| 2005 Technology
Symposium > Information Assurance
Information Assurance
Information Assurance investigates security vulnerabilities in distributed
information systems and develops architectures, systems and techniques
for providing protection from attack, and exploitation. Existing tools
for system protection will be tested and evaluated.
Access Control Services for a Service-Oriented Architecture
Bill Price, Principal Investigator
Location(s): Washington
^TOP
Automated Worm Detection and Response
Dan Ellis, Principal Investigator
Location(s): Washington and Bedford
Problem
Worms can propagate through an enterprise in seconds. Current defenses include coarse-grained perimeters protected by firewalls and monitored by intrusion detection systems. Current intrusion detection and response processes do not scale to the time frame or scope of the worm problem. The problem is to detect and mitigate worm attacks within an enterprise environment in real time.
Objectives
This research program will develop signatures and algorithms for detecting worm behavior inside an enterprise, validate prototype detection on MITRE's internal corporate network, and evaluate candidate defensive technologies for near-real-time responses.
Activities
We will develop worm signatures and evaluate them both in simulations and on the MII. The first milestone is effective detection of worm-like behavior on the MII. We will identify and evaluate reaction strategies, focusing on completeness and performance. The second milestone is a matrix outlining the simulated effectiveness of the various strategies against a test suite of worm algorithms.
Impact
This project will result in the ability to detect a worm in near-real time and provide an indication of those defensive strategies that are worth further investigation. This will improve the state of the art of enterprise security management by enabling near-real-time adaptation to threats and other dynamic conditions.
^TOP
Controlled Information Sharing
Rich Pietravalle, Principal Investigator
Location(s): Washington and Bedford
Problem
World conditions have increased the need for cross-domain information-sharing, from business operations and support functions to intelligence and combat operations. Current technologies strain to meet the information-sharing requirements for flexibility, scalability, granularity, and tracking: even the number and identity of trusted partners change from one operation or action to another.
Objectives
This project intends to use technologies identified with "Digital Rights Management" (DRM) to develop novel solutions for information sharing across non-MLS (Multi-level Security) domains. Towards this end, the project will define architectural requirements and propose the architecture elements to meet those information-sharing and content access control needs.
Activities
The project will select DRM approaches and existing DRM components to include for evaluation in test settings representing customer environments. Those DRM elements will be used to both evaluate operation against requirements and add practical findings towards architectural and implementation recommendations. Further investigations will test the observations against variations, such as supporting document privacy versus intelligence information security.
Impact
The project will create novel solutions, new architectural elements and requirements for cross-domain information sharing. The work will influence shaping of Air Force and DoD architectures, provide guidance to specific programs, and increase MITRE expertise focus for information sharing and DRM technologies.
^TOP
Detecting Insider Threat Behavior
Greg Stephens, Principal Investigator
Location(s): Washington
^TOP
Enterprise-wide Security with Cryptographic Hardware Assistance
Joshua Guttman, Principal Investigator
Location(s): Washington and Bedford
Problem
When an employee accesses corporate servers remotely, is there a trusted path from laptop to servers? Can the employee access email, but not financial systems? Can a contractor's PC or network be part of a trusted path to proprietary data? The Trusted Computing Platform Alliance (TCPA) has defined security coprocessor functionality that provides an opportunity for easily tailored end-to-end security.
Objectives
Three specific problems need to be solved. First, can TCPA and operating system security (e.g., in SELinux) provide assurance of software integrity? Second, what protocols can carry user, device, and application authentication from the TCPA device to information services? And third, given information about device identity and integrity together with user identity, how can we enforce fine-grained authorization policies?
Activities
We will first demonstrate local authentication and mutually authenticated access from trusted platform module-equipped Linux computers and design a trust framework with a trust management theory and an implementation strategy. Next, we will demonstrate the trust management system, design integrity reporting for Linux and SELinux, and design a trust management proxy for compatibility with existing applications. Finally, we will implement the proxy and integrity-reporting protocols.
Impact
Our clients need enterprise-wide security for widely accepted equipment and application software. Collaborating with vendors committed to TCPA, we will demonstrate systems that provide greatly improved information assurance, using TCPA-standardized cryptographic hardware. We will make the protocols and operating system support we develop available as open source so that vendors can easily make this functionality available to our clients.
^TOP
OASIS
Lora Voas, Principal Investigator
Location(s): Washington
^TOP
Visualizing Enterprise-Wide Security (VIEWS)
Jay Brennan, Principal Investigator
Location(s): Washington and Bedford
Problem
Many modern applications are distributed, resulting in complex system and security designs. Since security architects lack the ability to represent application-level security properties visually, the accompanying security documentation is often voluminous, and, lacking visual aids, can be difficult to comprehend. As a result, security designs are frequently poorly understood and quite often poorly engineered.
Objectives
The goal of VIEWS is to describe system security properties by developing a system security model and its visual rendering using a formal specification. VIEWS complements other system and security documentation. VIEWS aims to be relevant in sponsor environments and useful in answering the question, "Is this system secure?"
Activities
An update to the original specification is in preparation. Extensions deal with cross-domain environments and security management. Development of a stencil set for Visio drawings will enhance usability. Technology transfer efforts and an investigation of marrying VIEWS with a systems engineering tool both continue. The possibility of supporting automated analysis post model building will be explored.
Impact
Models built with VIEWS can improve the understanding and analysis of security designs, facilitating early identification of design deficiencies. Besides enhancing a system's security posture, identification and correction of deficiencies leads to savings in both time and money. VIEWS diagrams enable improved communication about security, which allows better integration of system and security designs and encourages design reuse.
^TOP
|
