Cross-Boundary Information Sharing
(XBIS)
Luanna Notargiacomo, Principal Investigator
Problems:
The CIIS Cross Boundary Information Sharing (XBIS) Initiative is a coordinated
set of activities at MITRE to address critical information sharing problems
facing the Intelligence Community, DoD, and other MITRE sponsors. We are
currently focused on developing an integrated technical laboratory that
allows us to define and implement key scenarios that illustrate enablers
for and impediments for to effective information sharing.
Objectives:
XBIS combines MITRE's expertise in current and emerging information and
security technologies, encourages new ideas and innovations from the research
and development R&D community, and, most importantly, taps domain experts
(analysts and other users) in order to explore information sharing solutions
to this problem. Within the context of the technology we will also examine
non-technological factors that impede or enable sharing, such as organizational,
cultural, political, and social issues, will also be explored within the
context of the technology.
Activities:
A national counterterrorism scenario adapted from the Markle Foundation’s
Visualization: A Trusted Information Network for Homeland Security developed
by the Markle Foundation has been demonstrated to and shared with many
sponsors. A second coalition-warfare scenario, focusing on coalition warfare,
has been developed and will debut at the 2007 Technology Symposium. Its
focus is on coalition warfare in Afghanistan, involving the United States
and the NATO-commanded International Security Assistance Forces (ISAF).
Impact:
The XBIS Laboratory integrates different technologies that enhance information
sharing across organizational and classification security boundaries.
To demonstrate the capabilities of these technologies, the laboratory
provides the ability to simulate many domains and to share information
among them. The laboratory architecture supports both integrated scenarios
and stand-alone demonstrations, and allowing the facility to is showcasing
solutions available today and in the near future.
Approved for Public Release: 07-0242
Presentation [PDF]
Encrypted Dynamic Privacy for RFID
Steve Barry, Principal Investigator
Problems:
RFID may be used to speed processing at U.S. ports of entry by enabling
pre-fetch of information about the traveler. However, any third party
having the proper equipment can observe RFID transactions at a distance.
There is a need to enhance the security and privacy of these transactions
economically and efficiently so that they cannot be misused by unauthorized
observers.
Objectives:
This research will enhance security and privacy for users of RFID tags
in portal access applications. We will provide a standard RFID tag that
changes ID numbers regularly without losing the association between the
tag and its authorized user. Among candidates for use of this technology
are border management programs such as US-VISIT, Free and Secure Trade,
NEXUS, and Transportation Worker Identification Credential.
Activities:
We will acquire standard RFID hardware and development software and use
these materials to implement a secure method to associate an RFID tag
with a user. We will then implement and evaluate a reliable protocol to
read the tag and identify the associated user without disclosing this
information to outside observers.
Impact:
The results of this project will protect the identity of users of RFID
tags from disclosure to third parties and will prevent fraudulent use
of any information overheard by third parties. Thus, the findings can
improve security and privacy in programs in DHS, DOS, and anywhere a standards-compliant
RFID implementation is used for personal identification.
Approved for Public Release: 07-0276
Presentation [PDF]
Information Sharing Risk Assessment
Deb Bodeau, Principal Investigator
Problems:
While information sharing is recognized as mission-critical, obstacles
to adoption of increasingly mature technologies to enable information
sharing remain. Many obstacles are due to incomplete understanding of
the risks - to a variety of stakeholders - associated both with sharing
and with not sharing. This leads to an inability to manage those risks
via appropriate policy, technical, and procedural controls.
Objectives:
This project will create a methodology for identifying risk-appropriate
enablers for information sharing. The methodology will elicit concerns
of information sharing stakeholders, to facilitate community risk management.
The methodology will include an information sharing risk model, so that
risk-appropriate levels of sharing-enabling technologies and processes
can be determined.
Activities:
We will define a risk-appropriate information sharing enablers (RAISE)
methodology. The methodology will include information sharing principles
that motivate the selection of types of sharing enablers; risk models
to elicit stakeholder concerns and to determine appropriate levels of
enablers; and an overall process. We will apply the methodology to specific
MITRE sponsor situations as feasible.
Impact:
Standards and guidelines for use of technical and procedural controls
are key enablers for information sharing. A risk-based foundation for
such standards and guidance will speed acceptance and implementation by
enabling stakeholders to balance the risks of sharing with the risks of
not sharing, and by allowing those risks to be managed in an informed
way.
Approved for Public Release: 07-0348
Presentation [PDF]
Information Sharing via Trusted Intermediaries
Vipin Swarup, Principal Investigator
Problems:
A first responder arrives at a medical emergency scene. Data such as terrorist
warnings (DHS) and infectious diseases data (CDC) may be relevant to what
he faces, but today he is often not told. This cross-boundary information
sharing problem is faced in many environments, e.g., by soldiers, marines,
policemen, and border guards.
