Enterprise Wrappers for Information Assurance DARPA/SPAWAR Contract N66001-C-8023

1. Enterprise Wrappers for Information AssuranceDARPA/SPAWAR Contract N66001-C-8023 NAI Labs, Network Associates OASIS Winter PI Meeting 12 March 2002 Mark Feldman, Wayne Salamon, Steve Kiernan, John Axisa Not for Public Release

2. Overview and Status • Blah, blah, blah Wrappers • Blah, blah, blah NAI Labs • Blah, blah, blah Teknowledge • Blah, blah, blah Enterprise • Success, but more work to do

3. Base Technology and Teaming A Parallel, Collaborative Effort Using Previous DARPA Research Prototypes as a Base • Teknowledge: Windows NT/2000 • NAI Labs: Multi-Platform, concentrating on Linux under this program ftp://ftp.tislabs.com/pub/wrappers/ http://opensource.nailabs.com/wrappers/

4. Enterprise Wrappers Goals “Scaling the power of the wrapper to the enterprise” • Integrate host-based wrappers into scalable cyber-defense system • Create common, multi-platform, policy-enforcing infrastructure • Populate this infrastructure with useful monitors, authorizers, and controllers • Dynamically ensure a consistent, enterprise-wide policy

5. NWM Interface Network Schema & Data Hardened System(expanded) Manager Boundary Other IA components, M M Mediation Mediation Cocoon Cocoon Controller such as intrusion detection, App App sniffers, secure DNS, IDIP, etc. M M M M Data Push/Pull Control Protocol service M M service Host Controller ... Linux or NT WMI proxy Wrapper Data Base Hardened Subsystem System “Soft” System Enterprise Wrappers Objectives • Wrapper Network Interface • Off-board cyber-defense controllers • Off-board communication of wrapper data • Multi-Platform Host Controller • Manages dynamic insertion and removal of Wrappers • Network-scalable

6. Revisiting What “Policy” Means Here • A combination of • Wrappers written in WDL • Activation Criteria • Data to drive decisions • Distributed based on • Hardware/Software Platform • Network Topology • Geographic Location • Mission • Users • via a secure, hierarchical distribution mechanism driven by a GUI (drag-and-drop) with local override

7. What We’ve Done Lately • Selected and implemented technologies • Communication using sockets (adaptable to BEEP, Spread, SSL, IPSEC) • Portable Java-based host and network controller and lightweight native host controller • Portable storage mechanism (LDAP) for policy • First release with Enterprise functionality • One GUI to rule them all • Implements policy across the Enterprise • Started experimentation and testing of policy model

8. Come see the Demo! We’ll be demonstrating Enterprise Wrappers for the first time* Wednesday night. Please stop by to see the power of the wrapper scale to the enterprise * Outside of a preview to Jay in October

9. DARPA-hard Questions we still have • Is the Policy Model adequate for the user? • Are pre-packaged groups of wrappers, activation criteria, and data sufficient? • Will composition produce unexpected/unintended results? • Will the administrator-in-the-middle hierarchical model produce unexpected/unintended results?

10. 2000 2001 2002 2003 Schedule NAI Start Teknowledge Start Host & Network Controllers Base technology build-up You are here Updated Wrappers New API design and implementation Hilton Head PI Meeting Santa Fe PI Meeting TBD: • Useability • Wrapper population • Integration with other OASIS technologies Norfolkgk PI Meetin Interoperability Hawaii PI Meeting Summer PI Meeting

11. Technology Transfer • Wrappers are available and being used; Enterprise Wrappers becoming the default. • Actively seeking input on • wrappers necessary to protect mission • ways to make wrappers easier to use • Continuing to make the toolkit, including new Enterprise functionality, available under the GPL. ftp://ftp.tislabs.com/pub/wrappers/ http://opensource.nailabs.com/wrappers/

12. Questions, Suggestions, or Ideas ?