1 approved for public release, distribution unlimited lee badger information processing technology...
TRANSCRIPT
1 Approved for Public Release, Distribution Unlimited
Lee BadgerInformation Processing Technology
OfficeDefense Advanced Research
Projects Agency
Self-Regenerative Systems July 20, 2004
Kickoff Meeting
2 Approved for Public Release, Distribution Unlimited
Program Objectives
time
Ability to deliver service
Self-Regenerative System(Reconfigures and Self Optimizes)Intrusion Tolerant
Systems(Gracefully degrade)
ConventionalSystem(Crashes)
Initial Operational Capability
100% Critical Functionality
Theoretical Optimal Performance(Reliability Growth)
(attack or error)
W/SW/S
W/S
LAN
PC LAN
COTS
COP, Intelligence, Imagery, Messaging
Develop MilitaryExemplar System
Show it ispossible to:
Provide 100% critical functions at all times in spite of attacks.
Learn own vulnerabilities to improve survivability over time.
Regenerate service after attack.
:
3 Approved for Public Release, Distribution Unlimited
History
Study PanelConvened
Nov MarOctFeb Jul
2001 2002
Study PanelReport Delivered
MayStudy
Projects
Fred Schneider (Cornell) – Chair
Jim Anderson (UNC)
Stephanie Forrest (UNM)
Kishor Trivedi (Duke)
Teresa Lunt (PARC)
Mike Reiter (CMU)
Carl Landwehr (NSF)
Scalable Redundancy for Infrastructure Systems (Reiter)
Automated Diversity in Computer Systems (Reiter, Forrest)
Using Enhanced Credentials for Mitigating the Insider Threat (Rajagopalan)
Scalable Data Redundancy for Network Centric Military Applications (Birman)
SRSWorkshop
New Startbriefing
New Startbriefing Today
Program development by: Dr. Jaynarayan Lala Mr. Lee Badger
2003SepBAA
Issued
2004
Initialclosing
Nov FebDecisions
Completed Programapproved
AprilContractawards
JulyJune
4 Approved for Public Release, Distribution Unlimited
SRS KickoffJuly 20-21 2004Washington DC2-day meetingPresent new projectsSRS architecture workshop
PI MeetingJan. 2005East Coast LocationRedundancy Baselines DuePresent progress reportsSRS architecture workshop IIInsurmountable opportunities
PI MeetingJuly 2005East Coast LocationPreliminary project results[Demonstrations]Challenge problems
PI MeetingJan. 2006East Coast LocationFinal project results
2004
2005
Site visits by the PMand IET
Going Forward
5 Approved for Public Release, Distribution Unlimited
Technical Areas
Cognitive Immunity and Healing
Service Regeneration
identify 10% of root causes5% self corrected
Granular, Scalable Redundancy
Massive Defense Reserve
Reasoning About Insider Threats
Pre-empt Insider AttackDetect System Overrun
Biologically-Inspired Diversity
Genetically-Diverse Computing Fabric
Goal:DenyService
Goal:BecomeInsider
outsideattacker
insideattacker
crash,corruption,exhaustion
privilegeescalation
badcommand
AttackerObjective
Foiled
generate 100 functionally equivalent versions of a module, with <33 having the same deficiency
3-fold Byzantine update latency reduction15-fold epidemic update latency reduction
10% attacker goals thwarted or delayed
6 Approved for Public Release, Distribution Unlimited
Biologically-Inspired Diversity
Att
acker
Work
Facto
r
Number of Target Components
Identical Software
Total D
ivers
ity Genetically-Diverse Computing
Fabric
generate 100 functionally equivalent versions of a module, with <33 having the same deficiency
fine-grained diversify at the module level removes common vulnerabilities
automatically generate diverse software versions
(note: n-version programming is manual)
metric
TechnicalApproach
Goal:want to be here
n-versionprogramming(n <= 3)
softwaremodule M
software diversitytransformation
randomseed
we arehere
(today)State of Art
softwaremodule M’
(tomorrow)
diversitycycle
compatible but withdifferent vulnerabilities
randomize APIs, instructions, algorithms, cryptography, etc.
BackBack
7 Approved for Public Release, Distribution Unlimited
Cognitive Immunity and Healing
System
inputs actions
crash, other anomaly
causes?
ReflectHighest Order of Cognition
Introspection, Learning
Self-Healing, Repair Vulnerability, Formulate Novel-Attack Defense, Predictively Adapt, Diagnose Root Cause of Failure
Automated Cyber Immune Response and System Regeneration
Goal:
TechnicalApproach
Biologically inspired response strategies.
Machine learning (reflection). Automated cause-effect chain analysis.
identify 10% of root causes5% self corrected
metric
client client client client clienttime
Attack 1 Attack 2
8 Approved for Public Release, Distribution Unlimited
Reasoning About Insider Threats
Pre-empt insider attack Detect system overrun
10% attacker goals thwarted or delayed
metric
TechnicalApproachIn
tru
sio
nD
ete
cti
on
Rate
False-Positive Rate
we are here
hundreds/day
98
%
Goal:
Combine and correlate information from system layers, direct user challenges, etc.
Infer user goals. Enable effective anomaly detection.
Program Event
Network Event
Policy Event
Resource Event
semanticcorrelation,reasoning
cognitiveuser model
Knowledge about users
Knowledge about mission
low
high
sem
an
tic
con
ten
t
want to be here
state of th
e art
Real File False File
Wrapper
Back-upBack-up
9 Approved for Public Release, Distribution Unlimited
Granular, Scalable Redundancy
Survive massive attack, extreme hostility
3-fold Byzantine update latency reduction15-fold epidemic update latency reduction
metric
TechnicalApproach
Nu
mb
er
coord
inate
d r
ep
licas
Assumptions about Environment
Goal:
Adaptive scalable quorums exploit environment knowledge to scale
Develop probabilistic consensus protocols. survive extreme hostility “good-enough” service
(benign)(malicious)(asynchronous)
5 2
0 h
un
dre
ds
we are here
want to be here
(transient comms)
Back-upBack-up
TBD
Command Center
Normal
recover . . .
Trusted?