Objectives:
Our research hypothesis is that a new class of trusted intermediaries
with adaptive sharing policies will enable enhanced cross-boundary information
sharing. We will develop a secure infrastructure for sharing via trusted
intermediaries, and will develop fine-grained, adaptive sharing policy
mechanisms for trusted intermediaries.
Activities:
We will design a language for specifying sharing transactions and a sharing
decision capability for authorizing transactions. This will include techniques
to find appropriate trusted intermediaries when necessary. We will develop
fine-grained, adaptive sharing policy mechanisms that trusted intermediaries
can use to share information further. Finally, we will build an infrastructure
to execute and enforce sharing transactions and policies.
Impact:
Inadequate information sharing is recognized as a critical problem across
government agencies. Our proposed solutions, based on trusted intermediaries
and risk-adaptive policies, will solve many pressing sharing policy problems.
We will impact government agencies via papers that describe our concepts
and techniques, and software that demonstrates the feasibility and benefits
of our novel approach.
Approved for Public Release: 05-1203
Presentation [PDF]
Malware Phylogenetics
Melissa Chase, Principal Investigator
Problems:
The nature of malware threats has evolved from widespread outbreaks for
the sake of notoriety to large numbers of targeted attacks motivated by
economic gain. In this environment it is critical for end-users, researchers,
investigators, and security tool vendors to have a better understanding
of the relationships between malware families and variants in order to
improve detection, protection, and response.
Objectives:
We will seek to understand the evolutionary relationships between malware
threats by applying phylogenetic modeling algorithms to malware.
Activities:
We will create a data set of malware samples, extract features from these
samples, use these features to create phylogenetic models, develop an
experimental workbench, and run experiments with this workbench. We will
initially focus on features extracted from malware samples, first from
variants of a single family and then from multiple families. Later, we
will consider incident-based features.
Impact:
Understanding the evolutionary relationships between malware threats may
provide improved prediction and protection for end-users. It may suggest
attribution leads and facilitate the reuse of previous analyses by malware
analysts and criminal investigators. It could provide a more rigorous
basis for naming malware by security vendors, thereby reducing confusion
during malware outbreaks and promoting correlation across security tools.
Approved for Public Release: 06-1158
Presentation [PDF]
Protected Sharing of Controlled Information
Rich Pietravalle, Principal Investigator
Problems:
In homeland security applications, sensitive but unclassified (SBU) information
sharing among federal, state, local, and private entities needs additional
technology-assisted controls. As the sharing exchanges carry the information
further from the originator, securing the information consistent with
the originator's constraints presents increasing challenges. Current technical
implementations make it difficult to ensure that policies and regulations
concerning SBU information are followed.
Objectives:
The project will implement a prototype approach to secure automated information
sharing that supports fine-grained access and usage controls. We will
incorporate policies and rules for accurate sharing of controlled, unclassified
information, basing them upon operational scenarios from the Department
of Homeland Security (DHS) and State and Local Fusion Centers. We will
validate the prototype, scenarios, and policies and rules.
Activities:
Research activities include modeling the sponsor environment, information
flow, and CONOPS and building an initial scenario based on a subset of
that model. We will create a prototype based on COTS software, augmented
by needed information sharing functions; test, validate, and demonstrate
the prototype using the XBIS (Cross-Boundary Information Sharing) lab;
and iterate the process as time and resources allow.
Impact:
The research will help form the requirements for the next iteration of
information sharing systems for DHS and other SBU environments. These
requirements will assist in focusing sponsor and COTS supplier dialogue
for future acquisitions and information system planning, especially for
those users with complex cross-domain needs.
Approved for Public Release: 06-1516
Security Information Management for
Enclave Networks (SIMEN)
Rosalie McQuaid, Principal Investigator
Problems:
The Air Force enterprise contains networks that are bandwidth limited,
intermittently attached, and/or internally constrained enclaves. These
constrained network environments will not support commercial security
information management (SIM) feeds and sensors. Recent threat activities
have highlighted the need for an information assurance solution that provides
consistent SIM-centric monitoring for these enclave networks.
Objectives:
Our objective is to research and prototype a solution to address information
assurance (IA) monitoring for constrained enclave networks. We will prototype
a light sensor net footprint and an intelligent gateway to collect, queue,
and prioritize raw security data locally for intelligent transmission
to the enterprise SIM. The prototype will reduce resource impact and increase
data integration to the SIM system.
Activities:
This project will identify an efficient sensor net architecture by mapping
priority threat categories to critical data sources contained in AF enclave
networks. We will develop prioritization state-aware algorithms and apply
them near the data sources. We will investigate and implement bandwidth-efficient
techniques for transmission to the enterprise SIM, and implement and validate
a lab prototype to produce a robust proof of concept.
