1 / 7

Open Security Technology

Dept. of Homeland Security Science & Technology Directorate. Open Security Technology. Tech@State Washington, DC February 11, 2011. Luke Berndt Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) luke.berndt@dhs.gov 202-254-5332.

zamir
Download Presentation

Open Security Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dept. of Homeland Security Science & Technology Directorate Open Security Technology Tech@State Washington, DC February 11, 2011 Luke Berndt Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) luke.berndt@dhs.gov 202-254-5332

  2. Need: Sustainable Government IT Systems • US Govt Spends $38 Billion on IT Annually • Trend is Not Sustainable • Bureaucracy (easy to blame) • Complexity of Govt Enterprise Systems • Redundancy – Re-Invent the Wheel • Existing System of Acquisition, Management, Updating, Technical Obsolescence • Significant Hurdle • Cybersecurity = Protection of Infrastructure and Data

  3. Homeland Open Security Technology (HOST) Focus: Gov contribution to and adoption of Open Source solutions that support cyber security • Make it easier for government (local, state, & federal) to take advantage of innovation in the OS space • Encourage the contribution of Gov funded research to OS community by improving processes • Investigate what OS is being used in Gov, acq best processes, & where gaps exist (user groups & census) • Seed development of OS solutions to fill key gaps • Phase 2 - $10m over 5 years

  4. HOST: Initial work • OS Intrusion Detection • DHS seeded development • Create common, OS engine for R&D, and commercial products • Maintained by non-profit • Supported by companies • OpenSSL libraries widely used in OS software • Feds need Crypto, FIPS validatedfor acquisitions • Each version needs to be re-validated • DHS contributed to maintaining the FIPS validation

  5. Coverity: scan.coverity.com • Give open source community access to entire toolset • Open-source developers register their project. Coverity automatically downloads and runs tool over it. • Developers get back bugs in coverity’s bug database • Big success: • Roughly 500 projects registered • 4,700+ defects actually patched. • Some really crucial bugs found; dozens of security patches (e.g., X, ethereal)

  6. Software Assurance MarketPlace (SWAMP) • BAA Topic 14: https://baa2.st.dhs.gov • Focuses on the research infrastructure necessary to enable software quality assurance and related activities • A software assurance facility and the associated research infrastructure services that will be made available to both software analysis researchers and software developers, both open source and proprietary • DHS expects the SWAMP to become a national level R&D resource in software assurance for open security technologies, used across civilian agencies and their communities as both a research platform and core component supporting US Government supported software development activities

  7. SWAMP Conceptual Architecture Software Assurance MarketPlace (SWAMP) Software Analysis Tools – Open Source and potentially commercial Open Source Software (for starters) and potentially all government funded software Other Resources (e.g., High Performance Computing Clusters)

More Related