|
All MITRE Projects (with summaries and presentations where available)
Listing of project titles in alphabetical order
Pages: 1234567891011121314151617
Database Assurance
Primary Investigator:Mork, Peter D.S.
Problems:
The Database Assurance research project seeks to ensure that data stored in relational database systems can not beexfiltrated or modified by an adversary. Behind countless complex applications lurk trusty relational databases that are responsible for managing the data that fuel these applications. For example, relational databases are used to support electronic medical health record systems, timecard reporting systems, and transportation systems. Ideally, the relational database system has been sufficiently hardened to prevent exfiltration or modification of data. Unfortunately, adversaries often have insider access to the networks and machines on which the database is running and can easily circumvent such security measures. Therefore, in this project, we create profiles of known, legitimate behavior so that we can flag any anomalous behavior as potentially illegitimate.
Objectives:
The ultimate goal of this project is to develop techniques and tools for monitoring database activity so that we can automatically alert the database administrators of unexpected (and likely illegitimate) behavior. We hypothesize that we can accomplish this goal by a) developing profiles of normal, legitimate database activity and b) subsequently monitoring for significant deviations from these profiles, regardless of the adversary’s attack vector. We will consider our approach to be a success if we can detect at least 80% of all attacks with negligible false positives and minimal impact on query performance.
Activities:
Our first step was to identify suitable machine-learning techniques for building profiles of legitimate activity. In essence, we need to build a classifier that can determine if a new query request matches previous behavior or is novel; we cannot use a standard classifier for this task because we have such relatively few examples of illegitimate activity. Second, we determined that by inserting our monitoring software between the query optimizer and the query executor, we can benefit from the intelligence built into the optimizer. Finally, we have been testing our approach on a variety of datasets. For demonstration purposes, we have developed a synthetic medical record system on which we can show how our techniques prevent (in real-time) a hacker from bypassing the normal privacy mechanisms built into the application.
Impact:
Detecting attacks on relational databases benefits all of MITRE’s sponsors; they all maintain some amount of structured data, often large quantities. More concretely, our research would benefit:
· DIB enterprises (including MITRE) that need to determine if attempts are being made to exfiltrate their data. We need to identify not just naïve SQL injection attacks, but also sophisticated attempts to exfiltrate large portions of the data.
· Medical enterprises that need to make data available for biomedical research while protecting the privacy of their patients.
· Intelligence agencies that need to protect the integrity of their data, for example, to ensure that kinetic weapons strike the appropriate targets.
Public Release No:09-0895
[Presentation]
Exhibit Date(s):May 5, May 6, May 7
Decision Analysis to Counter Cyber Attacks (DACCA)
Primary Investigator:Johnson, Dale M.
Problems:
An enterprise must be able to sustain essential operations for its mission while under cyber attack by a sophisticated well-resourced adversary. Rapid response requires prepositioning of resources, processes, and staff. The critical decisions needed to prepare the infrastructure and staff in the best possible ways to react to a successful cyber attack require a rigorous and responsive decision analysis, which is not provided by the ad-hoc procedures commonly used. This project is concerned with developing a decision-analysis process and model to plan prepared responses for cyber attacks, which are likely to be successful. The initial application will be to MITRE's email system.
Objectives:
The overall objective of this project is to develop a decision-analysis process and model for AF systems planning for cyber attack response preparation using multiple objective decision analysis (MODA). The specific goal of this project is to demonstrate the effectiveness of MODA as applied to cyber attack response preparation using the MITRE email system as a particular example. The longer-term goal is to create a repeatable model that a MITRE practice could utilize to strengthen the cyber attack posture of Air Force Systems. The claim is that methods of decision analysis can be applied to help decision makers choose an optimal cyber attack preparation course of action.
Activities:
We have created a four-phased execution flow based on decision analysis best practices. We are using this approach to analyze the critical MITRE email service.
