High Assurance Systems (Fisher)

1,005 views

Published on

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,005
On SlideShare
0
From Embeds
0
Number of Embeds
147
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

High Assurance Systems (Fisher)

  1. 1. Kathleen FisherProgram Manager, Information Innovation Office High Assurance Systems DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
  2. 2. Physical systems vulnerable to cyber attacks Falsified speedometer reading: 140 mph in [P]ark! K. Koscher, et al. "Experimental Security Analysis of a Modern Automobile," in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, 2010. Approved for Public Release, Distribution Unlimited.
  3. 3. Many remote attack vectors Long-range wireless Indirect physical Entertainment Mechanic Short-range wirelessImage sources: www.autoblog.com,www.journalofamnangler.com, www.1800pocketpc.com,en.wikipedia.org/wiki/Compact_Disc www.thedigitalbus.com,coolmaterial.com, www.laptopsarena.com, www.elec-intro.com,mybluetoothearbuds.blogspot.com, www.diytrade.com Approved for Public Release, Distribution Unlimited.
  4. 4. Pervasive vulnerabilitySCADA Systems Computer Peripherals VehiclesMedical Devices Communication Devices Sources: en.wikipedia.org/wiki/File:Gas_centrifuge_cascade.jpg, gis-rci.montpellier.cemagref.fr, cyberseecure.com, www.ourestatesale.com, www.eweek.com, pastorron7.wordpress.com, landsat.gsfc.nasa.gov, www.tech2date.com, www.militaryaerospace.com, www.naval-technology.com, www.chinacartimes.com Approved for Public Release, Distribution Unlimited.
  5. 5. We need a fundamentally different approach• State of the art: • Anti-virus scanning, intrusion detection systems, patching infrastructure• This approach cannot solve the problem. • Focused on known vulnerabilities; can miss zero-day exploits • Can introduce new vulnerabilities and privilege escalation opportunities 1/3 of the vulnerabilities are in security software! Approved for Public Release, Distribution Unlimited.
  6. 6. Critical Components within Reach of Formal Methods 100000000 Verified Yet-To-Be-Verified >$120M 40M Systems Systems 12K PY 10000000 5M 10M 1000000Lines of Code 200K 100000 11 PY 10000 9K 1000 100 10 1 *Includes non-security relevant code Approved for Public Release, Distribution Unlimited.
  7. 7. High-Assurance Component Factory Key Challenges • Reusable components • Composition • Increasing automationCyber Physical • Scaling • Concurrency • Cyber-physical integration Sources: en.wikipedia.org/wiki/File:Gas_centrifuge_cascade.jpg, gis-rci.montpellier.cemagref.fr, cyberseecure.com, www.ourestatesale.com, www.tech2date.com, www.eweek.com, dronewarsuk.wordpress.com High Assurance: Correctness, Safety, Security Approved for Public Release, Distribution Unlimited.
  8. 8. Feedback welcome!• Promising research directions?• Additional challenges?• Other things you think I should know? Contact Information: Kathleen.Fisher@darpa.mil Approved for Public Release, Distribution Unlimited.

×