Publications

Refine Results

(Filters Applied) Clear All

Achieving cyber survivability in a contested environment using a cyber moving target

Published in:
High Frontier, Vol. 7, No. 3, May 2011, pp. 9-13.

Summary

We describe two components for achieving cyber survivability in a contested environment: an architectural component that provides heterogeneous computing platforms and an assessment technology that complements the architectural component by analyzing the threat space and triggering reorientation based on the evolving threat level. Together, these technologies provide a cyber moving target that dynamically changes the properties of the system to disadvantage the adversary and provide resiliency and survivability.
READ LESS

Summary

We describe two components for achieving cyber survivability in a contested environment: an architectural component that provides heterogeneous computing platforms and an assessment technology that complements the architectural component by analyzing the threat space and triggering reorientation based on the evolving threat level. Together, these technologies provide a cyber moving...

READ MORE

Creating a cyber moving target for critical infrastructure applications

Published in:
5th IFIP Int. Conf. on Critical Infrastructure Protection, ICCIP 2011, 19-21 March 2011.

Summary

Despite the significant amount of effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits a running critical application to change its hardware platform and operating system, thus providing cyber survivability through platform diversity. TALENT uses containers (operating-system-level virtualization) and a portable checkpoint compiler to create a virtual execution environment and to migrate a running application across different platforms while preserving the state of the application (execution state, open files and network connections). TALENT is designed to support general applications written in the C programming language. By changing the platform on-the-fly, TALENT creates a cyber moving target and significantly raises the bar for a successful attack against a critical application. Experiments demonstrate that a complete migration can be completed within about one second.
READ LESS

Summary

Despite the significant amount of effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits...

READ MORE

TALENT: dynamic platform heterogeneity for cyber survivability of mission critical applications

Published in:
Proc. Secure and Resilient Cyber Architecture Conf., SRCA, 29 October 2010.

Summary

Despite the significant amount of effort that often goes into securing mission critical systems, many remain vulnerable to advanced, targeted cyber attacks. In this work, we design and implement TALENT (Trusted dynAmic Logical hEterogeNeity sysTem), a framework to live-migrate mission critical applications across heterogeneous platforms. TALENT enables us to change the hardware and operating system on top of which a sensitive application is running, thus providing cyber survivability through platform diversity. Using containers (a.k.a. operating system-level virtualization) and a portable checkpoint compiler, TALENT creates a virtual execution environment and migrates a running application across different platforms while preserving the state of the application. The state, here, refers to the execution state of the process as well as its open files and sockets. TALENT is designed to support a general C application. By changing the platform on-the-fly, TALENT creates a moving target against cyber attacks and significantly raises the bar for a successful attack against a critical application. Our measurements show that a full migration can be completed in about one second.
READ LESS

Summary

Despite the significant amount of effort that often goes into securing mission critical systems, many remain vulnerable to advanced, targeted cyber attacks. In this work, we design and implement TALENT (Trusted dynAmic Logical hEterogeNeity sysTem), a framework to live-migrate mission critical applications across heterogeneous platforms. TALENT enables us to change...

READ MORE

Data diodes in support of trustworthy cyber infrastructure

Published in:
6th Annual Cyber Security and Information Intelligence Research Workshop, Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW10, 21 April 2010.

Summary

Interconnections between process control networks and enterprise networks has resulted in the proliferation of standard communication protocols in industrial control systems which exposes instrumentation, control systems, and the critical infrastructure components they operate to a variety of cyber attacks. Various standards and technologies have been proposed to protect industrial control systems against cyber attacks and to provide them with confidentiality, integrity, and availability. Among these technologies, data diodes provide protection of critical systems by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to understand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we briefly review the security challenges in an industrial control system, study data diodes, their functionalities and limitations, and propose a scheme for their effective deployment in trusted process control networks (TPCNs.)
READ LESS

Summary

Interconnections between process control networks and enterprise networks has resulted in the proliferation of standard communication protocols in industrial control systems which exposes instrumentation, control systems, and the critical infrastructure components they operate to a variety of cyber attacks. Various standards and technologies have been proposed to protect industrial control...

READ MORE

Range-velocity ambiguity mitigation schemes for the enhanced Terminal Doppler Weather Radar

Published in:
37th Int. Conf. on Radar Meteorology, 6-12 August 2003.

Summary

The Terminal Doppler Weather Radar (TDWR) radar data acquisition (RDA) subsystem is being replaced as part of a broader FAA program to improve the supportability of the system. An engineering prototype RDA is under development that will provide a modern, open-systems hardware platform and standards-compliant software. The new platform also provides an opportunity to insert algorithms to improve the quality of existing base data products, as well as support future enhancements to the aviation weather services provided by TDWR. There are several outstanding data quality issues with the TDWR. In this paper, we focus on mitigation schemes for the range-velocity ambiguity problem that is especially severe for C-band weather radars such as the TDWR.
READ LESS

Summary

The Terminal Doppler Weather Radar (TDWR) radar data acquisition (RDA) subsystem is being replaced as part of a broader FAA program to improve the supportability of the system. An engineering prototype RDA is under development that will provide a modern, open-systems hardware platform and standards-compliant software. The new platform also...

READ MORE