1. IA&S Joint PI Meeting Honolulu, HI 17-21 July 2000 ITS Track IA&S

2. Administrative Notes Please provide electronic copy of presentation for web site posting before departure. Agenda Discipline –Presentation Length (“The Hook”) –Breaks (Lunch-Colony for us, other breaks) Sidebars (Scheduled chat with PM) Tours (Submarine, TCCC, JWID) Social Events (Happy Hour, Luau) Available Services (ISDN, Fax, Messages) Cell Phones –Technology shouldn’t subvert good manners

3. Program Manager’s Welcome Intrusion Tolerant Systems Track Joint IA&S Principal Investigator’s Meeting Honolulu, Hawaii July 17 – 21, 2000

4. Intrusion Tolerant Systems Major Events & Milestones: August 1999 – July 2000 ITS Program Kickoff Summer IA&S Joint PI Meeting August 2,3 1999 ITS Winter PI Meeting February 22, 23 2000 Program RM Kernel RM Program Kernel Program Kernel RM Kernel supported Interpreter Modified application Real Time Execution Monitors Summer IA&S Joint PI Meeting July 17-21, 2000 Proxy Servers Ballot Monitors Acceptance Monitors COTS Servers Audit Control Adaptive Reconfiguration P1P1 B1B1 P2P2 B2B2 P3P3 B3B3 P4P4 B4B4 A1A1 A2A2 A3A3 A4A4 S1S1 S3S3 S4S4 Request Control Responses S2S2 Error Detection Tolerance Triggers Error Compensation, Response Recovery ITS Workshop October 4,5 1999

5. Site Visits Augments the two Bi-annual PI Meetings Purpose: –Meet the project team –More in depth description of project –Familiarization with the PI’s organization –Informal discussion/questions/exchange of ideas –Bring problems to the attention of the PM Annual Affair Generally a ½ day (approx. 4 hours) is sufficient Presentations posted to web site

6. Project Status Reports Requirements specified in contract –Generally monthly for commercial organizations –Generally quarterly for university grants Purpose: –Tool for PM to monitor progress –Contract management for agent Timeliness

7. Project Summaries and Quad Charts Update existing summaries –Important for accuracy and currency Need summaries for new projects – Visit http://schafercorp-ballston.com/its for exampleshttp://schafercorp-ballston.com/its Summaries very useful for collecting project information Summaries are provided on web site accessible to general public Press Releases –Coordinate with PM in advance of release

8. ITS Web Site http://tolerantsystems.org –Under Construction –Link to active ITS web site http://iaands.org –Link to ITS http://schafercorp-ballston.com/its/ –Project summaries –ITS Kickoff Meeting (Phoenix) –ITS Williamsburg Workshop –ITS Winter PI Meeting (Aspen) –User id:itsfolks p/w:redundant

9. Presentation & Meeting Guidance New Format –Group discussion at the end of each related set of presentations Present as if talking to your peers –These presentations are as much for them as for the PM Jumping around between tracks –Some of you have conflicts with other tracks –Attending presentations in parallel tracks is allowed, even encouraged Other presentations –PACOM speakers with operational emphasis –EWG Process –Threat/Attack Model and Policy Specification Workshop –JBI

10. Goals of Wednesday Discussion Better understanding of threat/attack models different projects are working with Better understanding of what protection the current ITS projects will provide –individually –collectively What is your attack model? What policies can you enforce?

11. Monday Afternoon 12:30- Program Manager’s Welcome (Jay Lala, DARPA) 12:40- Automatic Synthesis of Program-based Triggers for Intrusion Tolerance Mechanisms (C.C. Michael, RST Corp) 1:05- System Health and Intrusion Monitoring (SHIM): A New Approach to Triggering Intrusion Tolerant Mechanisms (Calvin Ko, NAI Labs) 1:30- Semantic Data Integrity (David Rosenthal, ORA) 2:00- Break 2:15- Group Discussion 2:30- Self Protecting Mobile Agents (Lee Badger, NAI Labs) 3:25- Group Discussion

12. Tuesday Morning 6:30- Registration and Breakfast 7:30- PACOM Speaker (Col(P)) Jan Hicks 8:30- Break 8:45- Scaling Proof-Carrying Code to Production Compilers and Security Policies (Andrew Appel, Princeton University) 9:15- New Approaches to Mobile Code: Reconciling Execution Efficiency with Provable Security (Michael Franz, UC, Irvine) 9:45- Break 10:10- Containment and Integrity for Mobile Code (Andrew Myers, Cornell) 10:40- Group Discussion 10:55- MAFTIA (Yves Deswarte, LAAS-CNRS; SRI International) 11:30- Lunch

13. Tuesday Afternoon 12:30- Intrusion Tolerant Server Infrastructure (Dick O’Brien, Secure Computing Corp.) 12:55- Intrusion Tolerance Using Masking, Redundancy, and Dispersion (Janet Lepanto, Draper Labs) 1:20- Hierarchical Adaptive Control for QoS Intrusion Tolerance (James Just, Teknowledge) 1:45- Group Discussion 2:00- Break 2:15- A High Security Information System (Joe Johnson, University of South Carolina) 2:40- Engineering a Distributed Intrusion Tolerant Database System Using COTS Components (Peng Liu, Univ of Maryland, Baltimore County) 3:05- Group Discussion

14. Wednesday Morning 6:30- Registration and Breakfast 7:30- PACOM Speaker 8:45- Cross Program Presentations 9:45 Break 10:00 Threat/Attack Model and Policy Specifications Discussion (Carl Landwehr, Mitretek) 10:30 Models of Security Policies for Proof-Carrying Code (Andrew Appel, Princeton University) 11:30- Lunch

15. Wednesday Afternoon 12:30- Active Trust Management (ATMs) for Autonomous Adaptive Survivable Systems (Howard Shrobe, MIT) 12:55- Dependable Intrusion Tolerance (Alfonso Valdes, SRI International) 1:20- Intrusion Tolerant Software Architecture (Bruno Dutertre, SRI International) 1:45- Group Discussion 2:00- Break 2:15- Joint Battlespace Infosphere (Walt Tirenin, AFRL) 3:00- Using Maximum Entropy for Rapid Cyberwarfare Deduction and Inference - A Demonstration (Philip Calabrese, SSC-SD)

16. Thursday Morning 6:30- Registration and Breakfast 7:30- PACOM Guest Speaker 8:30- Break 8:45- A Distributed Framework for Perpetually Available and Secure Information Systems (Greg Ganger/Pradeep Khosla, CMU) 9:15- PASIS Demonstration (Greg Ganger/Pradeep Khosla, CMU) 9:25- SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services (Fengmin Gong, MCNC) 9:50- Break 10:05- Tolerating Intrusions Through Secure System Reconfiguration (Alexander Wolf, Univ. of Colorado) 10:30- Group Discussion 10:40- Randomized Failover Intrusion Tolerant Systems (RFITS) (Ranga Ramanujan, Architecture Technology Corp.) 11:05- Computational Resiliency (Steve Chapin, Syracuse) 11:30- Lunch

17. Thursday Afternoon 12:30- Agile Objects – Component-based Inherent Survivability (Andrew Chien, UC, San Diego) 1:00- A Comprehensive Approach for Intrusion Tolerance Based on Intelligent Compensating Middleware (Amjad Umar, Telcordia Technologies) 1:25- Group Discussion 1:35- FOUR A – Agent Adaptation and Assurance (Bill Scherlis, CMU) 2:05- Break 2:20- Intrusion Tolerant Distributed Object Systems (Gregg Tally, NAI Labs) 2:45- Intrusion Tolerance by Unpredictable Adaptation (IT by UA) (Partha Pal, BBN Technologies) 3:10- Group Discussion

18. Friday Morning 6:30- Breakfast 7:30- PACOM Guest Speaker 8:30- Break 8:45- Effectively Constraining Active Scripting on the Win32 Platform (Anup Ghosh, RST Corp) 9:15- Integrity Through Mediated Interfaces (Bob Balzer, Teknowledge) 9:45- Break 10:00- A Binary Agent Technology for COTS Software Integrity (Anant Agarwal, InCert Software Corp) 10:30- Group Discussion 10:45- Program Manager’s Closing Remarks