[Show abstract][Hide abstract] ABSTRACT: Today's cyber defenses and cyber defenders face de-termined and diverse adversaries, who can study all aspects of deployed systems including networks, hosts, and the applications running on them, in order to find exploitable vulnerabilities and to devise attack vectors that exploit the detected vulnerabilities. The conflict between cyber attackers and cyber defenders is stacked against the defender. The defender must protect against all the ways that an adversary can cause potential loss of security, collectively called the attack surface, while the attacker needs to find only a single vulnerability and attack vector to be successful. This work-in-progress paper describes an AI-inspired approach for modeling and analyzing the attack surface of a distributed system. Once modeled, an attack surface can be quantified in terms of size and level of dynamism through four types of algo-rithms: path analysis, metric computation, path comparison, and path enumeration. Our approach supports relative comparison across multiple attack models for each combination of a system and a set of defenses, in order to select an appropriate set of de-fenses given a certain cost/benefit tradeoff. I. INTRODUCTION Today's cyber defenders face determined, diverse, and well-resourced adversaries who have a significant advantage over the defense. The adversaries need find only a single vul-nerability and attack vector to be successful, while the defender must protect all vulnerabilities and defend against all attack vectors. Among the various choices of available defenses, a powerful class is the set of Moving Target Defenses (MTDs) that attempt to even the playing field for defenders by shifting the attack surface, i.e., the set of potential attack vectors an adversary can use to compromise security of a target system. MTDs attempt to change access paths before they can be ex-ploited, thereby (1) making them more difficult to detect, (2) rendering attacks that are based on stale information ineffec-tive, and (3) increasing detection by monitoring for the use of stale information. However, as the number and complexity of defenses (in-cluding MTDs), system configurations, and potential attacks continually increase, cyber defenders face the problem of man-ually selecting and configuring defenses for a distributed mis-sion-critical system without a clear understanding of the seams/integration points, residual risks, and costs (in terms of impact on performance and functionality). Integration of de-fenses performed in a non-structured way bears the risks of adding defenses with no value, inadvertently increasing the attack surface, or overly impacting critical functionality. This paper describes work in progress for constructing a model-based environment for Attack Surface Reasoning (ASR),
[Show abstract][Hide abstract] ABSTRACT: This issue of IEEE Software discusses where the mobile computing has brought us today and where it could be taking us in the future. It provides a glimpse into the near future of mobile computing by focusing on proximate software challenges coupled with promising techniques, infrastructure, and research from academia, government, and industry. The first Web extra at http://youtu.be/iLnNHwp-H8E is a video demonstration of the Group Autonomy for Mobile Systems (GAMS) project, which is an extension of a research project called Self-governing Mobile Adhocs with Sensors and Handhelds (SMASH) that investigated human-in-the-loop autonomy at Carnegie Mellon University. The project created Android interfaces to a drone swarm that tried to autonomously search for survivors in a disaster scenario using the Parrot AR.Drone and custom GPS and thermal sensors. The second Web extra at http://youtu.be/lW1dqsrdRHU is a video demonstration of HD4AR mobile augmented reality technology that was commercialized through PAR Works. The third Web extra at http://youtu.be/M4w5oPqrMRo is an audio interview in which James Edmondson talks with Suzanne Miller about autonomous systems, specifically as they relate to robotic systems. In particular, Edmondson's research focuses on partial autonomy with an aim of complementing human users and extending their reach and capabilities in mission-critical environments. From the SEI Podcast Series "Conversations in Software Engineering."
[Show abstract][Hide abstract] ABSTRACT: Transport Layer Security (TLS) and its precursor Secure Sockets Layer (SSL) are the most widely deployed protocol to establish secure communication over insecure Internet Protocol (IP) networks. Providing a secure session layer on top of TCP, TLS is frequently the first defense layer encountered by adversaries who try to cause loss of confidentiality by sniffing live traffic or loss of integrity using man-in-the-middle attacks. Despite its wide deployment and evolution over the last 18 years, TLS remains vulnerable to a number of threats at the protocol layer and therefore does not provide strong security out-of-the-box, requiring tweaks to its configuration in order to provide the expected security benefits. This paper provides a summary of the current TLS threat surface together with a validated approach for minimizing the risk of TLS-compromise. The main contributions of this paper include 1) identification of configuration options that together maximize security guarantees in the context of recent TLS exploits and 2) specification of expected flows and automated comparison with observed flows to flag inconsistencies.
