OASI
S
ORGANICALLY ASSURED & SURVIVABLE
INFORMATION SYSTEMS:
PRINCIPAL INVESTIGATORS’ MEETING
August 19, 2002
Dr. Jaynarayan H. Lala
Program Manager
1
Information Processing Technology Office
Defense Advanced Research Projects Agency
OASI
S
 New Office
 Information Processing Technology Office
 New Program
 OASIS Demonstration and Validation
 New Seedlings
 Self-Regenerative Systems
 Measuring Assurance in Cyber-Space
 Survivable Servers
 New Conference
 DISCEX III
2
TOPICS
A Problem
of National Importance
OASI
S
While computational performance is increasing, productivity and
effectiveness are not keeping up

Users must adapt to system interfaces, rather than vice versa

Systems have become more rigid and more fragile

Systems have become increasingly vulnerable to attack
We have to change the game to create an urgent & necessary
quantum leap in computer system robustness and capability
3
IPTO Will Lead the Way
OASI
S
•
Building on a 40 year legacy of changing the world, IPTO will drive
revolutionary change in computing and dramatic improvement in how
people think of and use computational machines
•
Current IPTO programs lay the foundation for cognitive systems that
will




•
Reason
Learn
Explain
Respond
Send us your best ideas:
Cognitive Information Processing Technology, BAA 02-21,
http://www.eps.gov/spg/ODA/DARPA/CMO/BAA02-21/listing.html
4
OASI
S
Cognitive Systems Thrusts
Dynamic
Coordinated
Teams
Systems That Know
What They’re Doing
Applications
Cognitive Architecture
Perception
Representation
&
Reasoning
Learning
Communication
&
Interaction
Robust Software and Hardware
Foundational Science and Mathematics
(incl. Bio-inspired Computing, new approaches to Trust Management,…)
5
OASI
S
OASIS Integration, Demonstration, and
Validation Program
(OASIS Dem/Val)
6
OASI
S
Dem-Val:
Creating an Architecture
OASIS Dem-Val applies the DARPA program
results and other technologies to produce an
organically robust and dependable system
architecture
7
The OASIS, FTN, and other DARPA programs
developed tools, components, architectures,
mechanisms.
OASIS Dem/Val
OASI
S
Key Milestones
Program Objective
Demonstrate and validate a working military mission
critical system prototype that is highly dependable in the
presence of cyber threats and imperfect hardware and
software.
6/02
1/03
Award
6/03
PDR
1/04
CDR/
Downselect
6/04
Demonstration
•Create a secure and survivable JBI architecture employing defense in
depth layers of real-time execution monitors, adaptive re-configurable
strategies
•Validate architectural approach using analytical models and formal
proofs.
•Build a survivable JBI instantiation and demonstrate an Air Tasking
Order creation, modification and execution under a sustained red
team attack
Technical Challenges
1. Provide 100% of JBI critical functionality when under
sustained attack by a “Class-A” red team with 3 months of
planning.
Currently many systems can be brought down in seconds to
minutes with little planning.
2. Detect 95% of large scale attacks within 10 mins. of attack
initiation and 99% of attacks within 4 hours with less than
1% false alarm rate.
3. Prevent 95% of attacks from achieving attacker objectives
for 12 hours.
In Integrated Feasibility Experiment (IFE) 3.1 fourteen out of
fifteen flags were captured by the red team.
4. Reduce low-level alerts by a factor of 1000 and display
meaningful attack state alarms .
8 5. Show survivability versus cost/performance trade-offs.
Technical Approach
 Avoid single points of failure
 Design for graceful degradation
 Exploit diversity to increase the attacker's
work factor
 Disperse and obscure sensitive data
 Make the system dynamic and
unpredictable
 Deceive the attacker
Acquisition Strategy
OASI
S
9/01
1/02
1/03
6/02
6/03
1/04
6/04
OASIS
Real-time Execution
Monitors, Stealth,
Randomness, Error
Compensation,Response,
Recovery, Diversity.
Existing projects worked by PI's
in academia and small niche companies.
Phase I
Baseline
Prototype
Development
The Prototype Design will be
competed between two teams.
BAA 02-16
Contract
Award
Select 2
Performers
Phase II
PDR
Prototype
Design
CDR
Downselect
Winner
@CDR
Prototype
Demonstration
and Red Team
Scenario
Prototype Development
9
Boeing Team
OASIS Demonstration/Validation
Dan Schnackenberg, Boeing
Dr. Hal Hager, Boeing
Dr. Nick Multari, Boeing
Don McQuinn, Boeing
Dr. Sanjai Narain, Telcordia
Dr. Raj Rajagopalan, Telcordia
Pete Dinsmore, NAI Labs
Mark Feldman, NAI Labs
Dr. Yair Amir, Spread Concepts
Designing Protection and Adaptation into a
Survivability Architecture: Demonstration and
Validation (DPASA-DV)
Mr. Pete Pflugrath, Program Manager
Dr. Partha Pal, Co-Principal Investigator
Mr. David Levin, Co-Principal Investigator
OASI
S
SELF-REGENERATIVE
INFORMATION SYSTEMS
12
OASI
S
Self-Regenerative Systems:
Program Goals
 Conceive, design, develop, implement,
demonstrate and validate architectures, tools,
and techniques that would allow fielding of
systems that can learn.
 Develop the basic precepts of representation,
reasoning and learning that will form the
scientific foundation for all such future
systems.
13
Self-Regenerative Systems:
Envisioned Capabilities
OASI
S
 Learn from its experience so it performs better tomorrow
than it did today.
 Restore system capabilities to full functionality following an
attack event or a component failure.
 Analyze a specific failure and diagnose the root cause of the
failure.

