Your SlideShare is downloading. ×
0
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

DARPA: Cyber Analytical Framework (Kaufman)

1,168

Published on

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,168
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Dan Kaufman Director, Information Innovation OfficeAn analytical framework for cyber security Approved for Public Release, Distribution Unlimited.
  • 2. An analytical framework for cyber security November 2011 Approved for Public Release, Distribution Unlimited
  • 3. What we hear.Approved for Public Release, Distribution Unlimited.
  • 4. Attackers penetrate the architecture easily…Goal Hijacked• Demonstrate web page asymmetric ease of exploitation of DoD computer versus efforts to defend. Infected .pdf documentResult• Multiple remote compromises of fully security compliant and patched HBSS‡ computer within days: • 2 remote accesses. • 25+ local privilege HBSS Workstation escalations. Penetration Demonstration • Undetected by host defenses. Total Effort: 2 people, 3 days, $18K HBSS Costs: Millions of dollars a year for software and licenses alone (not including man hours) ‡ = Host Based Security System (HBSS) Approved for Public Release, Distribution Unlimited
  • 5. Users are the weak link… Approved for Public Release, Distribution Unlimited
  • 6. The supply chain is potentially compromised…Approximately 3500 ICs. • 200 unique chip types. • 208 field programmable gate arrays (FPGAs). • 64 FPGA and 9 ASIC types across 12 subsystems.78% of FPGAs and 66% of ASICs manufactured in China and Taiwan. FPGA ASIC JSF FPGA & ASIC Usage Manufacture Location Manufacture Location FPGA Asia Asia Europe USA Europe USA Approved for Public Release, Distribution Unlimited.
  • 7. Our physical systems are vulnerable to cyber attacks… Chinese cyber attack: “Highly sophisticated and targeted attack” on Google corporate infrastructure (known as Aurora) Small group of academics took control of a car using Bluetooth and OnStar. They were able to disable the brakes, control the accelerator, and turn on the interior microphone.[1] False speedometer reading[1] K. Koscher, et al. "Experimental Security Analysis of a Modern Automobile," in Proceedings of Note that the car is in park… the IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, 2010. Approved for Public Release, Distribution Unlimited
  • 8. We are doing a lot, but we are losing ground… Approved for Public Release, Distribution Unlimited
  • 9. Ground truth… 45,000 40,000 35,000 30,000 10.0Cyber Incidents Reported to 25,000 8.0 US-CERT [1] Federal Defensive by Federal 20,000 Cyber Spending [2] agencies 6.0 ($B) 15,000 4.0 10,000 2.0 5,000 0 0.0 2006 2007 2008 2009 2010 Federal Cyber Incidents and Defensive Cyber Spending fiscal years 2006 – 2010 [1] GAO analysis of US-CERT data. GAO-12-137 Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements [2] INPUT reports 2006 – 2010 Approved for Public Release, Distribution Unlimited.
  • 10. Why?Approved for Public Release, Distribution Unlimited
  • 11. We are divergent with the threat… x Unified Threat 10,000,000 Management 8,000,000Lines of Code Security software 6,000,000 4,000,000 x Network Flight 2,000,000 Recorder Milky Way Malware: DEC Seal Stalker x Snort 125 lines of code* x x x 0 1985 1990 1995 2000 2005 2010 * Public sources of malware averaged over 9,000 samples (collection of exploits, worms, botnets, viruses, DoS tools) Approved for Public Release, Distribution Unlimited
  • 12. User patterns are exploitable…A recent Defcon contest challenged participants to crack 53,000 passwords. In 48 hours, the winning team had 38,000. # Passwords Profile for the winning team, Team Hashcat Time Approved for Public Release, Distribution Unlimited
