Information Assurance -- Projects

Collaboration Techniques for Coalition Teams (CT2)

DARPA Cyber Panel

Decision Support for Computer Network Defense

Engineering Issues for an Adaptive Defense Network

Information Assurance for Enterprise Engineering (IAFEE)

Mobile Policy Based Guard (MoP-Guard)

Next-Generation Information Attack Strategies

Organically Assured and Survivable Information Systems (OASIS)

Secure Distributed Computing

Trust Management for Mobile Devices

Information Assurance

Information Assurance investigates security vulnerabilities in distributed information systems and develops architectures, systems and techniques for providing protection from attack and exploitation. Existing tools for system protection are tested and evaluated.

Collaboration Techniques for Coalition Teams (CT2)

Christine Eliopoulos, Principal Investigator

Bedford and Washington

Problem
The success of many military operations today depends on collaboration and cooperation among non-traditional partners. Strategic use of collaborative tools in these environments could greatly improve team decision-making and ensure synchronized situational awareness. Cross-domain collaboration has not been possible because of a lack of technology and procedures to support the unique security constraints imposed by these teaming arrangements.

Objectives
Objectives for the CT2 project include validating our prototype Instant Messaging (IM) Guard via experimentation. Additionally, we will examine the security and policy constraints unique to collaborative group communications in coalition environments and plan extensions to our initial guard prototype. Finally, we will participate more heavily in standards bodies to further the development of standards and interoperability among collaborative tools.

Activities
The CT2 project team deployed our IM Guard prototype in the NATO Strong Resolve 02 (SR02) exercise in March. Additionally, we have ported our IM Guard application to a trusted operating system (Trusted Solaris) and are beginning work on extensions to the IM Guard to support group chat.

Impacts
Through our participation in SR02, we expect to demonstrate the value of cross-domain collaboration, collect lessons learned pertaining to the use of security guard technology for collaboration, and illustrate the benefits of machine language translation in multinational operations. We also hope to have a positive impact on the ongoing efforts to define standards for collaboration and interoperability within the IETF.

DARPA Cyber Panel

Vipin Swarup, Principal Investigator

Bedford and Washington

Problem
Computer network defense systems (e.g., technologies being developed under DARPA's Cyber Panel program) aggregate sensitive information about the status of networks in a theatre and provide capabilities to control network elements. These systems present an attractive target for attackers who wish to hide their tracks, access sensitive data, or use the systems' response capabilities to attack networks.

Objectives
The DARPA Cyber Panel program objective is to develop technologies that monitor the state of critical systems, recognize large composite cyber attacks, and determine and execute effective defensive responses. Our objective is to develop a set of principles and requirements that enhance the survivability of defensive capabilities when subjected to stresses such as information attacks, failures, and abnormal loads.

Activities
We have developed a framework that extends the "Defense-in-Depth" principle of security to survivability. We are documenting this framework and are developing a catalog of survivability goals and mechanisms for achieving those goals. We will apply these to a notional Cyber Panel architecture and will identify new capabilities for enhancing the survivability of a Cyber Panel system.

Impacts
Our survivability framework and catalog will provide a systematic foundation for developing survivability requirements and survivability architectures for real-world systems. We will also identify new technologies that must be developed to make computer network defense systems survivable.

Decision Support for Computer Network Defense

Richard J. Pietravalle, Principal Investigator

Bedford and Washington

Problem
Information assurance vendors have developed independent capabilities: intrusion detection systems, firewalls, etc. When conditions warrant, operators must interact with each component to collect data, perform mental data correlation, consider possible options, then determine and implement a course of action (COA). Because this is a slow, intellectually challenging process, it often is performed perfunctorily, with the COAs being correspondingly crude and inappropriate.

Objectives
This problem is suited to automation. Existing systems support data collection (e.g., Lighthouse, AFED), but analysis and COA portions are missing. Due to the immaturity of the field, this project will pursue a bottom-up technology development approach. This project will leverage off the Outpost data collection and integration system, and develop a rule-based approach to analysis and COA recommendation.

Activities
Operational concerns will drive research. Operators will be interviewed to determine existing processes for security management. A representative scenario will then be selected. The scenario will be decomposed to observables that will be extracted from Outpost data using a rule-based diagnosis system. A mapping from observables to COA recommendations will be performed. Generalizations to other scenarios will parallel prototype development.

