1
Opportunities for Cyber Trust Researchers
at IARPA
Carl LandwehrNICIAR Program ManagerIntelligence Advanced Research Projects Activity (IARPA)301-226-9100email: [email protected]
2
The Nation’s Intelligence Community
New DNI, Mike McConnell: • Intelligence Community Integration• Acquisition emphasis• Information sharing:
•Need to know vs. responsibility to provide• Analyst at the center:
•Know the customer needs•Know the sensors and source
3
IARPA Genesis• Created 1 Oct. 2007
– Within the Office of the Director of National Intelligence• First Director: Dr. Lisa Porter, on board Feb. 2008• Extra-mural research, driven by Program Managers• Mix of unclassified and classified research programs• Unclassified research largely solicited through targeted BAAs• Watch FedBizOpps for opportunities• IARPA Web site coming soon:
– Keep your eye on www.iarpa.gov !• Location: College Park, MD• Rotational staff of Program Managers
– People with new program ideas encouraged to apply!
4
IARPA• No kidding, high-risk/high payoff research
– This is NOT about “quick wins,” “low-hanging fruit,” “sure things”, etc.– Failure is completely acceptable as long as
• It is not due to failure to maintain technical or programmatic integrity• Results are fully documented
• Best and brightest– Competitive awards and world-class PMs– Every IARPA program will start with a good idea and a good person to lead it.
Without both, IARPA will not start a program.• Cross community focus
– Address cross-agency challenges– Leverage agency expertise (both R&D and operational perspectives)– Work transition strategies and plans
• The “P” in IARPA is very important– Each Program will have a clearly defined and measurable end-goal, typically 3-5
years out. Intermediate milestones to measure progress are also required– IARPA does not “institutionalize” programs– Fresh ideas and fresh perspectives are always coming in; status quo is constantly
questioned
5
The Heilmeier Questions1. What are you trying to do?2. How is it done now? Who does it? What are the limitations of present
approaches?– Are you aware of the present state-of-the-art and have you thought
through all the options?3. What is new about your approach? Why do you think you can succeed at
this time?– Given that you’ve provided clear answers to 1 & 2, have you created a
compelling option?– What does a first order analysis of your approach reveal?
4. If you succeed, what difference will it make?– Why should we care?
5. How long will it take? How much will it cost? What are the mid-term and final exams?
– What is your program plan? How will you measure progress? What are your milestones/metrics? What is your transition strategy?
6
National Intelligence Community Information Assurance Research Program
Vision:Level the cybersecurity playing field– Dramatically improve the fundamental
trustworthiness of the NIC cyber infrastructure
– Defend existing NIC cyber infrastructure from external and internal threats; enable operation despite attacks
Goals:– Use accountability as a lever to reduce
vulnerabilities and foster information sharing
– Increase the attacker’s cost to penetrate NIC systems
– Provide usable and flexible security mechanisms
Flawed softwareSpoofable network protocolsComplex security management
Defense has an uphill battle!
7
Goals• Double attacker’s time/resource cost to compromise NIC systems through
remote exploits– Unmodified system as baseline– Applications: reduce vulnerability windows in time (patch
generation/installation, reconfiguration) and space (flaw/fault detection and removal)
• Decrease by half the time and effort required to attribute a specific computational event/information flow to a (human/software/hardware) initiator– Unmodified system as baseline– Applications: sanitization, information sharing (credit), leakage (blame)
• Stretch goal: Reduce by a factor of 10 the time/effort required to certify/accredit a new, conforming software component for use in a general purpose environment based on accountable information flow technologies– Existing system and certification/accreditation process as baseline
8
Current NICIAR Research Topics
Goals:• Increase attacker’s cost • Enable system operation during attack• Improve system configuration assurance
Technologies:• Dynamic, diverse programs and systems• Configuration specification and verification
Goals:• Incorporate accountable information flow
mechanisms at all system layers• Develop and demonstrate network designs
in which today’s attacks are engineered out
Technologies:• Physical unclonable functions, secure
coprocessors, static/dynamic analysis
Large Scale System DefenseVulnerable monoculture
Robust polyculture Intended configuration
Actual configuration
Accountable Information Flow
9
NICECAP Timeline
1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 20072006 2008
BAA release 4/24/06
35 Full Proposals invited 1/15/08
Proposals due 2/14/08
Round I Work begins 6/1/07
Contract negotiations begin 4/15/08
Topic areas:Accountable Information flow
New focus area 10/07: Privacy Protecting Technologies
Large scale system defenseUpdated BAA release 10/2/07
White papers due 11/2/07 (received ~ 135 WPs)
Awards made 7/15/08
2009NICECAP BAA available at (or Google (NICECAP)):http://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/Reference-Number-BAA-06-11-IFKA/listing.html
10
On the Horizon:Secure System Engineering Competitions
• How do we build systems of realistic scale that –Have a sound assurance argument–Can be extended without sabotaging it–Are usable and manageable
• How do we structure a competition to teach us these things?–What would be a compelling thing (or series of
things) to build?–How would we evaluate it?–How would we measure progress?
• What toolkits could we make available to competitors?
