Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

Abstract

This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices), funded by the Air Force Research Laboratory contract number F49620-01-1-0433. The scientific goal of this CIP/URI effort was to fundamentally advance the state-of-the-art in network security and digital intrusion tolerance by exploring a new paradigm in which individual devices erect their own security perimeters and defend their own critical resources (e.g., network links or storage media). Together with conventional border defenses (e.g., firewalls), such self-securing devices provide a flexible infrastructure for dynamic prevention, detection, diagnosis, isolation, and repair of successful breaches in borders and device security perimeters. More specifically, the research sought to understand the costs, benefits and appropriate realization of (1) multiple, increasingly-specialized security perimeters placed between attackers and specific resources; (2) independent security perimeters placed around distinct resources, isolating each from compromises of the others; (3) rapid and effective intrusion detection, tracking, diagnosis, and recovery, using the still-standing security perimeters as a solid foundation from which to proceed; (4) the ability to dynamically shut away compromised systems, throttling their network traffic at its sources and using secure channels to reactively advise their various internal components to increase their protective measures; and (5) the ability to effectively manage and dynamically update security policies within and among the devices and systems in a networked environment. The underlying motivation throughout this research was to go beyond the "single perimeter" mindset that typifies today's security solutions and results in highly brittle protections.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 15, 2007
Accession Number
ADA465393

Entities

People

  • Gregory R. Ganger

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Ground and Sea Platforms
  • Human Systems

DTIC Thesaurus Topics

  • Application Protocols
  • Communication Channels
  • Computer Communications
  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Detection
  • Electronic Mail
  • Intrusion Detection
  • Intrusion Detectors
  • Network Protocols
  • Network Science
  • Operating Systems

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber