slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defe PowerPoint Presentation
Download Presentation
Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defe

Loading in 2 Seconds...

play fullscreen
1 / 11

Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defe - PowerPoint PPT Presentation


  • 168 Views
  • Uploaded on

Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems Results of a Three-Day Workshop August 16-19, 1999. Background.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defe' - Ava


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
Research and Development InitiativesFocused onPreventing, Detecting, and Responding to Insider Misuse ofCritical Defense Information Systems
  • Results of a Three-Day WorkshopAugust 16-19, 1999
background
Background
  • Three-day workshop held at RAND Santa Monica, August 16-18, 1999; 35 invited participants
  • Sponsored by Army Research Lab, DARPA, NSA
  • Purpose: to recommend technical R&D initiatives addressing the insider threat to DoD info systems
  • ASD/C3I report DoD Insider Threat Mitigation Plan (June 1999) concentrated on near-term steps to be taken -
    • This workshop focused on longer-term technical R&D required
    • Workshop is expected to be first in a series
policy and precursors to r d
Policy and Precursors to R&D
  • Technical initiatives must have a supportive environment. Required are:
    • Guidance from legal and law enforcement communities re. attribution,collection, maintenance, processing and storage of data
    • Clear definitions re. what are “critical assets” on a system
    • Clarity regarding who is an “insider”
    • Cost/benefit analysis of recommended measures
    • Plans for technology transfer
    • Support for multiple, diverse, concurrent approaches
characterizing an info system security incident modified from jtf cnd document

Incident

Characterizing an Info System Security Incident(modified from JTF-CND document)

Attack

Event

Sandia Labs

Unauthorized

Result

Action

Attackers

Tool

Vulnerability

Target

Response

Increased

Access

Physical

Attack

Hackers

Probe

Design

Repair

Motivation

Access = Opportunity

Skill + tool

Detection technology

Restore

Account

Disclosure of

Information

Information

Exchange

Scan

Record

Spies

Implementation

Process

Corruption of

Information

User

Command

Configuration

Flood

Terrorists

Report

Data

Script or

Program

Denial of

Service

Corporate

Raiders

Authenticate

Render

Component

Theft of

Resources

Autonomous

Agent

Professional

Criminals

Bypass

Computer

Spoof

Toolkit

Vandals

Network

Distributed

Tool

Voyeurs

Read

Internetwork

Potentially legitimate actions

Data Tap

Copy

Need to incorporate an understanding of the analytic process that initiates response activities

Steal

Modify

Remedial Security Engineering

Delete

workshop developed recommendations in 4 categories
Workshop Developed Recommendationsin 4 Categories
  • 20 specific recommendations:
  • • Threat (4)
  • • Prevention (5)
  • • Detection (6)
  • • Response (5)
r d recommendations focused on insider threat overview
R&D Recommendations Focused on Insider Threat - Overview
  • T1: Develop reactive configuration controls, in which an unauthorized result is mapped back to a specific type of threat
  • T2: Develop an insider trust model
  • T3: Develop means to map users to unauthorized results
  • T4: Identify signatures of unauthorized results
r d recommendations focused on insider prevention overview
R&D Recommendations Focused on Insider Prevention - Overview
  • P1: Develop authentication components
  • P2: Develop access control components
  • P3: Develop system integrity components
  • P4: Develop a bidirectional trusted path to the security system
  • P5: Develop attribution components
r d recommendations focused on insider detection overview
R&D Recommendations Focused on Insider Detection - Overview
  • D1: Develop profiling as a technique
  • D2: Detect misuse of applications
  • D3: Provide traceability for system-object usage
  • D4: Identify critical information automatically
  • D5: Design systems for detectability
  • D6: Determine unauthorized changes due to physical access
r d recommendations focused on insider response overview
R&D Recommendations Focused on Insider Response - Overview
  • R1: Develop a capability for monitoring privacy-enhanced systems, such as those using encryption
  • R2: Incorporate practical autonomic system response into production systems
  • R3: Develop data correlation tools, including data reduction for forensics, and visualization tools focused on internal misuse
  • R4: Develop a capability for surveillance of non-networked components
  • R5: Consider deception technologies specifically applicable to the insider threat
slide10

