1 / 7

From Information Assurance to Trusted Systems – A Strategic Shift

From Information Assurance to Trusted Systems – A Strategic Shift. Patricia A. Muoio Chief, NSA Trusted Systems Research (formerly known as National Information Assurance Research Lab) Briefing to SINET, October 4, 2011. Why Trusted Systems?.

kevyn
Télécharger la présentation

From Information Assurance to Trusted Systems – A Strategic Shift

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. From Information Assurance to Trusted Systems – A Strategic Shift Patricia A. Muoio Chief, NSA Trusted Systems Research (formerly known as National Information Assurance Research Lab) Briefing to SINET, October 4, 2011

  2. Why Trusted Systems? • It’s all about enabling safe operations in risky or compromised environments • Traditional IA mechanisms are key components, but IA lockdown, border war mentality won’t get you there • Need smart systems, ability to adapt, ability to be proactive in addressing threats • Consider the SYSTEM, not the BOUNDARY • Consider the ADVERSARY in designing protections

  3. Address Componetry • Investigate new technology components and systems to address emerging trusted system needs such as: • Trusted platform mechanisms • Policy statement and enforcement mechanisms • Mobility mechanisms

  4. Address Design • Develop methods to design software or hardware with no vulnerabilities • Develop methods that enable us to assess the soundness of our software • Address composition and secure software re-use • Develop methods to allow some level of confidence given an untrustedsupply chain

  5. Take advantage of Cryptography • Investigate capabilities that provide integrated use of cryptography for more than traffic confidentiality. • Cryptography in systems context – deep integration into efforts that enable new CONOPS

  6. Bring about trustworthysystem behaviors • Investigate new ways to design and integrate systems to provide desired properties such as: • Active Defense • Risk Adaptive, Situationally Variant Response • Resilience • Moving Target • Immune Systems • Autonomic Systems • Usability

  7. What industry can do • Encourage critical thinking rather than “check the box” in developing security solutions – develop ways to realistically assess our risk posture • Advance the state of the practice in smart systems • Advance the state of the practice in dynamic risk management • Work with us on CONOPS that stretch the envelope for safe operations

More Related