1 Application Communities Kick-off Meeting Arlington, Virginia July 7, 2006.

Slides:



Advertisements
Similar presentations
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Advertisements

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
David Flournoy Bit9 Mid-Atlantic Regional Manager
Annual SERC Research Review, October 5-6, Panel on Rapid / Expedited Systems Engineering Debra Facktor Lepore Principal Investigator, SERC Study.
1 Telstra in Confidence Managing Security for our Mobile Technology.
ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.
Bus 411 DAY 20. Agenda Kroger Case Study  PowerPoint Before Class (at least one hour) Grades and feedback are posted  Performance should improve.
Oct 2, 2010Atif Alamri IS 240 Information Systems Analysis and Design Dr. Atif Alamri Office: 2098 Tel: (1)
1 As Class Convenes u Find your team u Pick up your team’s folder; Becoming an Expert u Remove any old work and Class Process Check for Becoming an Expert.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
MOTIVATIONAL INTERVIEWING INTERNAL CERTIFICATION PROCESS Allen County Community Correction Design.
Session 8 Coordination. Session Objectives Define the Principle of Coordination Define the Principle of Coordination Identify characteristics of successful.
1 Approved for Public Release, Distribution Unlimited Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Self-Regenerative.
Success status, page 1 Collaborative learning for security and repair in application communities MIT & Determina AC PI meeting July 10, 2007 Milestones.
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*
Introduction To Secure Registry Operations for ccTLDs Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.
1102 Contract Specialist as a Business Manager Debbie Bartlett Defense Acquisition University.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
1 This workshop is part of our commitment to periodically provide you with updated information about BPA’s contracting and project management processes.
Doug Bellomo April 6, NFDA Retreat & Conference “Risk MAP--Foundation, Transition, Integration” Risk MAP: An Update to NFDA.
Prepare + Prevent + Respond + Recover + Mitigate A NNUAL GOHSEP C ONFERENCE OHSEP Directors + LEPA + LEPC M EMBERS House Keeping.
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:
2010 W EST V IRGINIA GIS C ONFERENCE Wednesday, June 9, 2010.
CDI Prevention in Long Term Care Collaborative Welcome and Project Overview Deborah Quetti RN, MBA, BSN, CPHQ April 9, 2014.
Building Quality into Web Applications - Meeting the Challenges of Testing and Usability Paula Duchnowski CQA, CSTE (608)
Self-Regenerative Systems (SRS) PI Meeting Alexandria, Virginia December 14-15, 2005.
WP1 Management. N° of work package: 1 Management Duration in months: 36+2 EGEC Description of the tasks: 1.1. Project Management (EGEC) Coordination in.
CHAPTER 9 INSPECTIONS AS AN UP-FRONT QUALITY TECHNIQUE
Copyright – Disaster Resistant Communities Group – Initial Planning Conference.
AQUAINT Program Programmatics Dr. John D. Prange AQUAINT Program Director December 2001.
Stellar Stars: Reflections of a Center CIO James F. Williams Ames Research Center August 15, 2011.
IUCRC Panel_1/08/09 at 2-3:15 p.m.1 Research Planning and Decision Making Concurrent Session Thursday, January 8, 2009, 2:00-3:15 p.m. Directors will share.
Emergency Management Training and Education System Protection and National Preparedness National Preparedness Directorate National Training and Education.
Pursuing High Value Healthcare Optimizing Laboratory Testing Webinar #7 August 13,
1 Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Self-Regenerative Systems PM Welcome Dec. 14, 2005.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Graciela Saunders.  Introduction / Review  Challenges to Embedded Security  Approaches to Embedded Security  Security Analysis & Attack Taxonomy 
Orientation and Summer Institutes Implementer’s Forum October 2005 Susan Barrett PBIS Maryland.
Innovation Software Corporation's Cultural Awareness Training Program Presentation by:
Improving the Tradecraft in Services Acquisition Services Acquisition Training Lyle Eesley Defense Acquisition University Director Center for Services.
Innovation Software Corporation's Cultural Awareness Training Program Presentation by:
Governor’s Office of Homeland Security and Emergency Response State Directors Meeting February 24, 2014 Bruce A. Davis, Ph.D. Senior Program Manager Resilient.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
One Team with One Voice…Serving 58 DSS and Community College Partnership Opportunities – NC FAST For more information about this document, contact: Programs.
Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Welcome.
1 Joint Agency Commercial Imagery Evaluation (JACIE) 7 th Annual Workshop held March 25-27, 2008  USGS, NGA, USDA, and NASA Collaboration Next Workshop.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)
Michael Ernst, page 1 Application Communities: Next steps MIT & Determina October 2006.
By Kyle Bickel.  Securing a host computer is making sure that your computer is secure when it’s connected to the internet  This be done by several protective.
Coast Guard Cyber Command
Critical Security Controls
Patch Management Patch Management Best Practices
Huntsville City Schools Centralized Registration
Real-time protection for web sites and web apps against ATTACKS
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Intelligence Driven Defense, The Next Generation SOC
Tangled Web: Using Deception in Defense
MANAGING APPLICATION SECURITY
Cybersecurity EXERCISE (CE) ATD Scenario intro
Strategic Enrolment Management Planning OVERVIEW
Successful Strategies in Enterprise Intrusion Investigations
BISC Orientation Session
Computer Emergency Response Team
Cybersecurity EXERCISE (CE) ATD Scenario questions
Presentation transcript:

