Projects

Decision Support for Computer Network Defense

Enterprise-wide Security with Cryptographic Hardware Assistance

Information Assurance for Enterprise Engineering (IAFEE)

Next Generation Information Attack Strategies

OASIS Integration, Demonstration and Validation

Security Guards for the Future Web

Trust Management for Mobile Devices

Information Assurance

Information Assurance investigates security vulnerabilities in distributed information systems, and develops architectures, systems and techniques for providing protection from attack and exploitation. Existing tools for system protection are tested and evaluated.

Decision Support for Computer Network Defense

Richard J. Pietravalle, Principal Investigator

Bedford and Washington

Problem
Information assurance vendors have developed independent capabilities: intrusion detection systems, firewalls, etc. Operators interact with each component to collect data, perform mental data correlation, consider possible options, and then determine and implement a course of action. This is a slow, intellectually challenging process, and often leads to less efficient and less effective decision making than is required by networked on-demand information.

Objectives
The project will research, design, and develop a decision support system to provide course of action (COA) recommendations for computer network defense (CND) in the face of a dynamically changing computer and network environment.

Activities
During FY02, interviews with operators helped guide research that led to an implementation of a rule-based prototype. FY03 efforts will research decision support in specific CND environments through augmenting the prototype in lab and operational settings. At this time, we anticipate working closely with Air Force Enterprise Defense at the Air Force Research Lab and with the MITRE internal network environment.

Impacts
By undertaking this research that leads to field solutions, we are developing technology that will improve the USAF's ability to defend our critical computer assets. Dialogue with customers continues to yield interest in the experience gained by this project for application to other DoD and government agency projects and operations.

Enterprise-wide Security with Cryptographic Hardware Assistance

Joshua D. Guttman, Principal Investigator

Bedford and Washington

Problem
When an employee accesses corporate servers remotely, is there a trusted path from laptop to servers? Can the employee access email, but not financial systems? Can a contractor's PC or network be part of a trusted path to proprietary data? The Trusted Computing Platform Alliance (TCPA) has defined security coprocessor functionality that provides an opportunity for easily tailored end-to-end security.

Objectives
Three specific problems need to be solved. First, can TCPA and operating system security (e.g., in SELinux) provide assurance of software integrity? Second, what protocols can carry user, device, and application authentication from the TCPA device to information services? And third, given information about device identity and integrity together with user identity, how can we enforce fine-grained authorization policies?

Activities
We will first demonstrate local authentication and mutually authenticated access from trusted platform module (TPM)-equipped Linux computers and design a trust framework with a trust management theory and an implementation strategy. Next, we will demonstrate the trust management system, design integrity reporting for Linux and SELinux, and design a trust management proxy for compatibility with existing applications. Finally, we will implement the proxy and integrity-reporting protocols.

Impacts
Our clients need enterprise-wide security for widely accepted equipment and application software. Collaborating with vendors committed to TCPA, we will demonstrate systems that provide greatly improved information assurance, using TCPA-standardized cryptographic hardware. We will make the protocols and operating system support we develop available as open source so that vendors can easily make this functionality available to our clients.

Information Assurance for Enterprise Engineering (IAFEE)

Jody Heaney, Principal Investigator

Duane Hybertson, Co-Principal Investigator

Washington

Problem
Systems engineers have no immediately effective means of integrating information assurance (IA) into enterprise frameworks and architectures in a manner that is both adequate and complete. Specification of IA at a higher level of abstraction must be adequate for more detailed instantiations at lower levels of abstraction. To address completeness, the IA view must provide for common IA solutions that will be fully integrated across all other views of the enterprise.

Objectives
The project is selecting IA solutions representing best practices, and capturing them in an architect's representation (i.e., patterns) that will be included in an IA Enterprise Engineering Handbook to guide engineering practitioners.

Activities
We are integrating IA into the Zachman Framework via a separate view and consideration across all elements of the framework as a plane. An IA taxonomy has been created, pattern templates developed, and identification and authentication draft patterns generated. Future activities will include additional pattern development for other IA areas, case studies, and development of the handbook.

Impacts
Partly because of OMB Circular A-130, all MITRE customers are building or using architecture frameworks, for example, the Federal Enterprise Architecture Framework and DOD C4ISR Architecture Framework. This project will assist MITRE customers in developing enterprise architectures that address specific topics, including IA. This project also enables better leveraging of skilled personnel in the IA area.

Next Generation Information Attack Strategies

Dan Ellis, Principal Investigator

Washington

Problem
Current understanding of the threat of distributed, coordinated computer network attacks is limited. Defensive measures are developed under pessimistic assumptions about the threat. Without a clearer understanding of the nature of the threat, our defensive models will be incomplete and our defensive mechanisms insufficient. We need a model of coordinated mobile attack tools to help identify effective defensive countermeasures and postures.

Objectives
This project will research the class of mobile, coordinated attack tools and provide effective defensive mechanisms or postures for defending against this threat. An attack potency relation will be developed that will help predict the impact of a particular class of attacks. The potency relation will also be used to identify defenses against next-generation information attacks through a systems-level approach.

Activities
In the design phase we will generate an architectural model of mobile, coordinated attacks, develop a predictive potency relation that captures the potency of the attack tool, and develop defensive measures and postures that are effective against the threat. In the implementation phase we will implement a prototype attack tool and defensive mechanisms to validate the defenses and predictive potency relation.

