About UsOur WorkEmploymentNews & Events
MITRE Remote Access for MITRE Employees Site Map

Innvovation Exchange

May 5th - May 7th
9:00AM - 4:00PM
MITRE Main Campus
McLean, VA

Online RSVP

Directions to MITRE

Projects Showcased

Tours

All MITRE Projects

All MITRE Projects (with summaries and presentations where available)

Listing of project titles in alphabetical order

Pages: 1234567891011121314151617

Mission Assurance and Survivability

Primary Investigator:Keppler, David R.

Problems:
Our goal is to develop resilience technologies that enable enterprises to harden their existing software base against cyber attack by reintroducing diversity into their software ecosystems. We aim to develop tools and techniques that implement the approach of breaking adversary assumptions. To accomplish this we will create resiliency tools that bestow the properties of agility and unpredictability on applications and systems. In this way we can shift the advantage towards defenders and away from attackers by forcing the adversary to react to continually shifting randomizations and newly created constraints. While greatly increasing the work factor for attackers to achieve their goals, we must minimize the additional cost imposed on service administrators. To do so we will develop tools that synthetically add resilience to existing off-the-shelf software and maintain the existing deployment and management cycles for that software intact.

Objectives:
The first goal is to demonstrate that our randomization and obfuscation ideas can defend against a sufficiently broad set of vulnerability classes. A large majority of identified vulnerabilities fall within three general categories: control flow alteration (e.g., code injection, “return-to-libc” attacks); command injection (e.g., SQL injection); and direct data injection and alteration. The class of control flow altering attacks is well studied in the literature, but the remaining two classes have received little attention. To achieve this goal, we must also show that we can then apply these defensive techniques to existing off-the-shelf applications. The results of our exploratory investigation during the period of FY08 proved the feasibility of our approach.


The second goal – the focus of this proposal for FY09 – is to extend the proof-of-concept work conducted during the previous year with a focus on robustness of the randomization process. We observe that previous implementations of application randomization often succumb for one of two reasons: 1) the randomization “key space” is too small allowing for brute force attacks; and 2) the randomization is static – only performed once at compile time or application startup – which increases the vulnerability of the approaches to data leakage attacks. We will address these two points through development of more robust randomization processes that result in larger permutation sets, and by developing techniques for periodically selecting new permutations on-the-fly.


The third goal is to leverage the existence of multiple randomized variants to create new constraints on attackers. The observation here is that due to the low-level assumptions made by attacks, a single attack can only possibly succeed on a single randomized application instance at a time. By coordinating multiple, different permutations of an application we can manufacture new, difficult to overcome constraints that attacks must accommodate.

Activities:
We have demonstrated the application of randomization defenses to the problems of command and data injection. The command injection tool is particularly successful and illustrates the effectiveness of analyzing and transforming byte-code executables, such as compiled Java applications. We are continuing development of the Java SQL injection tool begun in FY08 with the goal of achieving prototype levels of robustness appropriate for piloting with a suitable MITRE or sponsor database application.

We are using the dynamic recompilation process of modern Just-In-Time (JIT) compilers, which dynamically re-optimize and recompile segments of code based on dynamic run-time profiling, to continually shift randomization parameters. In this way, adversaries will have to target an ever-changing surface of attack.

Impact:
The main impact of this work is to tip the balance of defender and attacker work-load back in favor of the defenders of software applications. Currently, linear increases in attacker effort lead to exponential scaling of attack consequences and defender workload. Our randomization and synthetic diversity techniques reverse the status quo and enable small, linear increases of effort by defenders to exponentially increase the effort attackers must expend to achieve their objectives. Ultimately, by probabilistically eliminating the possibility that software vulnerabilities can be exploited, we make the presence of those vulnerabilities irrelevant. This will have wide-spread implications on the ways that software is developed, deployed, and maintained by our sponsors, the defense industrial base, and the software industry as a whole.

Public Release No:09-1093

[Presentation]

Exhibit Date(s):May 6, May 7

Mission Assurance Through Availability

Primary Investigator:Durst, Robert C.

Problems:
This exploratory proposal addresses the need to continue to successfully run a mission despite the penetration of a network on which mission-critical information resides. In particular, we focus on the problem of maintaining availability of mission-critical data when the mission’s network infrastructure is under attack by an adversary that can gain privileged access to both client and data caching nodes.

Objectives:
Define mechanisms that enable mission-critical information to continue to be available despite penetration of the network on which the information resides.

Characterize these mechanisms in comparison with the two identified alternative information storage and retrieval techniques of centralized and peer-to-peer file sharing.

Activities:
Months 1-2, scenario definition
Months 3-5, design finalization
Months 6-11, metric definition, primary analysis, and sensitivity analysis
Month 12, documentation of results.