Phase 1 is the objective setting, information gathering, and initial analysis phase, in which we have been working with key decision makers to refine the cyber-attack sustainment decision.
For MITRE’s email system, we are defining minimal essential services and supporting infrastructure, and examining potential cyber attacks.
The sophisticated cyber adversary includes the nation-state attacker teamed with attack mercenaries and organized crime. We assume that such attackers will be successful.
Phase 2 is the crucial application of a model and process of decision analysis. We have developed a preliminary model and process. During this phase a set of decision alternatives based on possible collections of resource, process, and response preparations are being determined and the alternatives are being rigorously evaluated in several steps.
Phase 3 includes documenting the analysis results, reporting to decision makers, and incorporating findings and changes.
The final phase 4 documents our results and recommendations.
Impact:
Recommend an investment plan for MITRE's email system to sustain operations while under cyber attack. Produce a repeatable methodology for sustainment under cyber attack that can be applied to Air Force systems.
Public Release No:09-1096
[Presentation]
Delay Control and Airport Deregulation
Primary Investigator:Welman, Stephen K.
Problems:
In the mind of the public, the success of the Next Generation Air Transportation System (NextGen) will depend more on the resulting level of delay and predictability than on the level of throughput. Measured in revenue passenger miles, throughput has roughly doubled since 1987 and tripled since 1982, but current delays are still considered unacceptable. The same may be true in 2025. No matter how great the increase in throughput achieved under NextGen, the system will be graded on delay and predictability.
This exploratory research has two parts. First, we will consider, at an aggregate level, whether a successful NextGen program will significantly reduce delays below current levels. Second, we will examine airport deregulation as an option for helping control delay if NextGen's enhancements alone cannot. Specific questions to be examined include: what is airport deregulation and what are the policy, economic, and operational issues surrounding airport deregulation?
Objectives:
We will investigate evidence, pro and con, on whether or not it is possible to build our way out of congestion with NextGen. We will use the results to determine the need for an alternative approach for controlling delay. We will also develop an overview of the key issues for airport deregulation, including current practices, airport monopoly regulation, airline-airport vertical integration, property rights, infrastructure investment, efficiency, and delay control.
Activities:
We will build a simple model of aggregate trends in the consumption and production of air transportation services to better understand the throughput increases required to build our way out of delay. The model will focus specifically on the demand response to capacity increases. We will then describe the key issues for airport deregulation in the United States and review experience with airport deregulation overseas.
Impact:
Delay control is central to the public success of NextGen. Many elements of NextGen are aimed at increasing throughput, but it is not a foregone conclusion that this will control delay. It is possible that the FAA may eventually have to add components to NextGen to manage delays. This research will place MITRE in a stronger position to explain and analyze these options.
Public Release No:09-1022
[Presentation]
Detecting Malicious Activity in Cross-Boundary Communications
Primary Investigator:Hypolite, Joel P.
Problems:
Malware attempts to exfiltrate sensitive data through a controlled interface (CI) to a server in an external domain. Members of a botnet send command and control (C2) requests through a CI to a master server in an external domain. CIs (e.g., the MITRE enterprise HTTP proxy) are used to control the flow of information between interconnected systems by adjudicating confidentiality and/or integrity policies. But, there are limits to what can be constrained in order to maintain an acceptable user experience. Due to the risk of attacks valid within the security policy, CIs are limited in the environments in which they can be deployed. The purpose of this effort is to develop techniques for detecting data exfiltration and botnet attacks that are difficult for CIs to prevent or detect.
Objectives:
Contribute results of our botnet threat analysis to the security research community.
Develop detection techniques that can be transitioned and reused by MITRE sponsors and Defense Industrial Base (DIB) partners.
Activities:
In the first phase, lasting 12 months, we will prove plausibility of the hypothesis that we can detect certain types of data exfiltration and botnet threats that circumvent a CI’s security policy through analysis of the CI log set.