Impacts
State-of-the-art information assurance tools provide excellent point solutions, but the training, time, and technical knowledge required to wield these capabilities effectively exceed the domain expertise typical of operators. By undertaking this research and producing solutions to be transitioned to the field, this project will develop technology that will improve the USAF's ability to defend our critical computer assets.

Engineering Issues for an Adaptive Defense Network

Alan Piszcz, Principal Investigator

Washington only

Problem
The combination of distributed intrusion detection with adaptive firewalls and other protection mechanisms requires that basic engineering issues about the interaction of these systems be examined before deployment decisions are made. Under attack conditions, algorithms, policies and protocols cause local failures leading to network failures in the organization and beyond. In particular, on-the-fly changes of firewall policies in a specific node may cause problems that introduce new vulnerabilities. If multiple intrusion detection systems can all "command" adaptive firewalls, engineering issues of precedence and conflict arise.

Objectives
We will investigate techniques and methods in creating adaptive behavior for firewall and router policies, and evaluate commercial and research approaches with respect to DOD networks and threats. We will also develop new measurement techniques and tools to evaluate the behavior of products and applications under attack.

Activities
We will develop automated attack tool controls. This important capability is needed as we share our attack testbed with other projects. We will create techniques and instrumentation to monitor network behavior during attacks, including the use of software configurable routers, and conduct out-of-band adaptive control experiments for Cisco routers. We will provide support to the MITRE DMZ network with a prototype sensor for session collection and produce a compendium of the state of the art in Distributed Denial of Service defense.

Impacts
This research will enable MITRE to extend its knowledge in a complex and needed capability for future critical networked information systems. Many of our sponsors are developing distributed (WAN) information systems and enterprise solutions that will need autonomous response mechanisms to thwart security threats and activities. Understanding the engineering issues and constraints of system capabilities to create an adaptive defense network will support a secure information infrastructure.

Information Assurance for Enterprise Engineering (IAFEE)

Jo Anne E. Heaney, Principal Investigator

Washington only

Problem
Systems engineers have no immediate effective means of integrating information assurance (IA) into Enterprise Frameworks and Architectures in a manner that is both adequate and complete. Specification of IA at a higher level of abstraction must be adequate for more detailed instantiations at lower levels of abstraction. To address completeness, the IA perspective must fully address the common IA solutions across the enterprise views.

Objectives
This project is capturing and developing IA solutions from the policy level to the implementation level in an architect's representation (i.e., patterns) and will provide an IA Enterprise Engineering Handbook to guide engineering practitioners.

Activities
IA is being integrated into the Zachman Framework, addressing the IA via a separate architecture element integrated across the entire framework as well. To develop the IA element, activities include: IA taxonomy development, pattern template development, Zachman Framework overlay plane development, and identification and authentication details captured with draft patterns. Future activities will include additional pattern development for other IA areas of the taxonomy, case studies, and development of an IA Engineering Handbook.

Impacts
All MITRE customers are building or using architecture frameworks, for example, the Federal Enterprise Architecture Framework (FEAF) and DOD C4ISR Architecture Framework. Many MITRE customers need to address the requirements of OMB Circular A-130, which requires federal agencies to develop enterprise architectures that address specific topics, including IA. This project also enables better leveraging of skilled personnel in the IA area.

Mobile Policy Based Guard (MoP-Guard)

Amgad Fayad, Principal Investigator

Washington only

Problem
Today, guards are used to support release of sensitive information in multi-level security (MLS) environments. As such each project that needs a guard typically develops its own. This has resulted in many different guards being deployed, each of which is difficult to maintain.

Objectives
The objective of this project is to prototype a new approach to implementing guards in information systems. Guards built using mobile policy will be more manageable than current guards but will be able to provide the same level of protection with enhanced accountability for release decisions.

Activities
The project will design and implement a prototype information dissemination server. The prototype will demonstrate the idea of separating data-specific policy from its enforcement and will explore how such an approach to guards can provide security equivalent to today's guards while increasing flexibility, maintainability and accountability.

Impacts
The DISA C2 Guard (C2G) currently utilizes the MITRE-developed FELT system to scan documents before releasing them. Mobile policy can make C2 guards easier to certify and manage by decoupling guard certification from policy certification. Since a mobile policy-enabled C2G acts as a generic policy enforcement environment, it can be certified separately. Each mobile policy module can subsequently be certified as it is developed.