Impact:
We expect that the proposed approach will provide measurable resiliency benefits to sponsor missions in the form of more successful missions and fewer missions delayed or aborted. We posit that missions using the proposed approach will be more resilient against network compromise because of the ongoing availability of valid mission-critical reference data despite the ability of an adversary to delete, modify, and access mission-critical reference data on network client and data caching nodes.

Public Release No:09-0894

[Presentation]

Mission Aware Reporting of Information Assurance for Airborne Networks (MARIAAN)

Primary Investigator:McQuaid, Rosalie M.

Problems:
The extension of Internet Protocol (IP) to the tactical edge (airborne and enclave networks) introduces new cyber-threat entry points into the Global Information Grid (GIG) and increases the threat to our infrastructure. Although the Air Force is implementing IA capabilities for airborne and enclave networks, these techniques do not consider mission-specific details and the events produced are managed centrally; this reduces mission continuity and success. In addition, current techniques do not produce threat information that connects to real-world missions; this correlation is necessary for mission success and enhanced situational awareness.

Objectives:
The Mission Aware Reporting of Information Assurance for Airborne and Enclave Networks (MARIAAN) project is researching and developing a proof-of-concept solution that enhances mission assurance by providing and fusing mission relevant information with detected cyber activities. The tool leverages and enhances existing and planned Air Force IA capabilities. MARIAAN will implement a service for correlating and sharing IA and mission-relevant information at the tactical edge. It provides actionable alerts and courses of action when cyber activities are threatening mission success. With MARIAAN’s enhanced situational awareness capability, the warfighter’s ability to ‘fight through’ adverse cyber activities has improved. Additionally, MARIAAN is implementing Common Event Expression (CEE) to ease event correlation and provide a bandwidth efficient communication technique between enclaves and the central monitoring facility.

Activities:
MARIAAN will produce a prototype that synthesizes airborne and enclave network mission and IA event data by correlating and sharing local and remote event data. Airborne and enclave network mission profiles will be developed for highlighting critical mission details. Additionally,CEE will be used to ease event correlation and provide an efficient communication technique between the enclaves and the central monitoring facility. In addition, prototype CEE-based security sensors will be developed and integrated into the MARIAAN prototype and CEE will be extended to include mission relevant details. In Fiscal Year 2009, the MARIAAN proof of concept will be demonstrated at several large-scale exercises—JEFX09 and CWID09. The results from these exercises will be used to refine the current and future research in mission assurance and situational awareness for airborne and enclave networks.

Impact:
MARIAAN will improve GIG situational awareness by connecting airborne/enclave IA events to real-world mission information and reporting actionable results. In addition, it will influence event standards development between the Air Force and vendor community. Solid transition and integration opportunities exist within the Joint Airborne Network, the Air Force AN IA research community, and with current North Atlantic Treaty Organization (NATO) and vendor partners.

Public Release No:09-1173

[Presentation]

Exhibit Date(s):May 6, May 7

MITRE Biosecurity Initiative

Primary Investigator:Siegrist, David

Exhibit Date(s):May 5

MITRE Infrastructure, Evaluation, and Tools for Identity Resolution Research (MIETIRR)

Primary Investigator:Miller, Keith J.

Problems:
We seek to develop the infrastructure, tools, and methodology necessary to evaluate COTS and research-based identity resolution technologies for the government sponsors. This research will build on the infrastructure, tools, and methodology the team has already developed for evaluation of name and record matching in the MITRE Identity Matching Laboratory (IML). We will also develop some sample test data necessary for evaluating identity resolution tools, and investigate the possibility of combining multiple identity resolution approaches.

Objectives:
Develop a methodology for evaluation of entity resolution technologies.

Activities:
1. Investigate metrics for evaluation of identity resolution, including the examination of state-of-the-art systems and resources for performing or evaluating identity resolution and identity management and the development of an appropriate set of metrics that can be used to evaluate these technologies
2. Develop an evaluation infrastructure that can be brought to bear on these tasks
3. Develop use cases for these technologies and the appropriateness of evaluation methods for different use cases
4. Investigate approaches for dealing with uncertainty and assigning confidence values, particularly with respect to manual ground truth annotation, system output, and evaluation metrics
5. Use the evaluation infrastructure to investigate the possibilities for combining individual strategies for identity resolution to improve upon the performance of the strategies in isolation. This will build on the work that we have done in combining multiple algorithms for name and record matching.

