Cooperative Red Teaming of a Prototype Survivable Service-Oriented System
Abstract
An increasing number of military systems are being developed using service orientation. Some of the features that make service orientation appealing, like loose coupling, dynamism and composition-oriented system construction, make securing service-based systems more complicated. We have been developing technologies for Advanced Protected Services (APS) to improve the resilience and survival of services under cyber attack. These technologies introduce a layer to absorb, contain, and adapt to cyber attacks before attacks reach critical services. This paper describes an evaluation of these advanced protection technologies using cooperative red teaming. In cooperative red teaming, an independent red team launches attacks on a protected enclave in order to evaluate the efficacy and efficiency of the protection technologies, but the red team is provided full knowledge of the system under test and its protections, and is given escalating levels of access to the system. The red team also operates within agreed upon rules of engagement designed to focus their effort on useful evaluation results. Apart from presenting the evaluation results, we also discuss cooperative red teaming as an effective means of evaluating cyber security.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2012
- Accession Number
- ADA602425
Entities
People
- Andrew Gronosky
- Asher Sinclair
- Brandon Froberg
- Charles Payne
- Joseph Loyall
- Michael Atighetchi
- Partha Pal
- Robert Grant
Organizations
- RTX