Next-Generation Information Attack Strategies

Dan Ellis, Principal Investigator

Bedford and Washington

Problem
Current understanding of the threat of distributed, coordinated computer-network attacks is limited. Defensive measures are currently developed under pessimistic assumptions about the threat. Without a clearer understanding of the nature of the threat, our defensive models will be incomplete and our defensive mechanisms insufficient. A model of coordinated mobile attack tools is needed to help identify effective defensive countermeasures and postures.

Objectives
This project will research the class of mobile, coordinated attack tools and provide effective defensive mechanisms or postures for defending against this threat. An attack potency relation will be developed that will help predict the impact of a particular class of attacks. The potency relation will also be used to identify defenses against next-generation information attacks through a systems-level approach.

Activities
In a design phase we will generate an architectural model of mobile, coordinated attacks; develop a predictive potency relation that captures the potency of the attack tool; and develop defensive measures and postures that are effective against the threat. In an implementation phase we will implement a prototype attack tool and defensive mechanisms to validate the defenses and predictive potency relation.

Impacts
This project will provide the information assurance community with a model of a specific class of threats: distributed, coordinated information attacks. A predictive potency relation will provide the ability to evaluate the potency of hypothetical attacks. Defensive mechanisms will be designed and validated and provided to the community. The prototype will be useful for developing and validating information operations tactics.

Organically Assured and Survivable Information Systems (OASIS)

Dale M. Johnson, Principal Investigator

Bedford and Washington

Problem
The problem is to develop survivable systems, i.e., systems that are survivable against cyber attacks. A survivable system is one that can continue to provide the specified services, possibly in degraded mode, to the users in the face of a cyber attack or intrusion.

Objectives
The project will support DARPA in the development and assessment of survivable systems.

Activities
There are two main activities. First, we will assess DARPA OASIS projects providing survivability technologies and determine the overall coverage of the projects. Second, we will assist DARPA in developing a program to build a survivable system based on a current DOD system and to test that system.

Impacts
This work will result in creation of DOD systems that can better withstand cyber attacks and will be survivable.

Secure Distributed Computing

David J. Slattery, Principal Investigator

Bedford and Washington

Problem
How can critical security services be made highly available and secure, while individual service components may be faulty?

Objectives
We have two objectives: to design a method for maintaining reliable critical security services under conditions of arbitrary component failures, and to test the method in a prototype. We will extend our current authentication prototype to handle arbitrary failures without breaking security guarantees of the system. This involves combining existing mechanisms for distributed security (threshold cryptography) with robust communication methods between components (consensus algorithms) in an innovative way.

Activities
The combination of past and ongoing research from many different sources in the areas of threshold cryptography and consensus algorithms will support our approach. We will first capture the design of this system in a paper describing our solution. Thereafter, our prior authentication service prototype will give us an established environment in which to implement these additional capabilities for fault-tolerant, secure authentication.

Impacts
This research will provide insight into how reliable systems can be built from imperfect and unreliable components. By combining two previously separate approaches, we will distribute trust throughout a collection of authentication servers, placing total trust in no single server. We believe that this will lead to a method that is both theoretically sound and practically feasible, and that our design will increase the availability and security of distributed systems.

Trust Management for Mobile Devices

Vipin Swarup, Principal Investigator

Bedford and Washington

Problem
Access rights are often context-sensitive and transient. For instance, two soldier-carried devices that share data when in close physical proximity may no longer trust each other when they move apart, due to potential device capture by the enemy. Today, access rights don’t change as a user’s context changes, e.g., as a soldier moves. Can we build security mechanisms that adapt to a user’s current environment? Can we simplify the task of application developers who must use these enhanced mechanisms?

Objectives
Our primary objective is to develop techniques for building secure applications that function seamlessly even as trust relationships change due to device mobility. A second objective is to simplify the development of security-aware applications by separating the specification of security and functionality aspects of the applications.

Activities
We are developing techniques that establish spatial and temporal attributes of mobile devices in the presence of malicious adversaries. We are using these contextual attributes within a generalized access control (trust management) framework. Finally, we are developing a secure peer-to-peer instant messaging application for mobile devices that uses our new mechanisms to enforce context-sensitive access control policies.

Impacts
This project will advance the state of the art of information assurance by addressing two novel concepts: transient trust relationships and separation of concerns. Our theory and language publications will impact the academic and R&D communities. Our prototypes will enable us to demonstrate these concepts to sponsors and develop a work program that focuses on sophisticated access control capabilities for next-generation mobile systems.