Impact:
Given this new capability, MITRE will be able to help the government make more informed decisions on potentially expensive COTS acquisitions. The capability to assist the government in choosing the most effective identity resolution tools will result in more effective screening at identity level for sponsors such as Transportation Security Administration (TSA)/Department of Homeland Security (DHS), Terrorist Screening Center (TSC), National Counterterrorism Center (NCTC), as well as for MITRE-internal organizations such as CEM Comprehensive Screening, CAASD, and CIIS. Further, we will be able to provide value to sponsors by providing the potential to perform improved intelligence analysis across biometric and biographic databases. This will enable sponsors to climb the "identity/analysis pyramid," thus basing activities such as link analysis on a more solid foundation of identity data. This is important to sponsors such as: Department of Justice (DOJ) and other law enforcement organizations, NCTC, IC, DoD as well as to the MITRE "Untangling the Network" GrandChallenge, and CEM, CIIS, C2C, and HLS COE sponsors.

Public Release No:09-1137

[Presentation]

Exhibit Date(s):May 6

Modeling, Simulation, and Decision Support for NCR Mass Evacuations

Primary Investigator:French, Michael R.

Problems:
Regional evacuation simulations remain a fertile area of research. DHS and FEMA have not yet pursued such studies to a degree required to advance the state-of-the-art. The National Transportation Lab and Oak Ridge National Laboratories have done some work that is traffic-centric, showing once again, the absence of a need to re-develop a traffic flow simulation. NIH and CDC have funded research into the spread and containment of a biological outbreak, but the insight they provide into the complete picture of disaster management remains incomplete. Our proposed literature search will look closely at these tools, and will rely on them as we identify gaps we would propose to fill in simulation capability with our second phase.

This research will begin with a more complete literature survey of the current state-of-the-art with mass evacuation analysis and simulation. Again, the MITRE and Cornell collaboration proved beneficial very quickly by using existing resources. We intend to follow this pattern through the research effort. Having surveyed the existing literature, we will identify the gaps in the literature to which MITRE’s capabilities are specifically suited.

Tool development will begin as the literature search reaches the phase in which we need only maintain currency. The code we develop will be given to AHC and DHS as the basis of further development. The point is to push AHC towards a simulation-based analysis capability and to enable them to initiate actual development. With an initial portion of the code infrastructure complete, we will use the tool to conduct an analysis of one of the questions we find suited to MITRE capabilities.

Objectives:
We propose to aid regional mass evacuation planning with a simulation-based analysis capability. We intend to help planners determine command, control, communications, and logistical requirements. This will allow planners to more effectively employ existing resources in preparing and training for an event, and it will allow more effective investment strategies.

Activities:
Deliverables: We proposethe followingproducts by the end of the FY09 effort:
1. Literature review results (Oct 2008) – The paper will contain our findings from the literature review in which we seek open questions specifically suited to our capabilities.
2. First analysis (October 2009) – Having reviewed available literature and government source documents, we will draft for review an iniatial CATEVAC capstone capabilities document and an overarching CATEVAC systems requirements document.

Impact:
This project will provide:
1. Improved regional mass evacuation planning tools for State, Local, Regional Planners
2. A methodical approach for regionally deploying evacuation support resources
3. An explicit basis for making resource investment decisions
4. A framework for assisting Federal Government and Congressional authorities in determining grant requirements and implementation guidelines. Work of this nature has not has not been undertaken in the context of a post-9/11, all-hazards environment. The novelty of this project lies in MITRE’s ability to leverage its new relationships with emergent, regional-governance bodies upon which the Federal Government relies to increase regional preparedness.

Public Release No:09-1287

[Presentation]

Montage: Exploiting UAV Video in Mission Context

Primary Investigator:Anderson, David C.

Problems:
Unmanned aerial vehicle (UAV) sensor data and telemetry are being aggregated in huge archives, yet retrospective analysis of those resources remains difficult. This is partly due to a lack of technical support for that analysis, but also to a lack of any searchable description of the sensor content. Extracting descriptions from the video imagery remains a difficult research problem.

Objectives:
We will demonstrate improved exploitation of historical UAV mission archives by providing a simple search service over the "what" as well as the "where and when," and enabling targeted analysis in external multi-source visualization tools such as ISR Forensics and Google Earth. We will also define a simple taxonomy of known-important entities, events, and attributes, and tag a corpus of augmented mission data for further research in video content analysis.

Activities:
We will collect operator audio speech and analyst IRC (Internet Relay Chat) during UAV missions, and time-correlate them with video and telemetry. We will provide search services based on Audio Hot Spotting and other tools. We will work with multi-source analysts to identify a taxonomy of important semantic tags for mission data, and develop a corpus with human-vetted annotations.

Impact:
Broad, content-oriented access to historical UAV mission data will improve UAV archive exploitation and situation awareness for deployed soldiers. It will also provide a basis for evaluation of research on video content extraction that is grounded in real-world problems.

Public Release No:09-1343

[Presentation]

Exhibit Date(s):May 6

Multi-Purpose Cockpit Display of Traffic Information

Primary Investigator:Stassen, Hans P.