Communications and Network Security (CNS), 2013 IEEE Conference on; 01/2013
[Show abstract][Hide abstract] ABSTRACT: We present a workflow for the design and production of biological networks from high-level program specifications. The workflow is based on a sequence of intermediate models that incrementally translate high-level specifications into DNA samples that implement them. We identify algorithms for translating between adjacent models and implement them as a set of software tools, organized into a four-stage toolchain: Specification, Compilation, Part Assignment, and Assembly. The specification stage begins with a Boolean logic computation specified in the Proto programming language. The compilation stage uses a library of network motifs and cellular platforms, also specified in Proto, to transform the program into an optimized Abstract Genetic Regulatory Network (AGRN) that implements the programmed behavior. The part assignment stage assigns DNA parts to the AGRN, drawing the parts from a database for the target cellular platform, to create a DNA sequence implementing the AGRN. Finally, the assembly stage computes an optimized assembly plan to create the DNA sequence from available part samples, yielding a protocol for producing a sample of engineered plasmids with robotics assistance. Our workflow is the first to automate the production of biological networks from a high-level program specification. Furthermore, the workflow's modular design allows the same program to be realized on different cellular platforms simply by swapping workflow configurations. We validated our workflow by specifying a small-molecule sensor-reporter program and verifying the resulting plasmids in both HEK 293 mammalian cells and in E. coli bacterial cells.
[Show abstract][Hide abstract] ABSTRACT: Force protection capabilities have emerged as necessary for operations such as Village Stability Operations and Forward Operating Base security. Current Force Protection Kits include a rich set of sensors that can be monitored from a core operator station. This paper describes ongoing research to extend the reach of Force Protection capabilities as part of an integrated, network-centric system to protect mobile troops on patrol, to include sensors beyond the organic Force Protection perimeter, and to enable the automated, selective transfer of information to and from kit locations. These extended Force Protection capabilities are enabled by a highly-mobile, vehicle mounted information management system providing beyond line-of-sight publish-subscribe capabilities, sensor data archiving, video storage and retrieval, and data ferrying across long distances.
MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012; 01/2012
[Show abstract][Hide abstract] ABSTRACT: Although IP and its overlying protocols, such as TCP and UDP, are ubiquitous, they were originally designed for point-to-point connections between computers in reasonably fixed locations. They are less suited to mobile networks and broadcast communications. In this paper, we present an alternative to IP that is based on a publish-subscribe approach. The approach that we present combines an application publish-subscribe programming model with a content delivery network, which provides several advantages in certain communication environments, including quality of service based on application level needs; efficient support for reliable broadcast; support for disadvantaged, intermittent, and limited communications; and more efficient reliability and fault tolerance. The paper presents our approach, based on a streamlined Data Distribution Service and simplified Content Delivery Network, a motivating example in which the publish-subscribe based distribution and network provides advantages, and a contrast to TCP/IP in the example context.
[Show abstract][Hide abstract] ABSTRACT: An increasing number of military systems are being developed using service orientation. Some of the features that make service orientation appealing, like loose coupling, dynamism and composition-oriented system construction, make securing service-based systems more complicated. We have been developing technologies for Advanced Protected Services (APS) to improve the resilience and survival of services under cyber attack. These technologies introduce a layer to absorb, contain, and adapt to cyber attacks before attacks reach critical services. This paper describes an evaluation of these advanced protection technologies using cooperative red teaming. In cooperative red teaming, an independent red team launches attacks on a protected enclave in order to evaluate the efficacy and efficiency of the protection technologies, but the red team is provided full knowledge of the system under test and its protections, and is given escalating levels of access to the system. The red team also operates within agreed upon rules of engagement designed to focus their effort on useful evaluation results. Apart from presenting the evaluation results, we also discuss cooperative red teaming as an effective means of evaluating cyber security.
MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012; 01/2012
[Show abstract][Hide abstract] ABSTRACT: Publish-subscribe-based Information Management (IM) services provide a key enabling technology for net-centric operations. This paper describes technology for Quality of Service (QoS) and Internet-Protocol-based Airborne Networking features for IM services. Enhancing IM services with airborne networking features improves effectiveness in combined tactical and enterprise networks with mobile airborne and ground-based embedded platforms interacting with enterprise systems in command and control operations.
Military Communications Conference (MILCOM); 11/2011
[Show abstract][Hide abstract] ABSTRACT: We describe an ontology for resource sharing in integrated systems. We call this ontology the "Resource Sharing Ontology." This ontology addresses one of the main challenges for system and service integration: the management of resource sharing interactions. These interactions, whether explicit or implicit, are difficult to model and manage, but they are critical for safe and efficient system designs. Our resource sharing ontology also covers performance assessments on resource sharing for online and offline control and diagnosis. We discuss ontology extensions for specific resource sharing scenarios such as the assessment of resource sharing complexity. We provide examples of using the ontology to model applications, such as an RLC circuit and for the assessment of a resource contention complexity metric for the maintenance of a prototype hybrid vehicle.
