1 Approved for Public Release, Distribution Unlimited

Lee BadgerInformation Processing Technology

OfficeDefense Advanced Research

Projects Agency

Self-Regenerative Systems July 20, 2004

Kickoff Meeting

2 Approved for Public Release, Distribution Unlimited

Program Objectives

time

Ability to deliver service

Self-Regenerative System(Reconfigures and Self Optimizes)Intrusion Tolerant

Systems(Gracefully degrade)

ConventionalSystem(Crashes)

Initial Operational Capability

100% Critical Functionality

Theoretical Optimal Performance(Reliability Growth)

(attack or error)

W/SW/S

W/S

LAN

PC LAN

COTS

COP, Intelligence, Imagery, Messaging

Develop MilitaryExemplar System

Show it ispossible to:

Provide 100% critical functions at all times in spite of attacks.

Learn own vulnerabilities to improve survivability over time.

Regenerate service after attack.

:

3 Approved for Public Release, Distribution Unlimited

History

Study PanelConvened

Nov MarOctFeb Jul

2001 2002

Study PanelReport Delivered

MayStudy

Projects

Fred Schneider (Cornell) – Chair

Jim Anderson (UNC)

Stephanie Forrest (UNM)

Kishor Trivedi (Duke)

Teresa Lunt (PARC)

Mike Reiter (CMU)

Carl Landwehr (NSF)

Scalable Redundancy for Infrastructure Systems (Reiter)

Automated Diversity in Computer Systems (Reiter, Forrest)

Using Enhanced Credentials for Mitigating the Insider Threat (Rajagopalan)

Scalable Data Redundancy for Network Centric Military Applications (Birman)

SRSWorkshop

New Startbriefing

New Startbriefing Today

Program development by: Dr. Jaynarayan Lala Mr. Lee Badger

2003SepBAA

Issued

2004

Initialclosing

Nov FebDecisions

Completed Programapproved

AprilContractawards

JulyJune

4 Approved for Public Release, Distribution Unlimited

SRS KickoffJuly 20-21 2004Washington DC2-day meetingPresent new projectsSRS architecture workshop

PI MeetingJan. 2005East Coast LocationRedundancy Baselines DuePresent progress reportsSRS architecture workshop IIInsurmountable opportunities

PI MeetingJuly 2005East Coast LocationPreliminary project results[Demonstrations]Challenge problems

PI MeetingJan. 2006East Coast LocationFinal project results

2004

2005

Site visits by the PMand IET

Going Forward

5 Approved for Public Release, Distribution Unlimited

Technical Areas

Cognitive Immunity and Healing

Service Regeneration

identify 10% of root causes5% self corrected

Granular, Scalable Redundancy

Massive Defense Reserve

Reasoning About Insider Threats

Pre-empt Insider AttackDetect System Overrun

Biologically-Inspired Diversity

Genetically-Diverse Computing Fabric

Goal:DenyService

Goal:BecomeInsider

outsideattacker

insideattacker

crash,corruption,exhaustion

privilegeescalation

badcommand

AttackerObjective

Foiled

generate 100 functionally equivalent versions of a module, with <33 having the same deficiency

3-fold Byzantine update latency reduction15-fold epidemic update latency reduction

10% attacker goals thwarted or delayed

6 Approved for Public Release, Distribution Unlimited

Biologically-Inspired Diversity

Att

acker

Work

Facto

r

Number of Target Components

Identical Software

Total D

ivers

ity Genetically-Diverse Computing

Fabric

generate 100 functionally equivalent versions of a module, with <33 having the same deficiency

fine-grained diversify at the module level removes common vulnerabilities

automatically generate diverse software versions

(note: n-version programming is manual)

metric

TechnicalApproach

Goal:want to be here

n-versionprogramming(n <= 3)

softwaremodule M

software diversitytransformation

randomseed

we arehere

(today)State of Art

softwaremodule M’

(tomorrow)

diversitycycle

compatible but withdifferent vulnerabilities

randomize APIs, instructions, algorithms, cryptography, etc.

BackBack

7 Approved for Public Release, Distribution Unlimited

Cognitive Immunity and Healing

System

inputs actions

crash, other anomaly

causes?

ReflectHighest Order of Cognition

Introspection, Learning

Self-Healing, Repair Vulnerability, Formulate Novel-Attack Defense, Predictively Adapt, Diagnose Root Cause of Failure

Automated Cyber Immune Response and System Regeneration

Goal:

TechnicalApproach

Biologically inspired response strategies.

Machine learning (reflection). Automated cause-effect chain analysis.

identify 10% of root causes5% self corrected

metric

client client client client clienttime

Attack 1 Attack 2

8 Approved for Public Release, Distribution Unlimited

Reasoning About Insider Threats

Pre-empt insider attack Detect system overrun

10% attacker goals thwarted or delayed

metric

TechnicalApproachIn

tru

sio

nD

ete

cti

on

Rate

False-Positive Rate

we are here

hundreds/day

98

%

Goal:

Combine and correlate information from system layers, direct user challenges, etc.

Infer user goals. Enable effective anomaly detection.

Program Event

Network Event

Policy Event

Resource Event

semanticcorrelation,reasoning

cognitiveuser model

Knowledge about users

Knowledge about mission

low

high

sem

an

tic

con

ten

t

want to be here

state of th

e art

Real File False File

Wrapper

Back-upBack-up

9 Approved for Public Release, Distribution Unlimited

Granular, Scalable Redundancy

Survive massive attack, extreme hostility

3-fold Byzantine update latency reduction15-fold epidemic update latency reduction

metric

TechnicalApproach

Nu

mb

er

coord

inate

d r

ep

licas

Assumptions about Environment

Goal:

Adaptive scalable quorums exploit environment knowledge to scale

Develop probabilistic consensus protocols. survive extreme hostility “good-enough” service

(benign)(malicious)(asynchronous)

5 2

0 h

un

dre

ds

we are here

want to be here

(transient comms)

Back-upBack-up

TBD

Command Center

Normal

recover . . .

Trusted?