1 Application Communities Kick-off Meeting Arlington, Virginia July 7, 2006

2 Agenda Continental Breakfast Program Manager Welcome SRI Presentation Morning Break SRI Presentation (continued) Discussion Lunch MIT Presentation Afternoon Break MIT Presentation (continued) Wrap-up discussions 1600Side-bars

3 Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Application Communities July 7, 2006 Program Kickoff

4 The Problem Attack Sophistication Growing (Source: CERT Coordination Center) Lines of Code 55,000,000 50,000,000 30,000,000 20,000,000 17,000,000 15,000,000 3,000,000 1,000, ,000 20, SCOMP Debian Multics ?Win2K? Win95 Win3.1 Lisp Darwin Kernel RedHat6 WinNT RedHat7 Linux Kernel Scale/Vulnerability Growing SCOMP Debian Multics ?Win2K? Win95 Win3.1 Lisp Darwin Kernel RedHat6 WinNT RedHat7 Linux Kernel Military Context DoD needs “better” COTS than adversaries have. Traditional wisdom: monocultures are weak: vulnerable to homogeneity/scale/collaboration Monocultures and Markets Market Share New idea: turn these “weaknesses” into advantages: Leverage homogeneity/scale/collaboration for the defense.

5 The Military Context DoD Cyber Foundation Voice/Data Routing Operating System Routers IM Office Productivity Firewalls Special Applications (COP, Intelligence Tactical, Imagery, …) Anti-virus COTS Applications JWICS SIPRNET NIPRNET Satellite Forward Deployment Sustaining Bases/Hqtrs Same equipment at home, deployed Frequent updates Some systems just “Show-up” Fast fielding Vulnerable COTS

6 Technology Objective Scale/homogeneity/ collaboration for defense Collaboratively diagnoses problems (attacks/bugs/errors) Transform many running copies of a (COTS) software program to behave as a self-aware Application Community that: Application Community xx% accurate problem identification, localization, and diagnosis in xx minutes. Collaboratively responds while maintaining intended functions Generate effective patches/filters in xx minutes. Prevent xx% of harmful patch/filter side effects Collaboratively generates Situation Awareness Gauge Predict likelihood and timing of problems with xx% accuracy. Value of Collaboration 0% 100% , ,000 1,000,000 … active copies untapped utility Exploit scale for problem: localization mitigation recovery learning Possible Curves unknown threshold for diminished returns Collaboration: The Source Of Traction Observe Orient Decide Act time Knowledge Browser Operating System Web Server Middle- ware possible curve

7 Evaluation Protocol Phase I (Technology Development, 18 Months) SRI Metrics Detect >80% of attacks, with <10% false alarms Recover entire community from attack <30 minutes <30% average performance slowdown >60% accurate problem effects prediction < 15 min before arrival MIT Metrics Detect 95% of code injection attacks, recover from 60% Detect 50% of all other attacks and errors, recover from >30% <5% performance slowdown July 7, 2006 Start Go No-Go Dec. 6, 2007 Phase II (Maturation, Evaluation, Transition, 12 Months) March 6, 2009 System Maturation Initial Red Team Evaluation Transition-Ready Self-Defending COTS Software Commercialization Flaw Remediation More Ambitious Metrics Detect >98% of attacks, with <1% false alarms Recover entire community from attack <10 minutes <30% average performance slowdown >80% accurate problem effects prediction < 5 min before arrival Final Red Team Evaluation Feb. 7, 2009 to March 6, 2009 March 7, 2008 Start Dec. 7, 2007 to Jan. 6, 2008

8 AC Kickoff July Washington DC 1-day meeting Present new projects PI Meeting Wednesday, Jan. 10, 2007 East Coast Location Present progress reports PI Meeting July 2007 West Coast Location Present progress reports PI Meeting early Jan East Coast Location Phase 1 Schedule 2008 Red Team Evaluations Dec on site Site Visits by the PM and selected IET Oct Site Visits by the PM and selected IET April 2007 Site Visits by the PM and selected IET Oct. 2008

9 Role of the IET Provide technical feedback to performers at PI meetings Attend site visits for in-depth reviews Review performer self-assessment strategies  Evaluate validity of progress measures  Evaluate how understandable progress measures are to SRS outsiders  Cordell Green (Kestrel)  Hilarie Orman (Purple Streak)  Alex Orso (Ga. Tech)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.