maughan – [email protected], 703-696-2373
– Dynamic Coalitions, Fault Tolerant Networks, Composable High Assurance Trustworthy Systems
• Ms Catherine McCollum – [email protected], 703-696-2353– Cyber Panel, Coalition Partners in Experimentaion
• Mr. Brian Witten – [email protected], 703-696-2323– Survivable Wired and Wireless Infrastructure for Military Operations,
Partners in Experimentation
www.darpa.mil
OASISIntrusion Tolerant Architecture Objectives
Technical Approach Schedule
COTS
ServersAcceptanceMonitors
Ballot
MonitorsProxy
Servers
Pu Bv Am Sn
P2 B2 A 2 S2
P1 B1 A 1 S1
AuditControl
AdaptiveReconfiguration
requestresponsescontrol
Users/Clients
Protected
Protected
Phase II
Error Compensation,Response, Recovery
DevelopingTechnologyDrops
Real-time Execution Monitors, Error Detection
Phase I
1/01 1/02 1/03
•Construct intrusion-tolerant architectures from potentially vulnerable components•Characterize cost-benefits of intrusion tolerance mechanisms•Develop assessment and validation methodologies to evaluate intrusion tolerance mechanisms
• Real-Time Execution Monitors: In-line reference monitors, wrappers, sandboxing, binary insertion in legacy code, proof carrying code, secure mobile protocols•Error Detection & Tolerance Triggers: Time and Value Domain Checks, Comparison and Voting, Rear Guards•Error Compensation, Response and Recovery: Hardware and Software Redundancy, Rollback and Roll-Forward Recovery• Intrusion Tolerant Architectures: Design Diversity, Randomness, Uncertainty, Agility• Assessment & Validation: Peer Review Teams, Red Team, Assurance Case (Fault Tree, Hazard Analysis, Formal Proofs, Analytical Models, Empirical Evidence)
1/99 1/00
Survivable GIG Systems ProgramSurvivable System Objectives
Systems Approach Schedule
HUB
PC LAN
COTS
Navigation
Other Systems
COP Intel Imagery
...
...
Com
ms
Messaging
Local LAN
•Develop a survivable GIG system, from applications down to communications infrastructure, that can
– operate through a wide class of cyber attacks– gracefully degrade system functionality in the face of attacks– dynamically reconfigure to optimize performance, functionality and survivability
•Develop a Cyber Panel to monitor GIG system health and attack state, and respond to attacks•Demonstrate seamless operation of GIG systems and Cyber Panel, including Cyber Panel-set system operating points
• Follow a requirements-driven systems engineering approach• Build on IA&S technology foundation and prior research
– Develop a strawman survivable GIG architecture for an exemplar C4ISR system, its communications links, and a theater-wide cyber panel that showcases the latest research products and commercial information system survivability technology .
•Design, implement and exercise the integrated Survivable GIG system and Cyber Panel in an operational environment, demonstrating capabilities afforded by emerging technologies and serving as a pathfinder to make other DoD systems survivable.
DMS
SIPRNET
Organic
Links
Intel BCSTs
Tactical
CyberPanel
PriorTechBase
10/00 1/01
3/02
6/03
5/02
3/01
1/01
5/02
8/02 2/04
1/052/04
12/026/02
3/03
Final Validation
Downselect
Revamped Tech Based Projects
3/01
Schedule
PriorTechBase
10/00 1/01
3/02
6/03
5/02
3/01
1/01
5/02
8/022/04
1/052/04
12/02
6/02
3/03
Final Validation
Downselect
Revamped Tech Based Projects
3/01