14
Determine if an attack focused on exploiting a specific vulnerability or a
misconfiguration, or if the failure was caused by a component failure, an
operational error, or a fundamental flaw in the architecture.
Self-Regenerative Systems:
Envisioned Capabilities
OASI
S
 Generalize a specific attack event to form a defense against
a class of attacks.
 Adapt to changes in network traffic due to congestion or
denial of service attacks or router and link failures.
 Continually create new deceptions as new threats emerge
and old techniques become less effective.
 Monitor insider activity and develop profiles for appropriate
and legitimate behavior.

15
Take preventive and defensive measures as legitimate bounds are
exceeded.
OASI
S
Self-Regenerative Systems:
Seedlings and SBIRs
Principal Investigator(s)
16
Project
Mike Reiter (CMU)/Stephanie
Forrest (UNM)
Automated Diversity in Computer Systems
Ken Birman (Cornell)
Scalable Network Redundancy for Network-Centric Military
Applications
Mike Reiter (CMU)
Scalable Redundancy for Infrastructure Services
Fred Schneider (Cornell)
Beyond COCA: Quorums and Thresholds for Distributed Services
Scott Gerwehr (RAND)
Deception Technologies for Computer Network Defense
Steve Harp (Honeywell)
Skeptical Systems
S. Raj Rajagopalan (Telcordia)
Using Enhanced Credentials for Mitigating the Insider Threat in
Enterprise Networks
Bob Balzer (Teknowledge)
CyberSafe: Autonomic Wrappers to Emasculate Malicious Code
Jayant Shukla (TRLOKOM)
Applications for Multi-Terabit Networking
Victoria Stavridou (SRI)
eDNA: Network Defense Studies
OASI
S
Measuring Assurance
in
Cyber-Space
17
Measuring Assurance:
Program Goal
OASI
S
CONTEXT: Create robust software and hardware
that are fault-tolerant, attack resilient, and easily
adaptable to changes in functionality and
performance over time.
PROGRAM GOAL: Create an underlying scientific
foundation that will
18

