self-regenerative systems pm welcome dec. 14, 2005
DESCRIPTION
Self-Regenerative Systems PM Welcome Dec. 14, 2005. Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency. SRS PI III - PM Welcome. Cigital (Jeff Payne): Uva, GITI, Telcordia, MIT (Williams/Robertson). Red Teams. - PowerPoint PPT PresentationTRANSCRIPT
1
Lee BadgerInformation Processing Technology Office
Defense Advanced Research Projects Agency
Self-Regenerative Systems PM Welcome Dec. 14, 2005
2
SRS PI III - PM Welcome
SRS Workshop B b
Critical System List S
Meeting Program Metrics D d
Adversarial Evaluation x
External architecture study: BBN (Partha Pal)External architecture study: Ga. Tech (Calton Pu)Internal architecture study: MIT (Bob Balzer)
Status: ongoing
Progress against metrics (slide) Barriers to leap-ahead progress Demos Video
Cigital (Jeff Payne): Uva, GITI, Telcordia, MIT (Williams/Robertson)
Raba (Michael Wertheimer): MIT (Riinard-Ernst), MIT (AWDRAT), JHU, Cornell)
Sandia (John Clem): Honeywell, CMU, MIT (PMOP)
MITRE (Lora Voas): ALL
RedTeams
White Team
Exercises Must be scheduled in Oct. or Nov.
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
3
18 Months - Activity
Demonstrations
Patents/Patent Applications:
Experiments:
Publications:
Red Team Engagements:
Red Teams
SandiaRABACigital
White Team
MITRE
Biologically-Inspired DiversityGranular, Scalable RedundancyCognitive Immunity and Healing
Reasoning About Insider Threats
9
10
July January July January2004 2005 2006
MIT
UVaGITI
Honeywell Cornell
CMU
MIT
MIT
MIT
MIT
JHURABA
Cigital
Telcordia
Sandia
36
2/1
11
Daikon Implementation(publicly available)
Program Start: July 2004Program End: December 2005
4 PI Meetings:August 2004January 2005July 2005December 2005
11 Site Visits
(incomplete)
4
PM View of Meaningful Progress
Cognitive Immunity and Regeneration
Service Regeneration
identify 10% of root causescorrect 5% of root causes
Granular, Scalable Redundancy
Massive Defense Reserve
15-fold epidemic performance increase3-fold Byzantine performance increase
Reasoning About Insider Threats
Pre-empt Insider AttackDetect System Overrun
10% attacks thwarted/delayed
Biologically-Inspired Diversity
Genetically-Diverse Computing Fabric
generate 100 diverse versions,<= 33 having same vulnerability
E FE F
E F E F
MetricAchieved!
MetricAchieved!
ProgressAgainstMetric
ProgressAgainstMetric
• Responses not always triggered• Responses not always accurate
Metric literally achieved, but:
Thousands of diverse versions,< 2 having same vulnerability
Some scope limits.
>20-fold latency reduction(many groups)
>>3-fold Byzantine increase(> 5 clients)
• Generality of techniques in question
• False positives a problem
Metric literally achieved, but: