Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Approved for Public Release, Distribution Unlimited Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Self-Regenerative.

Published byBryan Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Approved for Public Release, Distribution Unlimited Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Self-Regenerative."— Presentation transcript:

1 1 Approved for Public Release, Distribution Unlimited Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Self-Regenerative Systems July 20, 2004 Kickoff Meeting

2 2 Approved for Public Release, Distribution Unlimited Program Objectives time Ability to deliver service Self-Regenerative System (Reconfigures and Self Optimizes) Intrusion Tolerant Systems (Gracefully degrade) Conventional System (Crashes) Initial Operational Capability 100% Critical Functionality Theoretical Optimal Performance (Reliability Growth) (attack or error) W/S LAN PC LAN COTS COP, Intelligence, Imagery, Messaging Develop Military Exemplar System Show it is possible to: Provide 100% critical functions at all times in spite of attacks. Learn own vulnerabilities to improve survivability over time. Regenerate service after attack. :

3 3 Approved for Public Release, Distribution Unlimited History Study Panel Convened Nov Mar Oct Feb Jul 2001 2002 Study Panel Report Delivered May Study Projects Fred Schneider (Cornell) – Chair Jim Anderson (UNC) Stephanie Forrest (UNM) Kishor Trivedi (Duke) Teresa Lunt (PARC) Mike Reiter (CMU) Carl Landwehr (NSF) Scalable Redundancy for Infrastructure Systems (Reiter) Automated Diversity in Computer Systems (Reiter, Forrest) Using Enhanced Credentials for Mitigating the Insider Threat (Rajagopalan) Scalable Data Redundancy for Network Centric Military Applications (Birman) SRS Workshop New Start briefing New Start briefing Today Program development by: Dr. Jaynarayan Lala Mr. Lee Badger 2003 Sep BAA Issued 2004 Initial closing Nov Feb Decisions Completed Program approved April Contract awards July June

4 4 Approved for Public Release, Distribution Unlimited SRS Kickoff July 20-21 2004 Washington DC 2-day meeting Present new projects SRS architecture workshop PI Meeting Jan. 2005 East Coast Location Redundancy Baselines Due Present progress reports SRS architecture workshop II Insurmountable opportunities PI Meeting July 2005 East Coast Location Preliminary project results [Demonstrations] Challenge problems PI Meeting Jan. 2006 East Coast Location Final project results 2004 2005 Site visits by the PM and IET Going Forward

5 5 Approved for Public Release, Distribution Unlimited Technical Areas Cognitive Immunity and Healing Service Regeneration identify 10% of root causes 5% self corrected Granular, Scalable Redundancy Massive Defense Reserve Reasoning About Insider Threats Pre-empt Insider Attack Detect System Overrun Biologically-Inspired Diversity Genetically-Diverse Computing Fabric Goal: Deny Service Goal: Become Insider outside attacker inside attacker crash, corruption, exhaustion privilege escalation bad command Attacker Objective Foiled generate 100 functionally equivalent versions of a module, with <33 having the same deficiency 3-fold Byzantine update latency reduction 15-fold epidemic update latency reduction 10% attacker goals thwarted or delayed

6 6 Approved for Public Release, Distribution Unlimited Biologically-Inspired Diversity Attacker Work Factor Number of Target Components Identical Software Total Diversity Genetically-Diverse Computing Fabric generate 100 functionally equivalent versions of a module, with <33 having the same deficiency fine-grained diversify at the module level  removes common vulnerabilities automatically generate diverse software versions  (note: n-version programming is manual) metric Technical Approach Goal: want to be here n-version programming (n <= 3) software module M software diversity transformation random seed we are here (today) State of Art software module M’ (tomorrow) diversity cycle compatible but with different vulnerabilities randomize APIs, instructions, algorithms, cryptography, etc. Back

7 7 Approved for Public Release, Distribution Unlimited Cognitive Immunity and Healing System inputs actions crash, other anomaly causes? Reflect Highest Order of Cognition Introspection, Learning Self-Healing, Repair Vulnerability, Formulate Novel-Attack Defense, Predictively Adapt, Diagnose Root Cause of Failure Automated Cyber Immune Response and System Regeneration Goal: Technical Approach Biologically inspired response strategies. Machine learning (reflection). Automated cause-effect chain analysis. identify 10% of root causes 5% self corrected metric client time Attack 1 Attack 2

8 8 Approved for Public Release, Distribution Unlimited Reasoning About Insider Threats Pre-empt insider attack Detect system overrun 10% attacker goals thwarted or delayed metric Technical Approach Intrusion Detection Rate False-Positive Rate we are here hundreds/day 98% Goal: Combine and correlate information from system layers, direct user challenges, etc. Infer user goals. Enable effective anomaly detection. Program Event Network Event Policy Event Resource Event semantic correlation, reasoning cognitive user model Knowledge about users Knowledge about mission low high semantic content want to be here state of the art Real File False File Wrapper Back-up

9 9 Approved for Public Release, Distribution Unlimited Granular, Scalable Redundancy Survive massive attack, extreme hostility 3-fold Byzantine update latency reduction 15-fold epidemic update latency reduction metric Technical Approach Number coordinated replicas Assumptions about Environment Goal: Adaptive scalable quorums  exploit environment knowledge to scale Develop probabilistic consensus protocols.  survive extreme hostility  “good-enough” service (benign) (malicious) (asynchronous) 5 20 hundreds we are here want to be here (transient comms) Back-up TBD Command Center Normal recover... Trusted?

Download ppt "1 Approved for Public Release, Distribution Unlimited Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Self-Regenerative."

Similar presentations

New Directions for DARPA ISAT Ad Hoc Working Group on DARPA Futures Initial Draft: July 12 2000 Update: July 15 2000 x 2 Beyond Strategic Computing:

New Directions for DARPA ISAT Ad Hoc Working Group on DARPA Futures Initial Draft: July Update: July x 2 Beyond Strategic Computing:
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Scalability.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Scalability.
Reliable Multicast for Time-Critical Systems Mahesh Balakrishnan Ken Birman Cornell University.

Reliable Multicast for Time-Critical Systems Mahesh Balakrishnan Ken Birman Cornell University.
Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Net-Centric Software and Systems I/UCRC Copyright © 2011 NSF Net-Centric I/UCRC. All Rights Reserved. High-Confidence SLA Assurance for Cloud Computing.

Net-Centric Software and Systems I/UCRC Copyright © 2011 NSF Net-Centric I/UCRC. All Rights Reserved. High-Confidence SLA Assurance for Cloud Computing.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Oct 1999SRDS 991 On Diffusing Updates in a Byzantine Environment Dahlia Malkhi Yishay Mansour Michael K. Reiter.

Oct 1999SRDS 991 On Diffusing Updates in a Byzantine Environment Dahlia Malkhi Yishay Mansour Michael K. Reiter.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Page 1 Copyright © 2002-2010 Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.

Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.

DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
1 IS 8950 Managing Network Infrastructure and Operations.

1 IS 8950 Managing Network Infrastructure and Operations.

Similar presentations

Ads by Google