Mission Critical Survivable and Recoverable Cyber Systems

Abstract

Cyberspace and its underlying infrastructure are vulnerable to a wide range of security threats. Such security threats involve exploitation of vulnerabilities to launch attacks that disrupt and threaten delivery of essential services upon which our economy and the daily lives of millions of people depend. Several factors complicate securing our cyberspace, such as, the existence of a diverse set of security threats, the increasing connectivity between cyberspace and physical systems, and the difficulty of reducing vulnerabilities in complex networks. The main scientific objective of this project is to develop attack-tolerant mission critical cyber systems that can survive and recover under attacks for mission assurance by maintaining diversity and redundancy of system components. Systems that possess redundancy and/or diversity of their components can be said to exhibit a certain degree of robustness against attacks. Fundamentally, by having a diverse set of components, a system can avoid having a single point of failure under attacks, thereby enhancing the attack-tolerance of the system. Further, redundancy of sub-systems (or components) can also complement their diversity. Development of such attack-tolerant systems requires careful consideration of several factors, including space and weight considerations of the system, synchronization and management of and consensus between redundant and diverse components, consideration of strategic interactions of (sub) systems and attacker, and consideration of cost constraints to achieve security-cost tradeoffs. This project seeks to develop models, methodologies, and algorithms for designing attack-tolerant systems that can employ redundancy and diversity of components, and develop a software tool that will facilitate analysis of strategic use of redundancy and diversity techniques for cyber survivability and recoverability against tactical attacks by leveraging concepts from network design, optimization, decision theory and game theory. The projectÕs main thrusts underlying the methods of investigation are as follows: i) Develop Survivable and Recoverable Cyber Systems: This thrust will aim to develop models, methods and algorithms to design attack-tolerant mission critical systems that employ redundancy and diversity of components under cost constraints, system inter-operability considerations, and attacking behavioral trends; ii) Develop Cyber Survivability Games: This thrust will aim to utilize game theoretic tools to design strategic and adaptive security solutions that can tactically employ the redundancy and diversity in the design space; iii) Mission Critical Cyber Survive and Recover Simulator: This thrust will aim to develop a Mission Critical Cyber Survive and Recover Simulator that would provide capabilities to investigate dynamics of strategic interactions between system defender and attacker while allowing exploitation of varying degrees of redundancy and diversity. The project will lead to the development of fundamental theory for optimizing the survivability of a mission critical system for a given mission time by maintaining redundancy and diversity of its components. The project will also show the performance advantage of using game theory to strategize over the solution space under cost constraints for identifying optimal operating points that employ redundancy/diversity. The simulator will allow investigation of the dynamics of strategic interactions in attack-defense scenarios involving mission critical systems and will facilitate adoption of strategic defense tactics.

Document Details

Document Type

DoD Grant Award

Publication Date

Feb 25, 2019

Source ID

W911NF1810152

Entities

Tags