Semantic Computing (ICSC), 2011 Fifth IEEE International Conference on; 10/2011
[Show abstract][Hide abstract] ABSTRACT: Information Management (IM) services need lifecycle management, i.e., determining how long persistent information is retained locally and when it is moved to accommodate new information. This is important when bridging IM services from enterprise to tactical environments, which can have limited onboard storage and be in highly dynamic situations with varying information needs. In this paper, we describe an approach to Value Function based Information Lifecycle Management (VFILM) that balances the value of existing information to current and future missions with constraints on available storage. VFILM operates in parallel with IM services in dynamic situations where missions and their information needs, the types of information being managed, and the criticality of information to current missions and operations are changing. In contrast to current solutions that simply move the oldest or least frequently accessed information when space is needed, VFILM manages information lifecycle based on a combination of inputs including attributes of the information (its age, size, type, and other observable attributes), ongoing operations and missions, and the relationships between different pieces of information. VFILM has three primary innovative features: (1) a fuzzy logic function that calculates a ordering of information value based on multiple relative valued attributes; (2) mission/task awareness that considers current and upcoming missions in information valuation and storage requirements; and (3) information grouping that treats related information collectively. This paper describes the VFILM architecture, a VFILM prototype that works with Air Force Research Laboratory IM services, and the results of experiments showing VFILM's effectiveness and efficiency.
[Show abstract][Hide abstract] ABSTRACT: Information Management (IM) services support the discovery, brokering, and dissemination of mission-critical information based on the information's content and characteristics. IM services support the dissemination of future information (through subscriptions) and past information (through queries) regardless of its source. To be useful across enterprise and tactical environments, IM services need mission-driven Quality of Service (QoS) features as part of their core functionality. We have developed QoS management features, QoS Enabled Dissemination (QED), that extend an Air Force Research Laboratory (AFRL) developed set of IM services, Phoenix. This paper describes the results of a joint services experiment evaluating QED and Phoenix in a US Navy scenario involving multiple ships connected by a Disconnected, Intermittent, Limited (DIL) satellite network. Experiments evaluate QED and Phoenix's ability to (1) provide IM in the Wide Area Network (WAN) context of the satellite communications, which includes long latencies and background traffic not under QED control; (2) control and utilize active-precedence and queue management features provided by the WAN; (3) handle severe network overload, network disruptions, and dynamic changes in policies; and (4) successfully enforce deadlines and information replacement policies.
[Show abstract][Hide abstract] ABSTRACT: Wireless networking is moving toward the adoption of IP protocols and away from the multitude of special-purpose tac- tical radios traditionally in the hands of emergency personnel, mili- tary personnel, and law enforcement. The adoption of standards, such as IP multicast, has facilitated this. IP multicast also enables recovering some of the advantages of the broadcast medium when using IP in tactical environments. However, the traditional Quality of Service (QoS) approaches for IP multicast fall short of satisfy- ing the stringent QoS requirements in tactical environments, which typically have single-hop, line-of-sight connections. The reasons for this are (1) QoS in IP networks, frequently based on Differen- tiated Services, relies on routers to enforce the priorities which typically don't exist in tactical networks; and (2) QoS for tactical users needs to be enforced at the information level, not the packet level where the loss or delay of a single packet can invalidate an entire object of information. We present strategies for QoS man- agement for IP multicast in tactical environments that provides information- and user-level QoS and addresses the specific chal- lenges of tactical radios (such as the lack of reliable capacity in- formation). We present our solutions in the context of a tactical information broker that provides beyond line-of-sight information management in a theater of operations.
14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2011, Newport Beach, California, USA, 28-31 March 2011; 01/2011
[Show abstract][Hide abstract] ABSTRACT: Service-oriented architecture (SOA) middleware has emerged as a powerful and popular distributed computing paradigm due to its high-level abstractions for composing systems and hiding platform-level details. Control of some details hidden by SOA middleware is necessary, however, to provide managed quality of service (QoS) for SOA systems that need predictable performance and behavior. This paper presents a policy-driven approach for managing QoS in SOA systems. We discuss the design of several key QoS services and empirically evaluate their ability to provide QoS under CPU overload and bandwidth-constrained situations.
