Third Generation Security (3GS)

1. Third Generation Security (3GS) 13 February 2001 Jaynarayan H. Lala Defense Advanced Research Projects Agency Advanced Technology Office (ATO)

2. Program Structure Drivers • Imperative: Focus technology development to operational systems-driven needs and vulnerabilities • Conclusions: • Threat: Current and growing threat to DoD ranging from ankle biters to nation-states • Increasingly sophisticated attacks • Reduced attacker knowledge needed • Importance: Problem is urgent, of national importance, and DARPA-hard • DARPA role is to perform the critical defensive research necessary to change the current asymmetric threat situation to potential balance and eventually to strategic advantage • Provide revolutionary technology -> Tech base programs • Near term: Early operational experimentation to transition technology and get field experience • Longer term: Comprehensive systems-level approach with strategic thinking -> Systems program

3. Networked Computer Systems’ Vulnerabilities • Mobile / Malicious Code • Attack Multiplier/ Dist. Denial of Service Attacks • Misuse & Insider Threats • Mobile Environments (e.g., wireless transmissions, non-IP attacks)

4. Operational Needs • Enterprise-wide information assurance status • Operational impact of failures/attacks • Automated network defense and management • Correlation, traceback and attribution • Enterprise-wide course of action determination and prioritized responses • Secure coalition networks • Operate through attacks • Graceful degradation • Dynamic operating point selection (performance, functionality, security) – response to INFOCON and indications and warnings

5. Threat: Classes Nation-states, Terrorists, Multinationals Information terrorism Economic intelligence Disciplined strategiccyber attack Military spying Selling secrets Civil disobedience Serious hackers Embarrassing organizations Discrediting products Harassment Collecting trophies Stealing credit cards Script kiddies Copy-cat attacks Curiosity Thrill-seeking

6. Threat : Characteristics High High High High INNOVATION COORDINATION PLANNING STEALTH Low Low Low Low Nation-states, Terrorists, Multinationals Information terrorism Economic intelligence Disciplined strategiccyber attack Military spying Selling secrets Civil disobedience Serious hackers Embarrassing organizations Discrediting products Harassment Collecting trophies Stealing credit cards Script kiddies Copy-cat attacks Curiosity Thrill-seeking

7. Information AssuranceThree Generations of Security Technologies Access Control & Physical Security Cryptography Multiple Levels of Security Trusted Computing Base Intrusions will Occur 2nd Generation (Detect Intrusions, Limit Damage) PKI VPNs Intrusion Detection Systems Firewalls Boundary Controllers Some Attacks will Succeed Performance 3rd Generation (Operate Through Attacks) Functionality Security Big Board View of Attacks Real-Time Situation Awareness & Response Graceful Degradation Hardened Core Intrusion Tolerance 1st Generation (Prevent Intrusions)

8. Components of Third Generation Security (3GS) • Technology Base • - Organically Assured & Survivable Information System (OASIS) • - Cyber Panel • - Survivable Wired & Wireless Infrastructure for Military Operations (SWWIM) • Dynamic Coalitions • Fault Tolerant Networks (FTN) • Composable High Assurance Trusted Systems (CHATS) • Experimentation • - Operational Experimentation • Survivable GIG Systems • Strawman Architecture Study • System Concept Study • - Risk Reduction • - Design, Implementation • Field Assessment Early Experimentation Cyber Panel OASIS Survivable GIG System SWWIM DC/FTN/CHATS Early Experimentation

9. Program Managers • Dr. Jaynarayan Lala – jlala@darpa.mil, 703-696-7441 • Organically Assured Survivable Information Systems, Survivable Global Information Grid System • Dr. Douglas Maughan – dmaughan@darpa.mil, 703-696-2373 • Dynamic Coalitions, Fault Tolerant Networks, Composable High Assurance Trustworthy Systems • Ms Catherine McCollum – cmccollum@darpa.mil, 703-696-2353 • Cyber Panel, Coalition Partners in Experimentaion • Mr. Brian Witten – bwitten@darpa.mil, 703-696-2323 • Survivable Wired and Wireless Infrastructure for Military Operations, Partners in Experimentation www.darpa.mil

10. OASIS request responses control Intrusion Tolerant Architecture Objectives • Construct intrusion-tolerant architectures from potentially vulnerable components • Characterize cost-benefits of intrusion tolerance mechanisms • Develop assessment and validation methodologies to evaluate intrusion tolerance mechanisms Servers COTS Ballot Acceptance Proxy Servers Monitors Monitors P B A S 1 1 1 1 Users/Clients Protected P B A S 2 2 2 2 P B A S u v m n Audit Adaptive Control Reconfiguration Technical Approach Schedule 1/99 1/00 1/01 1/02 1/03 • Real-Time Execution Monitors: In-line reference monitors, wrappers, sandboxing, binary insertion in legacy code, proof carrying code, secure mobile protocols • Error Detection & Tolerance Triggers: Time and Value Domain Checks, Comparison and Voting, Rear Guards • Error Compensation, Response and Recovery: Hardware and Software Redundancy, Rollback and Roll-Forward Recovery • Intrusion Tolerant Architectures: Design Diversity, Randomness, Uncertainty, Agility • Assessment & Validation: Peer Review Teams, Red Team, Assurance Case (Fault Tree, Hazard Analysis, Formal Proofs, Analytical Models, Empirical Evidence) Phase I Real-time Execution Monitors, Error Detection Developing Technology Drops Phase II Error Compensation, Response, Recovery

11. Survivable GIG Systems Program 3/03 Prior Tech Base 12/02 Revamped Tech Based Projects Final Validation 6/02 1/01 10/00 3/01 5/02 3/01 1/01 6/03 5/02 3/02 2/04 8/02 Downselect 2/04 1/05 Survivable System Objectives Cyber Panel • Develop a survivable GIG system, from applications down to communications infrastructure, that can • operate through a wide class of cyber attacks • gracefully degrade system functionality in the face of attacks • dynamically reconfigure to optimize performance, functionality and survivability • Develop a Cyber Panel to monitor GIG system health and attack state, and respond to attacks • Demonstrate seamless operation of GIG systems and Cyber Panel, including Cyber Panel-set system operating points Navigation Tactical Imagery Messaging COP Intel ... Intel BCSTs PC LAN Links Comms Organic HUB SIPRNET COTS Local LAN DMS Other Systems ... Schedule Systems Approach • Follow a requirements-driven systems engineering approach • Build on IA&S technology foundation and prior research • Develop a strawman survivable GIG architecture for an exemplar C4ISR system, its communications links, and a theater-wide cyber panel that showcases the latest research products and commercial information system survivability technology . • Design, implement and exercise the integrated Survivable GIG system and Cyber Panel in an operational environment, demonstrating capabilities afforded by emerging technologies and serving as a pathfinder to make other DoD systems survivable.

12. Schedule 3/03 Prior Tech Base 12/02 Revamped Tech Based Projects Final Validation 6/02 1/01 10/00 3/01 5/02 3/01 1/01 6/03 5/02 3/02 2/04 8/02 Downselect 2/04 1/05