To analyze the threats of interest to this effort, we will obtain well-known malware variants and perform malware analysis to discern their behavior. Whenever possible, we will make use of information available from previous and current related efforts.
To generate attack traffic, we utilize a closed lab to either run actual malware or to run benign malware, developed based on prior analysis, through an HTTP proxy.
We will research and apply current expert knowledge to develop detectors. Since knowledge engineering is limited against today’s sophisticated threats, other techniques, such as data mining and machine learning will be used to complement.
Impact:
A capability to detect malicious behavior circumventing a CI will provide higher confidence that a CI is not being exploited and strengthen the risk acceptance decision to deploy CIs in a broader range of environments. Our solution will impact CIs protecting sponsor and DIB sensitive data.
Public Release No:09-1094
[Presentation]
Exhibit Date(s):May 5
Detection of Viruses by Fluorescence
Primary Investigator:Arroyo, Juan
Problems:
Emerging and engineered viruses inherently elude bio-sensors or methods used to diagnose a viral infection. Most systems for virus detection either hunt for known gene sequences or rely on binding to anticipated virus surface proteins. Although unknown viruses have unidentified genes and are coated with unfamiliar structures, they maintain predictable virus generation machinery.
Objectives:
Focusing on virus detection through the innate activities of proteins engaged in replication provides the ability to widen the spectrum of detection to entire families of viruses with one system. Our program will evaluate the ability to detect viruses of the dengue family and will expand to other families of priority pathogens. We will focus on speed, sensitivity, and wide-spectrum detection.
Activities:
We will create artificial RNA constructs encoding motifs recognizable by virus enzymes. The artificial RNA will also encode a gene to yield fluorescent activity. The incorporation of the RNA into a virus-infected cell line will trigger amplification of the signal able to generate fluorescence. Success with dengue viruses will direct the effort to other families of interest.
Impact:
We will develop a cell-based technology for broad spectrum detection of viruses. The program will concentrate on detection of unknown, emerging, and genetically altered viruses. Cell culture-based detection will complement existing genome amplification-based technologies. This cost-effective approach may become a first-tier sensing countermeasure of interest to national security and public safety.
Public Release No:09-1232
[Presentation]
Exhibit Date(s):May 6, May 7
Detection of Viruses by Fluorescence Generated from Artificial RNA Constructs (duplicate)
Primary Investigator:Arroyo, Juan
Disaster Communications Engineering Model
Primary Investigator:Ernst, Darrell E.
Problems:
The objective of this study is to develop a comprehensive system engineering framework that will provide the basis for assessing the integration issues associated with existing and proposed disaster communications components.
Objectives:
1. Develop framework for recording constituent elements of the end-to-end thread of any disaster/emergency communications systems, including sensors
2. Partially populate, to extent possible, with major systems used for public alertand warning
3. Investigate use of "wiki" repository to allow interaction by any contributors.
Activities:
The study will use the simple high-level system-of-systems model developed earlier by the PI and expand it to incorporate missing elements and then expand each element to reveal the sub-elements where possible. The generic ideal model will then be used as the basis for laying in as many existing systems as possible, identifying cross-connects and disconnects to the extent feasible within the bounds of the project resources. The goal is to develop a tool that can be used by emergency management planners, and to assist other investigations into disaster communications issues.
Impact:
There is no single integrated disaster communications system in the United States. A system-of-systems engineering approach to the analysis of disaster communications would help any initiative to improve the U.S. disaster communications state of affairs.
Public Release No:09-1134
[Presentation]
Distance-based Approaches for Classification
Primary Investigator:Harris, David R.
Exhibit Date(s):May 5
DOTS: DNA Order Tracking System
Primary Investigator:Diggans, James C.