enable clear and concise specifications,

measure the effectiveness of novel solutions, and

test and evaluate systems in an objective manner.
OASI
S
Measuring Assurance:
Challenges
 Unable to quantitatively state how assured
systems and networks are.
 Unable to quantify ability of protective measures
to keep out intruders.
 Difficult to characterize capabilities of intrusion
detection systems to detect novel attacks.
 Benefits of novel response mechanisms cannot
be measured comparatively or absolutely.
19
OASI
S
Measuring Assurance:
Technical Approach
 Research the theoretic aspects of information
assurance
 Develop measures of merit and metrics to
characterize quantitatively various
dimensions of security
 Show the relevance of the theory by applying
theory to a realistic exemplar system
20
Measuring Assurance:
Major Focus Areas
OASI
S
 Concepts and terminologies to succinctly express IA domain
issues
 Threat, attack and vulnerability taxonomies
 Security models and models of attacker intent, objectives,
and strategies
 Work factor metrics, survivability metrics, operational
security metrics, cryptographic protocol metrics
 Methods for testing and validating protection mechanisms
 Security and survivability requirements specifications
21
OASI
S
Measuring Assurance:
Seedling Performers
Principal Investigator
22
Project
Peng Liu (Penn State)
Measuring Quality of Information Assurance
Tom Van Vleck (NAI Labs)
Measuring Assurance
Dennis Hollingworth (NAI Labs)
Threat, Attack, and Vulnerability Taxonomies
Roy Maxion (CMU)
Developing a Defense-centric Taxonomy
Crispin Cowan (WireX)
Relative Vulnerability Approach to Predicting System Assurance
Brad Wood (SRI, International)
The Critical Security Rating
Bob Riemenschneider (SRI, International)
Global Measures of Assurance
Pradeep Khosla/Tom Longstaff (CMU/CERT)
Invited Workshop Series
Vladimir Gudkov (Univ of South Carolina)
The Quantitative Analysis of Cyberspace Utilizing Complex Systems
Theory, Multi-dimensional Time-series Analysis, Wavelet Analysis and
Generalized Entropy Measures
Mike St. Johns (NAI Labs)
Key Management within a Metric Analysis Framework
Bill Sanders (U of Illinois)/Partha Pal (BBN)
Probabilistic Quantification of Security Metrics in Cyberspace
OASI
S
Survivable Server Seedlings
 Objectives
 Create a survivable server using OASIS technologies that are suited to a
selected military mission-critical applications (Army CECOM SMS Server
and TRANSCOM WebMail Server)
 Demonstrate server survivability on a prototype platform in March 2003
 Transition technology to operational C4ISR systems
 Performers
 Teknowledge (HACQIT and integration): CECOM SMS Server
 Architecture Technology Corporation (VPNShield)
 BBN (ITUA)
 Secure Computing Corporation (ITSI)
 Draper Laboratory (DB Transaction Mediator)
 WireX & SCC: TRANSCOM WebMail Server
23
OASIS Roadmap
FY02
FY01
FY00
FY99
FY03
FY04
System Dem-Val Program
PDR
CDR
Survivable JBI
Demonstration
Technology Demonstrations
(6)
(16)
Survivable Server
(17)
Technology Validation
Four
Questions
Project Evaluations
PI Meetings &
Project
Phoenix AspenHonolulu
Evaluation
Program
Evaluation
Error
Compensation/
Response/
Recovery
Error Detection/
Tolerance Triggers
Execution
Monitors
Fault Avoidance
Validation Completed
Pilot
Validation
Matrices
Norfolk Santa Fe
Program
Redirection
Project
Validation
Santa Rosa
Hilton Head
Program
Redirection
Intrusion-Tolerant
Architectures
Fragmentation,
Redundancy,
Scattering,
Deception
Graceful Degradation
Value & Time Domain Error
Detection
Digital Integrity Marks
Sandbox Active
Scripts
In-lined Reference
Monitors
Provably
Correct
Protocols
Peer
Review
Redundancy-Based
Cyber Attack Detection
Monitor COTS
Binaries
Secure Mobile Code
Format
Secure-design
Principles
Software
Vulnerability
Detection
Operate thru’
Mobile/ Malicious
Code Attacks
Design Assessment
& Validation
•SPAWAR (EC5G,
Smart Ship)
•PACOM
•CECOM (ABCS)
•TRANSCOM
•AFRL
Ideas for
Advanced Research:
•Self-regenerative
Systems
•Defeating the Insider
Threat
•Measuring Assurance
•Deception for Cyber
Defense
OASI
S
Hot Off the Presses!!!
 DARPA pleased to announce the Third DARPA Information
Survivability Conference and Exposition (DISCEX 3)
 CFP announcement



Papers due in late September 2002
Notifications by early December 2002
Camera-Ready papers due by mid-January 2003
 Conference will be held in late April 2003 in Wash. D.C.
 Formal Program Committee
 Much stronger reviews than previous DISCEX conferences
 Expected paper acceptance rate of 20-25%
 I encourage all OASIS PIs to participate
25
OASI
S
DISCEX 3
 Download CFP – http://www.iaands.org/discex3/cfp.html
 Start thinking about your paper
 Start thinking about your demo for the exposition
 Things that will happen before the next PI meeting
 Paper submission, review, acceptance, and camera-ready
 Non-accepted papers  Summary project description (6 pgs)
 Exposition participants  Demonstration summary (3 pgs)
 Help advertise – open conference
 Plan to attend – Apr. 22-24 in Washington, D.C.
26
OASI
S
BACK-UPS
27
Industry versus DoD Needs
OASI
S
DoD Needs
Industry Direction
Future:
Command & Control Systems
Combat Systems
Intel/Reconnaissance
Strategic Indicators & Warning
Logistics & Personnel
Coordinated
Large scale
Stealthy
Exploit
unknown
vulnerabilities
Nation
States
Terrorists/
Multinationals
Random,
uncoordinated
Small scale
Exposed
Exploit
known
vulnerabilities
Serious
Hackers
Script
Kiddies
No Attacks
Financial Transaction
Systems (Banks, Stock
Markets)
IBM
Autonomic
Computing
Wireless
Phones
No Failures
Most desktop &
commercial H/W & S/W
(designed for ideal/nonrealistic conditions)
OASIS and
OASIS Dem/Val
Internet
Origina
l
Arpane
Power
Grid
t
Control/
SCADA
Benign
Memory
Bit Errors
Comm
Errors
Permanent
SelfRegenerative
Systems
AT&T
Switchin
g
SystemsMedical/
Boeing 777
Flight Control
System
Radiology
Byzantine
Processor
Fail-stop/
Fail-crash
Stop/Start
Intermittent
Transient
Inconsistent
* Householder, Houle, and Dougherty, "Computer Attack
Trends Challenge Internet Security," Security & Privacy,
IEEE Computer Society, Jan 2002
Accidental Faults and Errors
28
OASI
S
29
The Third Dimension