13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, ISORC 2010, Carmona, Sevilla, Spain, 5-6 May 2010; 01/2010
[Show abstract][Hide abstract] ABSTRACT: Most distributed applications are brittle; they work in a limited environment and cannot adapt to changes in this environment. Making these applications less brittle is a complex engineering task that is hard for specific application areas and even harder to generalize. The Quality Objects (QuO) project offers a framework for creating applications that adapt to different Quality of Services (QoS) offered by the underlying resources. QuO offers several layers of tools for creating adaptive distributed applications using the familiar CORBA development process of code generators and runtime support libraries. In this paper we describe the QuO Runtime and the components it uses to maintain and adapt to QoS. The QuO Runtime is the base functionality on which QuO code generators specialize for a specific adaptive application. The QuO Runtime handles much of the complexity of collecting, organizing, and acting on changing QoS, thus reducing the burden for application developers.
[Show abstract][Hide abstract] ABSTRACT: Warfighters in today's asymmetric engagements need access to mission-critical information no matter when and where it becomes available. Information Management Services (IMSs) based on publish-subscribe-query services have emerged as an important enabler of tactical information dominance in combined tactical and enterprise military situations. IMSs support information brokering and dissemination between decoupled information producers and consumers, for both future (publish-subscribe) and historical (publish-archive-query) information. To support operations in dynamic environments, IMSs require Quality of Service (QoS) capabilities to ensure prioritized delivery of mission-critical information, to mediate conflicting demands for information brokering and dissemination resources in constrained situations, and to adapt IMS operations to changing missions, roles, and priorities. This paper describes a set of QoS management services, QoS Enabled Dissemination (QED), that provide policy driven, dynamic, aggregate QoS management across the users of IMSs. The paper describes the QED prototype implementation and experimental results illustrating the improvement of QED over a non-QoS enabled IMS baseline.
Military Communications Conference, 2009. MILCOM 2009. IEEE; 11/2009
[Show abstract][Hide abstract] ABSTRACT: Publish-subscribe-query information broker middleware offers great promise to users of pervasive computing systems requiring
access to information. However, users of publish-subscribe-query information broker middleware face a challenge in requesting
information. The decoupling of publishers and consumers of information means that a user requesting information is frequently
not aware of what is available, where it comes from, and when it becomes available. Too specific a request might return no results, while too broad a request might overwhelm the user with a combination of useless and buried useful information. This paper investigates using
context, such as a user’s location, affiliation, and time, to automatically improve the quality of information brokering and delivery.
Augmenting an explicit client request with contextual clauses can automatically prioritize, order, and prune information so
that the most useful and highest quality among the information available is delivered first. The paper provides techniques
for augmenting client requests with context, techniques for combining multiple contextual aspects, and experiments evaluating
the efficacy and performance of those techniques.
Software Technologies for Embedded and Ubiquitous Systems, 7th IFIP WG 10.2 International Workshop, SEUS 2009, Newport Beach, CA, USA, November 16-18, 2009, Proceedings; 01/2009
[Show abstract][Hide abstract] ABSTRACT: Modern warfare relies on dynamic, coalition operations supported by small, agile teams in time sensitive missions. While each member of a coalition may maintain a local information space supporting the activities of its own teams, coalition members must be able to share information to cooperate effectively in dynamic environments and succeed in their missions. We present an extensible, layered architecture for federating individual information spaces into an interoperating information federation in which coalition partners can, as members of the federation, choose to share their information with other members of the federation. Local information spaces employ federate services to become federated information spaces (i.e., federates) who can share information with other federates in a federation. Federation services provide the capabilities needed to dynamically form and manage a federation of information spaces. Both federate and federation services are designed to maintain the autonomy of local information spaces while still allowing secure and efficient collaboration between them. We describe the services we are developing to demonstrate the architecture, present our current prototype federation, explain the analysis, design and implementation decisions made during the development of this prototype, and review an evaluation of the current implementation.
Military Communications Conference, 2008. MILCOM 2008. IEEE; 12/2008
[Show abstract][Hide abstract] ABSTRACT: Information spaces have emerged as a powerful concept for providing managed exchange of information between members of communities of interest (COIs), including information brokering and dissemination by publish-subscribe- query middleware. To support COIs with real-time or critical information exchange requirements, information spaces require quality of service (QoS) management algo- rithms that consider the complex system dynamics within information spaces, that allocate multiple resources, and that scale to information spaces of reasonable size. This paper presents two algorithms for multi-resource QoS allocation within infor- mation spaces. The first algorithm always provides an optimal allocation and in- cludes optimizations that enable it to scale to information spaces of moderate size. The second algorithm is an approximation algorithm that provides near optimal solu- tions in most situations and scales to much larger information spaces. The paper also presents analyses and experimental results of the effectiveness and efficiency of the algorithms.
Middleware 2008, ACM/IFIP/USENIX 9th International Middleware Conference, Leuven, Belgium, December 1-5, 2008, Proceedings; 01/2008