Problems:
The Next Generation Air Transportation System (NextGen) will use Cockpit Display of Traffic Information (CDTI), Automatic Dependent Surveillance-Broadcast (ADS-B), and other new technologies and procedures to enable a new role for the cockpit. But to take advantage of these advances, aircraft must first be appropriately equipped. For some users the value proposition is currently not clear.

Objectives:
The objective of this effort is to demonstrate a CDTI that can support a large set of ADS-B applications across a range of flight and ground operations. In support of this objective, the project will create a suitable CDTI specification, and develop and demonstrate a simulation prototype that represents the envisioned capabilities.

Activities:
Following a review of proposed ADS-B/CDTI applications we will identify the algorithmic and user interface requirements of a flexible, multi-purpose CDTI. We will then design and prototype the capability in MITRE's air traffic management laboratory and demonstrate its value using a range of applications.

Impact:
This project is intended to demonstrate the feasibility of a flexible, multi-purpose CDTI technology. Our aims are to attract the attention of stakeholder groups (e.g., the FAA, the research community, and the aviation industry) regarding the technological need and opportunities, and to get users to better understand the CDTI value proposition.

Public Release No:09-0989

[Presentation]

Exhibit Date(s):May 6, May 7

Multimodal Medical Data Capture and Representation

Primary Investigator:Hu, Qian

Problems:
An obstacle to widespread adoption of Electronic Medical Record (EMR) systems is the difficulty of capturing structured clinical information from unstructured data. Automatic speech recognition (ASR) and handwriting recognition (HR) have been applied to EMR systems without much success, due to lack of required accuracy, poor integration with hospitals' workflow, and the problem of converting doctors' natural speech or handwritten notes to a standard format.

Objectives:
This project will research and develop algorithms and methodologies to (1) enhance and adapt ASR/HR to the medical domain/specialty to enable speech and handwriting as reliable data capture methods, (2) use a multimodal method to interface with EMR systems, and (3) use information from multimodalities, medical domain knowledge, and prior EMRs to interpret and convert captured free speech and handwriting to standard expressions.

Activities:
We will evaluate medical ASR engines and HR to identify areas for enhancement and adaptation, evaluate open source EMR systems, interview doctors, and visit hospitals to understand the workflow and EMR requirements. We will establish baseline performance using existing technology and build training corpora for ASR/HR, and then design a multimodal research prototype.

Impact:
Multimodal technology and methodologies for medical data capture and representation can revolutionize the creation of EMR. Going beyond verbatim conversion to encode conceptual underpinnings is critical for interoperability among healthcare and research institutes. We have shared our evaluation methodology and some results of ASR/HR with non-profit health organizations and have been invited to consult on their design and evaluation of EMR systems.

Public Release No:09-1125

[Presentation]

Exhibit Date(s):May 7

Multimodal Medical Imagery

Primary Investigator:Carley-Spencer, Monica P.

Problems:
Clinical researchers are increasingly using multimodal radiological imagery to inform treatment planning and to help answer scientific questions. Each image modality has its unique strength and combining different modalities yields even information. Yet clinical researchers lack efficient workflows to process, visualize and analyze multimodal images, and the analysis techniques themselves are an active topic of research. Our collaborators at Johns Hopkins University are researching ways to improve radiation therapy treatment in pediatric patients with brain tumors by using multiple imaging modalities, but their workflow is piecemeal, with each modality separately visualized and analyzed; co-registration is done manually, introducing errors, and regions of interest are manually re-drawn on other modalities.

Objectives:
The goal of the proposed research is twofold:1) to adapt and deploy our software tools to streamline the workflow our clinical research collaborators at JHU have for integrating multiple image modalities for treatment planning;and 2)to extend our previously developed tools for image querying to support statistical comparison of regions of interest across imaging modalities in order to support our collaborators’ investigation of radiation dosage effects on healthy tissue.

In this initial funding period, our goal is to first demonstrate cross-modal image co-registration using existing algorithms for medical image registration. We will workwith our JHU collaborators to assess the performance of candidate algorithms over MRI and CT from the same patients.

Activities:
1. Data acquisition from JHU: anonymized multimodal imagery provided by JHU
2. Installed JHU-developed MAPS extension to MIPAV for batch image processing
3. Contributed to NIH grant application submitted by collaborators at JHU
4. Beginning co-registration experiments.

Impact:
Already, medical imaging is becoming a standard -- though not fully integrated -- component of a patient’s health records to complement descriptive information and other test results. Integrated multimodal medical imagery will become pervasive and agencies such as the Veterans Administration will have to contend with an increasing volume of electronic images. This work will provide a prototype for managing and integrating multimodal medical imagery so that clinicians can more easily access, visualize and analyze the images. Many of the components will also be extensible to other domains.

Public Release No:09-1139

[Presentation]

Exhibit Date(s):May 7

Pages: 1234567891011121314151617

^Top