Problems:
The ability to construct gene- and genome-length DNA fragments from scratch is a rapidly developing technology in the field of synthetic biology. This same technology can be utilized to synthesize “hazardous” DNA sequences for use in bioterrorist/biowarfare applications. While most DNA synthesis companies examine their orders for sequences encoding large segments of hazardous biological components, detection methods have serious shortcomings including high false positive rates and poor detection of novel constructs.
Most importantly, no single company can detect an actor submitting many partial sequences, each on its own harmless-looking, to multiple companies for later reassembly. The overall goal of the project is to develop a prototype DNA order tracking system capable of high-throughput data monitoring and threat assessment making use of existing techniques for sequence alignment and extensive algorithm parallelization.
Included in the project is a detailed characterization of both the sensitivity and overall throughput of the prototype as well as a gap analysis of possible synthesis order obfuscation methods not yet addressed.
Objectives:
1. Develop a prototype DNA order tracking system capable of high-throughput data monitoring and threat assessment making use of existing techniques for sequence alignment and extensive algorithm parallelization
2. Perform a detailed characterization of both the sensitivity and overall throughput of the prototype
3. Perform a gap analysis of possible synthesis order obfuscation methods not yet addressed.
Activities:
1. Construct the prototype screening system
2. Construct an order-stream simulator to drive large quantities of test data for test and evaluation of system performance and accuracy.
3. Interface with the synthetic biology community, industry organizations, and putative regulators to drive conversation about best practices in voluntary screening.
Impact:
The inability to monitor for potential misuse of DNA synthesis technology is a significant gap in current national biosecurity policy. The development of a highly automated, non-invasive system for monitoring the DNA synthesis order stream would fill this gap and have a significant impact on national security.
Since no current system exists for rapid, accurate, high-volume sequence screening, a proof of concept prototype will likely be required for sponsor acceptance.
Public Release No:09-0900
[Presentation]
Dynamic End-toEnd IT Management and Resource Allocation
Primary Investigator:Miller, David J.
Problems:
The emergence of Service Oriented Architectures and their supporting infrastructure and environment is straining the abilities of existing system and network management tools. Manual discovery and configuration of system and software resources is labor intensive and prone to errors, and sustaining the correlation has proven to be challenging even in static environments. IT operations staff need the capability to manage the dynamic environment with a mission-oriented, self-managing enterprise infrastructure capability, providing enterprise IT situational awareness, and mission-oriented IT provisioning and resource management. The capability will leverage multiple, component-centric management capabilities available in the commercial market place today and will exploit autonomic computing concepts and technology.
Objectives:
Assess the technology readiness and implementation feasibility of IT management decision support for dynamic enterprises. Provide for quick reaction by IT to meet rapidly changing business conditions, and move away from static allocation of computing resources for specific business areas to dynamic allocation at the enterprise level. Provisioning and reallocation based on real-time mission (or business) requirements.
Address key management challenges on the visibility of complex dynamic workloads that run across multiple tier, both real-time and batch, and use composite IT components to deliver business services.
Develop a model to simulate application, computing, and communication resource provisioning – look at what attributes and information is needed to recommend optimal laydown of those capabilities on the infrastructure at any point in time given policies, constraints, rules of engagement, etc.
Activities:
State-of-the-Art/State-of-Practice Assessment:
- Mission/business process profiling
- Policy-based/rules-based management
- Virtualization and “cloud” management
- Automation and autonomic capabilities
- Gap and technology assessment
Use Case and Mission Scenario Definition:
- CCOD NEO scenario infrastructure and resource management scenario
- Use cases for end user, IT manager, commander perspectives vs. proof-of-concept model
- Develop model representation of scenario
- Simulation against use cases
Proof-of-Concept Prototype
Impact:
Provide visibility into dynamically changing composable workloads, provide insight into mission and business services, not just IT components. Move IT operations beyond tracking and display to detailed historical reporting, real-time analytics, forecasting, course of action development, and decision support for service management.
Public Release No:09-0907
[Presentation]
Exhibit Date(s):May 5, May 6, May 7
|
