90 likes | 235 Views
Self-Regenerative Systems July 20, 2004. Kickoff Meeting. Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency. Program Objectives. Theoretical Optimal Performance (Reliability Growth). Initial Operational Capability. Ability to deliver service.
E N D
Self-Regenerative SystemsJuly 20, 2004 Kickoff Meeting Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency
Program Objectives Theoretical Optimal Performance (Reliability Growth) Initial Operational Capability Ability to deliver service Self-Regenerative System (Reconfigures and Self Optimizes) Intrusion Tolerant Systems (Gracefully degrade) Conventional System (Crashes) 100% Critical Functionality time (attack or error) PC LAN COP, Intelligence, Imagery, Messaging COTS LAN W/S W/S W/S • Provide 100% critical functionsat all times in spite of attacks. • Learnown vulnerabilities to improve survivability over time. • Regenerateservice after attack. Develop Military Exemplar System Show it is possible to: :
History Program development by: Dr. Jaynarayan Lala Mr. Lee Badger 2004 2002 2003 2001 Feb Nov May Oct Nov Sep Mar April June Feb July Jul Study Panel Convened Study Panel Report Delivered Study Projects SRS Workshop New Start briefing Program approved BAA Issued Contract awards Decisions Completed Initial closing New Start briefing Today Scalable Redundancy for Infrastructure Systems (Reiter) Automated Diversity in Computer Systems (Reiter, Forrest) Using Enhanced Credentials for Mitigating the Insider Threat (Rajagopalan) Scalable Data Redundancy for Network Centric Military Applications (Birman) Fred Schneider (Cornell) – Chair Jim Anderson (UNC) Stephanie Forrest (UNM) Kishor Trivedi (Duke) Teresa Lunt (PARC) Mike Reiter (CMU) Carl Landwehr (NSF)
Going Forward SRS Kickoff July 20-21 2004 Washington DC 2-day meeting Present new projects SRS architecture workshop PI Meeting July 2005 East Coast Location Preliminary project results [Demonstrations] Challenge problems 2004 2005 Site visits by the PM and IET PI Meeting Jan. 2005 East Coast Location Redundancy Baselines Due Present progress reports SRS architecture workshop II Insurmountable opportunities PI Meeting Jan. 2006 East Coast Location Final project results
Technical Areas Biologically-Inspired Diversity Cognitive Immunity and Healing identify 10% of root causes 5% self corrected generate 100 functionally equivalent versions of a module, with <33 having the same deficiency Genetically-Diverse Computing Fabric Service Regeneration Granular, Scalable Redundancy Reasoning About Insider Threats 10% attacker goals thwarted or delayed 3-fold Byzantine update latency reduction 15-fold epidemic update latency reduction Pre-empt Insider Attack Detect System Overrun Massive Defense Reserve bad command Goal: Become Insider inside attacker privilege escalation Goal: Deny Service Attacker Objective Foiled outside attacker crash, corruption, exhaustion
Biologically-Inspired Diversity metric want to be here • Genetically-Diverse Computing Fabric Goal: Total Diversity Attacker Work Factor Technical Approach we are here Identical Software Number of Target Components • fine-grained diversify at the module level • removes common vulnerabilities • automatically generate diverse software versions • (note: n-version programming is manual) random seed software module M (today) State of Art (tomorrow) diversity cycle n-version programming (n <= 3) software diversity transformation randomize APIs, instructions, algorithms, cryptography, etc. software module M’ generate 100 functionally equivalent versions of a module, with <33 having the same deficiency compatible but with different vulnerabilities Back
Cognitive Immunity and Healing Technical Approach metric inputs actions System • Automated Cyber Immune Response and System Regeneration Goal: causes? crash, other anomaly Self-Healing, Repair Vulnerability, Formulate Novel-Attack Defense, Predictively Adapt, Diagnose Root Cause of Failure Highest Order of Cognition Reflect Introspection, Learning • Biologically inspired response strategies. • Machine learning (reflection). • Automated cause-effect chain analysis. Attack 2 Attack 1 identify 10% of root causes 5% self corrected client client client client client time
Reasoning About Insider Threats Technical Approach metric want to be here Goal: 98% • Pre-empt insider attack • Detect system overrun state of the art Intrusion Detection Rate we are here False-Positive Rate hundreds/day • Combine and correlate information from system layers, direct user challenges, etc. • Infer user goals. • Enable effective anomaly detection. Knowledge about mission high semantic correlation, reasoning Knowledge about users Policy Event semantic content Network Event cognitive user model Program Event Resource Event low 10% attacker goals thwarted or delayed Wrapper Back-up False File Real File
Granular, Scalable Redundancy Technical Approach Normal TBD . . . recover metric Command Center Trusted? Goal: want to be here • Survive massive attack, extreme hostility 5 20 hundreds Number coordinated replicas we are here (benign) (asynchronous) (malicious) (transient comms) Assumptions about Environment • Adaptive scalable quorums • exploit environment knowledge to scale • Develop probabilistic consensus protocols. • survive extreme hostility • “good-enough” service 3-fold Byzantine update latency reduction 15-fold epidemic update latency reduction Back-up