Impact:
This research will improve current SIM deployments within the Air Force
by addressing limitations in commercial products. It will influence commercial
SIM vendors and the Air Force SIM strategy. By providing IA monitoring
to networks that cannot benefit from a centralized SIM, this research
will extend the power of SIM technology to the edge of the Air Force enterprise.
Approved for Public Release: 06-0169
Presentation [PDF]
System Security and Privacy Engineering
Cathy McCollum, Principal Investigator
TRIDENT (Trust Research in Distributed
& Emerging Network Technology
Justin Sheehy, Principal Investigator
Problems:
The DoD has committed to an increasingly net-centric approach to warfare.
The many systems on our networks are interdependent in critical ways,
but are unable to determine when a peer that they are relying upon is
compromised or vulnerable. In the context of determined and capable adversaries,
this is a critical gap.
Objectives:
We will demonstrate that it is possible and worthwhile to invest successfully
in methods for resilient networks. We will develop methods for enabling
trust decisions that help hosts to interact only with "good" peers. Our
combined approach will take advantage of emerging COTS capabilities, of
MITRE's experience in protocol and trust engineering, and of MITRE's understanding
of web services.
Activities:
We will build an experimentation platform using Trusted Computing (TC)
components. On this, we will implement an architecture that uses virtualization
to enable web services to execute and simultaneously makes useful measurements
of the services available to their peers. We will also develop a web services-based
scheme to communicate this evidence between measured services, their appraisers,
and their peers.
Impact:
Our work should demonstrate the value of TC components in building attestable
systems, show that attestable systems are possible, and illustrate some
useful methods for building such systems. We also intend to demonstrate
that attestation and appraisal indicate an approach to making distributed
systems more resilient. This may also point to worthwhile technology areas
in which sponsors might invest.
Approved for Public Release: 06-1435
Presentation [PDF]
Trust and Adaptability in Web Services
Joshua Guttman, Principal Investigator
Problems:
Widespread sharing and interpretation of richly structured data objects
is a central motivation for Web services, and an underlying architectural
idea in the Global Information Grid (e.g., Net-Centric Enterprise Services),
the Distributed Common Ground System (DCGS), etc. However, access control
must reflect the trust between authorities, the data shared, and associated
metadata. Moreover, cryptographic protocols must establish authentication
and confidentiality.
Objectives:
We will develop techniques to secure Web services, meeting uniform but
adaptable security goals. Web services create demanding requirements for
security, but their transparency and uniform data model provide opportunities.
We will adapt previous MSR-funded results connecting cryptographic protocols
and trust management. Incorporating an XML-style data model will lead
to a flexible framework for authentication, access control, and controlled
sharing of semistructured data.
Activities:
We will enrich our protocol/trust framework with an XML data model. A
compiler will support demonstrations of controlled information sharing.
Products annotated with metadata cryptographically bound to elements of
these XML products will pass through a distribution system modeling DCGS.
Access control decisions will be based on the certified characteristics
of parts of the product, as well as attributes of the recipients.
Impact:
We will demonstrate a compiler-based implementation of our method to secure
service-oriented architectures. We will transfer the software as well
as the underlying techniques to industry (via collaboration with vendor
research labs), to MITRE direct-funded projects (via proposals for improved
Web service security architectures), and to the Air Force (via the resulting
software and the vision it embodies).
Approved for Public Release: 05-1412
Presentation [PDF]
Using Honeyclients for Detection
and Response Against New Attacks
Kathy Wang, Principal Investigator
Problems:
Exploits targeting vulnerabilities in client-side applications are a growing
threat on today's Internet. Commonly deployed detection technologies such
as honeypots and Intrusion Detection Systems (IDSs) are useful for detecting
server-side attacks, but are not effective at detecting client-side attacks.
We lack a proactive client-side attack detection technology.
Objectives:
The project has two main objectives. First, we will develop a honeyclient
prototype with capabilities for interaction with servers, client-side
exploit detection, and exploit characterization and categorization. Second,
since honeyclient technology is new and not well understood, we will research
and document the capabilities and limitations of honeyclients for improving
organizational situational awareness.
Activities:
In the first two quarters, we will develop the initial honeyclient prototype's
capabilities, including security enhancements and secure logging. By the
end of the third quarter, we will have created honeyclients capable of
supporting additional protocols, including DNS and peer-to-peer. In the
fourth quarter, we will focus on exploring the theoretical capabilities
and limitations of honeyclient technology.
Impact:
By using honeyclient technology, our sponsors will gain the capability
to proactively detect client exploits in the wild. This project will develop
a baseline honeyclient capability and document the ongoing costs of running
a honeyclient installation so that sponsors can make informed decisions
about how best to apply honeyclient technologies as part of their security
awareness strategies.
Approved for Public Release: 05-1320
Presentation [PDF]
^TOP |