Impacts
This project will provide the information assurance community with a model of a specific class of threats: distributed, coordinated information attacks. A predictive potency relation will provide the ability to evaluate the potency of hypothetical attacks. Defensive mechanisms will be designed and validated and provided to the community. The prototype will be useful for developing and validating information operations tactics.

OASIS Integration, Demonstration and Validation

DARPA Office: IPTO
DARPA PM: Dr. Jaynarayan H. Lala

Lora L. Voas, Principal Investigator

Washington

Problem
Current mission-critical systems may be operationally fragile. While under attack, these systems may fail to operate to specification. The Organically Assured Survivable Information Systems (OASIS) Demonstration and Validation program seeks to leverage investments of DARPA-funded cyber defense survivability research, demonstrate such survivability technologies on two operational systems, and accelerate the transition of DARPA–developed cyber defense technologies to DoD operational systems.

Objectives
The OASIS Demonstration and Validation program will develop a prototype that demonstrates the means to enable the target systems to operate through a wide class of cyber attacks, provide continued and correct operation of mission-critical functions, gracefully degrade nonessential system functionality, and reconfigure dynamically to optimize performance, functionality and survivability. The OASIS Demonstration and Validation target system is the Joint Battlespace Infosphere (JBI) and one of the OASIS transition targets is Survivable Webmail Appliance (SWA).

Activities
The JBI technology transition effort consists of a competitive design phase and an implementation phase carried out by the successful design team. Red-teaming activities are integrated in the design and implementation phases. MITRE will serve as the white team and provide objective analysis. The SWA technology transition effort will encompass design reviews and a prototype demonstration in March 2003.

Impacts
Both technology transition efforts will demonstrate how the target systems can continue to provide mission-critical functionality and operate through attacks. Successful demonstrations will exemplify how the OASIS research and development efforts were leveraged and how they improved the survivability of two DoD operational systems.

Security Guards for the Future Web

Nancy Reed, Principal Investigator

Bedford and Washington

Problem
MITRE’s clients are migrating to a Web environment as one means of sharing information. The number of new mission partners, including foreign partners, is growing dramatically. Traditionally, computer security guards have been used to control what information flows between security domains. Unfortunately, guard technology has not kept pace with the evolving Web environment.

Objectives
We will see what functionality both existing and emerging guards provide within a Web-enabled environment. We will recommend how to configure Web guards to minimize security risks to the enterprise. We will also determine how guarding capabilities will need to evolve as the Web evolves to a Web Services environment.

Activities
We will document the operational and security requirements of Web producers and consumers. We will then perform vulnerability assessments of proposed guarding solutions and document ways to mitigate security risks. Finally, we will prototype a capability to exchange information across security domains using a publish/subscribe paradigm to demonstrate how guarding capabilities will need to evolve in a Web Services environment.

Impacts
Our research will make specific recommendations on how to enable computer security guards to work effectively in the future Web environment. While our research will focus primarily on information sharing within government enterprises, it will be directly applicable to the commercial world’s push to provide “trusted” e-commerce.

Presentation     PDF  

Trust Management for Mobile Devices

Vipin Swarup, Principal Investigator

Bedford and Washington

Problem
The access rights that mobile devices grant each other may vary as the devices move around and their relative position and communication topology change. However, existing security architectures assume static trust relationships among principals and are unable to support transient or context-sensitive trust. Moreover, it is very difficult to develop secure applications that operate seamlessly as trust relationships change.

Objectives
This project will develop trust management and programming language techniques that simplify building secure mobile systems from cryptographic primitives. Our primary hypothesis is that we can build secure applications that function seamlessly even as trust relationships change due to device mobility. Our second hypothesis is that we can specify and implement many security aspects separately from the functionality aspects of a distributed mobile system.

Activities
We will develop an abstract trust model that captures transient and context-sensitive trust. We will also develop a theory of authorization that will enable systems to perform access control in the presence of transient trust. Next, we will define a high-level security policy language for specifying security properties of programs and will develop a compiler that transforms a program to meet a specified security policy.

Impacts
This project will advance the state of the art of information assurance. Our trust model for context-sensitive, transient trust will improve the security of a wide variety of dynamic systems such as applications for mobile devices, Jini/JXTA services, and advanced collaboration systems. Our language-based security technology will simplify the development of security-aware applications, such as PKI-enabled applications and secure mobile applications.

Voice Signatures with Strong Bindings

Beth Abramowitz, Principal Investigator

Bedford and Washington

Problem
Currently no method exists to sign documents electronically in a way that is comparable in security strength, ease of use, and user preparation to the traditional handwritten signature. PKI was intended to provide this capability, but has not lived up to its promise. An alternative approach is needed to allow commerce on the Internet to flourish.

Objectives
We will develop a prototype implementation of a voice signature capability, including a stand-alone signing capability that can integrate with a Word document and a back-end verification capability. We will examine the impact of microphone variations, system configuration, intentional voice alteration, and the strength of the approach relative to handwritten signature.

Activities
First, we will review the state of the art, trends, and standards in the voice market and determine our security requirements. Second, we will review automatic speech recognition technology and choose a technology for prototype development. Third, we will begin prototyping client signing and will include significant human-interface review to ensure usability. Finally, we will implement the back-end verification.

Impacts
Our research will facilitate commerce by providing a secure electronic signature capability with minimal cost to the signer, no user registration, and minimal backend infrastructure support. Such a capability would be of particular benefit to our CEM sponsors, especially the IRS, as it would provide a secure, easy-to-use, and inexpensive means of signing electronic documents, including tax forms.