  • 13. Additional security layers often create vulnerabilities… October 2010 vulnerability watchlist Vulnerability Title Fix Avail? Date Added XXXXXXXXXXXX XXXXXXXXXXXX Local Privilege Escalation Vulnerability No 8/25/2010 XXXXXXXXXXXX XXXXXXXXXXXX Denial of Service Vulnerability Yes 8/24/2010 XXXXXXXXXXXX XXXXXXXXXXXX Buffer Overflow Vulnerability No 8/20/2010 XXXXXXXXXXXX XXXXXXXXXXXX Sanitization Bypass Weakness No 8/18/2010 XXXXXXXXXXXX XXXXXXXXXXXX Security Bypass Vulnerability No 8/17/2010 XXXXXXXXXXXX XXXXXXXXXXXX Multiple Security Vulnerabilities Yes 8/16/2010 XXXXXXXXXXXX XXXXXXXXXXXX Remote Code Execution Vulnerability No 8/16/2010 XXXXXXXXXXXX XXXXXXXXXXXX Use-After-Free Memory Corruption Vulnerability No 8/12/2010 XXXXXXXXXXXX XXXXXXXXXXXX Remote Code Execution Vulnerability No 8/10/2010 XXXXXXXXXXXX XXXXXXXXXXXX Multiple Buffer Overflow Vulnerabilities No 6 of the 8/10/2010 XXXXXXXXXXXX XXXXXXXXXXXX Stack Buffer Overflow Vulnerability Yes vulnerabilities 8/09/2010 XXXXXXXXXXXX XXXXXXXXXXXX Security-Bypass Vulnerability No 8/06/2010 in security are XXXXXXXXXXXX XXXXXXXXXXXX Multiple Security Vulnerabilities No software 8/05/2010 XXXXXXXXXXXX XXXXXXXXXXXX Buffer Overflow Vulnerability No 7/29/2010 XXXXXXXXXXXX XXXXXXXXXXXX Remote Privilege Escalation Vulnerability No 7/28/2010 XXXXXXXXXXXX XXXXXXXXXXXX Cross Site Request Forgery Vulnerability No 7/26/2010 XXXXXXXXXXXX XXXXXXXXXXXX Multiple Denial Of Service Vulnerabilities No 7/22/2010Color Code Key: Vendor Replied – Fix in development Awaiting Vendor Reply/Confirmation Awaiting CC/S/A use validation Approved for Public Release, Distribution Unlimited
  • 14. These layers increase the attack surface…Constant surface area available to attackRegardless of the application size, DLLs: run-time environment the system loads = more commonalitythe same number of support For every 1,000 lines functions. of code, 1 to 5 bugs are introduced. Application specific functions Approved for Public Release, Distribution Unlimited
  • 15. We amplify the effect by mandating uniform architectures Approved for Public Release, Distribution Unlimited
  • 16. The US approach to cyber security is dominated by a strategy that layers security on to a uniform architecture. We do this to create tactical breathing space, but it is not convergent with an evolving threat. Approved for Public Release, Distribution Unlimited
  • 17. Technology is not the only culprit… nor the only answer. Approved for Public Release, Distribution Unlimited
  • 18. Economics matter…There are multiple choices for addressing the supply chain vulnerability: • Resort to manufacturing all chips in trusted foundries. This is not feasible or sustainable. • Screen all chips in systems critical to National Security or our economic base. Despite recent advances in screening technology, this is not feasible, affordable, or sustainable at the scales required. • 3,500 IC’s on the F-35 • Single FPGA = 400 million transistors • Modern chips = 2.5 billion transistors Selective screening coupled with diplomatic sanctions may create new solutions that are both feasible and sustainable. Approved for Public Release, Distribution Unlimited
  • 19. Business incentives matter… Understanding them in the context of ‘game theory’ reveals the problem. Bot Herder strategy example: Traditional Bot Herder C2 Botnet Bot Herder Return Antivirus Antivirus Cost Cost Return Strategy 1: Short Long“Storm” XOR‡ branch Solution exists: Botnet weekly patch, kills branch Small High High Low High New P2P Botnet Solution needed: Small High 0 High Low high cost solution, Strategy 2: kills tree AES* branch Root Tree Branch The security layering strategy and antitrust has created cross incentives that contribute to divergence. ‡ = “exclusive or” logical operation * = Advanced Encryption Standard Approved for Public Release, Distribution Unlimited
  • 20. Layering and uniformity have created unintended consequences… we are in need of new choices…Examples: Unintended Belief Approach Example consequenceDefense in depth Uniform, layered Host Based Security Larger attack surface network defense System introduces more areas of exploitability for attackers… Homogeneous targets that amplify effects…Users are best line of Operator hygiene 15 character password Users take short cutsdefense and become enemy assets…The interplay of technology, Antitrust law Competition and Cross incentives thatpolicy, incentives will favor rulings, use of independence in undermine securitybetter security. COTS security software and COTSWe need new choices that create: Users as the best line of defense without impeding operations. Layered defense without increasing surface area for attack. Heterogeneous systems that are inherently manageable. Approved for Public Release, Distribution Unlimited
  • 21. We missed it too…Approved for Public Release, Distribution Unlimited
  • 22. …let’s fix it.Approved for Public Release, Distribution Unlimited
  • 23. #DARPACyber

×