INFOSEC Research Council
Download
Report
Transcript INFOSEC Research Council
The INFOSEC Research Council
Carl Piechowski
Chair IRC, DOE
Dr. Douglas Maughan
IRC Program Manager, DARPA
John C. Davis
Executive Agent IRC, Mitretek
2
The INFOSEC Research Council (IRC)
Charter
Informally chartered, government sponsored, voluntary organization
Goals
Facilitate communication and collaboration between participating
organizations
Enable knowledgeable and intelligent information security research
investments
Increase efficiency and effectiveness of U.S. Government INFOSEC
research
Support consolidated identification of high value research targets
The IRC provides an opportunity for participants to:
Discuss critical information security issues
Convey members’ research needs
Describe current research activities and planned research investments
Informally examine concepts and approaches against a body of experience
and knowledge
Benefit to members
Helps them to focus their INFOSEC research investments through
coordination with other relevant individuals and organizations
3
IRC Vision
INFOSEC
Science and Technology
Study Groups
Knowledge Base
INFOSEC
Research Council
Academic Industry
R&D
R&D
Participating
Organizations
Ideas
Fed Labs &
FFRDC
R&D
Hard
Problems
List
Roll
Up
DB
Warfighter,
National Security,
Homeland Security, and
Civil Agency Needs
4
IRC Background
First organized by NSA R2 in May 1996
IRC activities are sponsored by most of the
participating organizations, as led and coordinated by
DARPA
U.S. Department of Energy provides the current
chairperson
5
IRC Participants
Representatives from U.S. Government organizations
that sponsor information security research
Current Members
DOD: BMDO, DTRA, NCS, DARPA, NSA, OSD
Air Force: AFRL, AFIWC
Army: ARL, CECOM
Navy: NRL, ONR, SPAWAR
Intelligence Community: CIA, NRO, ARDA
Civilian Agencies: DOE, NIST, NSF, FBI, FAA, DOJ, NRC
6
IRC Activities
Bimonthly meetings
Program discussions
Relevant technical presentations
Review new developments
Events
Developed the INFOSEC “Hard Problems List”
Developing an R&D Database
Developed R&D Summary Report
Created and maintain IRC websites
www.infosec-research.org
Initiate INFOSEC Science and Technology Study
Groups (ISTSG)
7
INFOSEC Science and Technology Study Groups
Studies
Issues of particular import
Issues of shared interest
Benefit from the contributions of recognized experts
Studies Completed
Information Assurance Vision / End State
Malicious Code
Studies Proposed
Self Healing Networks
Technology Transfer
Network Study
8
Recent Briefings
Institute for Information Infrastructure Protection (I3P) – Michael
Vatis, Dartmouth University
National Strategy to Secure Cyberspace – Marcus Sachs,
Director for Communication Infrastructure Protection
NIAP Certification of Linux and Security-Enhanced Linux – Tony
Stanco, George Washington University
Homeland Security: In Pursuit of the Asymmetric Advantage –
Ruth David, Analytic Services, Inc. (ANSER)
The State of Information Security within the Civil Agencies – Keith
A. Rhodes, GAO
9
Recent Briefings
Large Network Security – Dr. Ed Amoroso, AT&T
Know Your Enemy: Modeling and Predicting Hacker Behavior–
the Honeynet Project
Fortune 500 Corporate Security – Head of Security of F500
company
"DUSD (S&T)'s Software Protection Initiative" – Jeff Hughes
MAC OS Security -- Shawn Geddis, Apple Federal
Microsoft XP Security – Sean Finnegan, Microsoft
10
INFOSEC Research Hard Problems List
Why define the “hard problems?”
Identify important roadblocks to effective information security
Guide research program planning
Achieve consensus on identifying especially difficult/persistent
information security issues
How was it done?
Discussion and e-mail exchanges among members
Contributions from national experts
11
What makes INFOSEC problems hard?
Technical factors
o
o
o
o
o
Need for COTS solutions
Need for wide deployment of security technology
Need to manage complex, networked systems securely
Need to support dynamic security policy environments
Growing technical sophistication of threats
IT Market and user perception factors
o COTS provides more function, less assurance
o Declining government influence on COTS information
technology
o User belief COTS security will suffice
– Unrealistic assumptions (e.g. detect new attack)
12
IRC’s Hard Problem List
Design & Development
Operational
Secure system composition
High assurance development
Metrics for security
Intrusion and misuse
detection
Intrusion and misuse
response
Security of foreign and mobile
code
Controlled sharing of
sensitive information
Application security
Denial of service
Communications security
Security management
infrastructure
Infosec for mobile warfare
13
Program R&D Database
Originally in hardcopy:
Now being automated
Each member organization provides R&D summary info
Project records will target:
o
o
o
o
Summary technical info / URL
Contact information
Non-sensitive budget info
Relationship to Hard Problems list
Benefits: identify resources being applied to hard
problems, support gap analysis
14
R&D Study
Collected information about Federal INFOSEC
R&D Programs
Identified key INFOSEC issues facing the U.S.
Fundamental flaws in much of the nation’s deployed information
infrastructure that leave systems open to exploitation
Decreasing diversity in the software components of that
infrastructure, and diminishing ability to assure that hardware
communications paths are diverse, which causes any flaw to be
very wide-spread
Lack of effective means for detecting the exploitation of these flaws,
both tactically and strategically
Lack of controllable, graduated responses to such exploitations
Synthesized the data
Performed Gap Analysis
15
IRC Websites -- Overview
Provide the infrastructure for communicating
research priorities and sharing research results
Mitretek Systems maintains three IRC websites
for various audiences
Public - http://www.infosec-research.org
IRC Meeting Participants
IRC Members
Implemented using open source software
Websites are hosted at Mitretek Systems in Falls
Church, VA
16
IRC Public Website
Only publicly accessible IRC website
Provides an overview of the organization and
objectives
Website contents
IRC Charter
Member Organizations
Upcoming Meeting Date and Location
Public Documents
o Hard Problems List
o IRC Overview (PowerPoint and Word Document)
Contact Information
17
IRC Meeting Participants Website
Access controlled by username/password
Separate username/password issued for each
meeting to all participants
SSL used for encrypted communication
Website contents
Schedule of future meetings
Meeting agendas
Abbreviated minutes -- contents from Closed Sessions
are removed
Presentations from Open Sessions
18
IRC Members Website
Access limited to Federal employees and IPAs
PKI client certificates are used for website authentication
SSL used for encrypted communication
Website contents
Schedule of future meetings
Meeting agendas
Complete minutes
Presentations from all sessions
ISTSG results / Draft documents for review
Calendar of upcoming meetings and conferences
Infrastructure to support the R&D database
o Search R&D summary information
o Update R&D project information
19
IRC Benefits
While it is understood that each participating
agency will have its own research priorities, the
IRC helps identify and organize high priority
INFOSEC problem areas and related research
opportunities. The IRC:
Promotes more efficient and effective use of research
funds
Shares expertise
Supports corporate memory beyond organization
Helps identify common problems
Helps avoid redundant efforts
20
QUESTIONS ???
21
Thank You
Chair, Infosec Research
Council
Carl Piechowski
U.S. Department of Energy
SO-13
19901 Germantown Rd
Germantown, MD 20874-1290
Phone: 301-903-4053
[email protected]
IRC Executive Agent
John Davis
(703) 610-1945
Mitretek Systems, Inc
MS F220
3150 Fairview Park Drive
South
Falls Church, VA 22042
Fax: (703) 610-1699
[email protected]