itea - testing, education | international test and …...2018/05/16 · • penetration testing •...
TRANSCRIPT
Bill L'HommedieuACR Chief Engineer96th Cyber Test Group7 May 2018
Air Force Test Center
1
Avionics Cyber Range(ACR)
DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited.
Mission: An AFTC test range providing a mission based infrastructure, interfacing with other facilities ranging from controlled, secure offensive cyberspace systems to emulations of uncontrolled, non-secure, and adversary networks
ACR Overview
2
ACR will support Cyberspace testing for:Aircraft, Logistics systems, C2 Systems, Space and Nuclear platforms
Susceptibilities found though• Binary Analysis
• Fuzz testing across trust boundaries
• Fuzz testing of code processes and output
• Binary Hardening
Susceptibilities exercised on individual components • Functional Security testing• Penetration testing
• Subsystem Fuzzing
Residual Susceptibilities • Known Susceptibilities• Zero-Day “Hacks”
Validated Susceptibilities
Susceptibilities exercised in System of Systems testing for evaluation of mission effects in an operationally representative, multiple platform environment
Mission - ValidatedVulnerabilities
Vulnerabilities validated and TTP exercised on Operational platforms• Anechoic Chamber Testing• Flight line testing• Mobile test Kits
ACR Concept of Operations
ACR will consist of three strategic capability areas:Avionics Cyber Test Lab, Cyber Threat Development, and National Cyber Range Complex
Component Test
SIL/HWILTest
Operational Test
Avionics Cyber Lab
4
Connects avionics hardware to a test capability with the necessary elements tocover the end-to-end communications associated with a typical weapon system
• Avionics Test Bench - well-defined hardware interfaces and software API’s
– Allows new technology to be validated/demonstrated in flight representative environment– Enable connection with remote elements for example with ground based related testbeds
• Weapon systems Racks/Pylons• Maintenance equipment (for example CMBRE/CAPRE)
• LRU Virtualization - High-fidelity emulations of an LRU’s architecture, native processor, memory layout, etc. providing representative hardware/software environment
• Reverse Engineering Laboratory - hardware andsoftware reverse engineering of embedded systemsincluding avionics and weapon systems
Cyber Threat Development
5
Provides representation of the actions of adversaries whose ability and intent is to adversely affect an automated system, facility, or operation
• Threat Environment - threat representations that are intelligence-informed cyber threatTTPs, equipment, or adversarial command and control networks
– Representative Threats - threats across the spectrum from hacker to nation state-sponsored cyber attackers, provided through threat scripts and recognized threat vectors
– Cyber Effects Emulation - capability to inject hostile activity (malformed messages, malware, etc.) into embedded system data buses and cyber-attack surfaces
• Threat Modeling - Automated modeling tools to assist the test engineer quickly defining a set of possible attacks
• RF threat injection and tools - injection of cyber effects though RF channels within the mission kill chain
• Common Cyber Testing Ontology, Taxonomy, and Lexicon – How we communicate
• Common Concept of Operations– How the cyber ranges operate
• Common Cyber Test Data Model– How to describe a cyber test
• Common Cyber Descriptions (Object Definition and Transforms)– How components of the cyber test are defined
• Common Cyber Universe Description– How the environment that surrounds the components of the
cyber test are defined• Common Instrumentation and Control
– How data is collected and assessed– How cyber tests are controlled
TECHNICAL CHARACTERISTICS• Realistic: Large-scale, high-fidelity virtualized cyber environments operating actual software integrated with hardware-in-the-loop capabilities
• Repeatable: Archived, reusable environments, procedures, parameters, and event restoration checkpoints to facilitate test-fix-test verification
• Rapid: Standard tools and processes to automatically create, re-create, and modify mission-specific environments
• Isolation: Cryptographic segregation of multiple, concurrent cyber environments at varying security classifications
• Sanitization: Restore all assets to a known, clean state – not just range infrastructure, but also mission system equipment
E n a b l e d b y a C y b e r - S a v v y W o r k f o r c e
National Cyber Range, Eglin AFBA secure hosting workspace with the capability to emulate systems under test in a real world,
operational environment, in order to perform “live fire” cyber-attacks
Avionics Cyber Range Multi-level Network (ACRMN) JMETC Multi Level Network (JMN)
ACR OV-1
7
Hardware In the LoopFacilities
Anechoic Chamber
TestTest
Test Instrumentation
Traffic Generation
Virtual Machines
National Cyber Range, Eglin
Sanitization Server
National Cyber Range Complex
Threat Environment Avionics Buss
Fuzzing ToolsReverse
Engineering Lab
Avionics Cyber Test LabCyber Threat Development
RF Threat Injection& Tools
Threat Models & Simulation
Open Air Ranges
Avionics Test Bed
LRU Virtualization Test Instrumentation
Proposed Test Capabilities @ FOC
8
LRU Emulation
System Under Test (SUT) Instrumentation & Debugging
Avionics Cyber TestBench
Avionics Bus Sniffer/Analyzer
RF threat injection
Avionics Subsystem Fuzzing
Threat Development
SILs/HWIL Integration
Automatic Exploit Generation
National Cyber Range Complex
Planned ACR Connectivity
9
Edwards AFB 47th OL-BIFASTBAF
Joint Base San Antonio47th Test Squadron
Eglin AFB 96th Cyber Test GroupAvionics Cyber Range
JPRIMES
Redstone ArsenalRTC
• JMETC MILS Network (JMN) will provide connections to remote sites• ACR will be integrated with the Nation Cyber Range Complex • Any test site requiring ACR resources can connect though JMN
NAS PAX River
NCRC Orlando
SPAWARCharleston
Aberdeen Proving Grounds
Avionics Test Bed
10
Project Objectives:- Capabilities for rapid integration of avionics subsystems- Capabilities for rapid reconfiguration to support different air
platforms and any number of real/emulated/simulated avionics systems
- Repeatable processes to monitor, stimulate and perform test and evaluation
- Capabilities to monitor or record inputs from real weapon systems, replay the data back to a weapon system, or fuzz the inputs to a weapon system
- Capabilities for integration of modern Aircraft Avionics
Focus Areas:- A modular architecture with a standardized set of interfaces
that allows rapid reconfiguration and expansion using a combination of real, emulated and simulated avionics subsystems technology
- Platform Agnostic - Emulated Hardware with operational software
- AFRL Avionics Vulnerability Assessment System (AVAS) -allows for rapid integration of simulation models and avionics
- Protocol Development for avionics systems- Aircraft LRU Integration
Capability to emulate avionics architectures including the necessary elements to cover the end-to-end communications associated with a typical weapon system
DIUX VOLTRON Project
11
Focus Areas:• Autonomous vulnerability detection and code hardening of
x86 and ARM Linux based avionics and sensor fusion software.
• Autonomous vulnerability detection and code hardening x64 Windows based mission planning and support systems. (Joint Mission Planning Software)(JMPS)
• Autonomous vulnerability detection and code hardening of PowerPC VxWorks.
• Autonomous vulnerability detection and offensive weaponization on software of interest to the offensive cyber community.
Defense Innovation Unit Experimental (DIUX)VOLTRON Project
Automated vulnerability detection and remediation would result in a revolution in securing mission-critical systems and in the development of offensive capabilities against
targets of interest
Project Objectives:- Demonstrate the efficacy of autonomous tools in
performing vulnerability assessments of DoD weaponsystems without the use of external threat/vulnerabilityinformation
- Identify and remediate vulnerabilities in productionsoftware, including the generation of working exploits toprevent false positives
- Build autonomous capabilities into tools already used bygovernment vulnerability researchers to meet bothoffensive and defensive mission needs
- With a successful prototype, deliver a system that worksagainst a variety of architectures of interest to the DoD
Contractor Product Architectures
ForAllSecure MAYHEMx86 Linux, ARM Linux, x64 Windows
GrammaTech Proteus x64 Windows
Trail of Bits PowerPC on VxWorks 5.5
Kudu Dynamics
PASSEDPAWN
ArduPilot and Pixhawk(open source autopilot software)
Participating Contractors
This capability was first demonstrated in August 2016 at the DARPA Cyber Grand Challenge
T&E/S&T Program FY2016 End-of-Year Program Execution Review
Cyber Threat Automation & Monitoring (CTAM)
Project Objectives: Developing technologies to detect, monitor, and analyze malware behavior during cyber attacks in a virtualized T&E environmentEnables: • Fine-grain introspection/data collection/monitoring• Machine Learning and Advanced Cyber Analytics• Analysis and threat assessment to understand impacts to
systems under test• Project Completion May 2020
Florida International University-ARC Miami FL
Focus Areas:• Capability to create System Under Test (SUT) virtual
machines on XEN and KVM platforms and perform Introspection
• Optimize traditional machine learning algorithms and implementation of deep learning algorithm for accurate prediction to identify the impact of test vectors on defined mission
• Implementation of deep learning algorithms using CNTK and TensorFlow framework
• Implementation of Stream processing /Distributed computing using SPARK and Kafka
Questions/Discussion?
13