DIO Organizations and Activities Study35 Organizations Assessed

Protection

CERTs

Network Operations

Support

  • Joint Task Force - Computer Network Defense
  • US Space Command
  • National Infrastructure Protection Center
  • Joint Command and Control Warfare Center
  • Joint Spectrum Center
  • DoD Computer Forensics Laboratory
  • Defense Advanced Research Projects Agency
  • Joint C4ISR Battle Center
  • Army Research Lab
  • Air Force Computer Emergency Response Team
  • Army Computer Emergency Response Team
  • Navy Computer Incident Response Team
  • Defense Logistics Agency CERT
  • National Security Agency (X Group)
  • Carnegie Mellon University CERT/CC
  • Air Force Network Operations Center
  • Army Network Systems Operations Center
  • Naval Computer and Telecommunications Command
  • Global Network Operations Security Center

IW

LE/CI

Intelligence

Other

  • Air Force Information Warfare Center
  • Land Information Warfare Activity
  • Naval Information Warfare Activity
  • Fleet Information Warfare Center
  • Information Operations Technology Center
  • Air Force Office of Special Investigations
  • US Army Criminal Investigation Directorate
  • US Army Military Intelligence
  • Naval Criminal Investigation Service
  • Defense Criminal Investigative Service
  • Joint Staff - J2
  • Defense Intelligence Agency
  • Air Intelligence Agency
  • National Aeronautics and Space Administration
  • Joint Warfare Analysis Center

[Source: U.S. Department of Defense]

workshop attendees
Workshop Attendees

Adams, RobertAir Force Information Warfare Center250 Hall Rd #139San Antonio, TX 78243

Alvarez, JorgeSpace and Naval Warfare Systems Center53560 Hull StreetSan Diego, CA 92152

Anderson, RobertRAND CorporationP.O. Box 2138Santa Monica, CA 90407

Anderson, KarlNSA R29800 Savage RoadFt. Meade, MD 20755

Arnold, RichardGTE GSC1000 Wilson Blvd. Ste 810Arlington, VA 22209

Barnes, AnthonyArmy Research LabC41 Systems Branch, AMSRL-SL-EIFt. Monmouth, NJ 07703-5602

Bencivenga, AngeloArmy Research Lab2800 Powder Mill RoadAdelphi, MD 20783

Bozek, ThomasOffice of the Secretary of Defense / C3I6000 Defense, Rm 3E194Pentagon

Brackney, RichardNSA R2, R&E Bldg9800 Savage RoadFt. Meade, MD 20755

Christy, JamesASDC3I/DIAPSte. 1101, 1215 Jefferson Davis Highway,Arlington, Va 22202

Cowan, CrispinOregon Graduate InstituteP.O. Box 91000Portland, OR 97291

Dunn, TimothyArmy Research Lab2800 Powder Mill RoadAdelphi, MD 20783

Dunphy, BrianDefense Information Systems Agency701 S.Courthouse Rd D333Arlington VA

Ghosh, Anup K.Reliable Software Technologies21351 Ridgetop Circle, Ste 400Dulles, VA 20166

Gligor, VirgilUniversity of MarylandElectrical/Computer Engineering, AVW 1333,College Park, MD 20742

Gilliom, LauraSandia National LabsP. O. Box 5800-0455Albuquerque NM

Goldring, TomNSA R239800 Savage RoadFt. Meade, MD 20755

Hotes, ScottNSA R225 R&E Bldg9800 Savage RoadFt. Meade, MD 20755

Hunker, JeffreyNational Security CouncilWhite House #303Washington DC 20504

Jaeger, JimLucent TechnologiesBox 186, Columbia, MD 21045

Longstaff, ThomasCERT/CC4500 Fifth AvenuePittsburgh, PA 15213

Lunt, TeresaXerox PARC3333 Coyote Hill RoadPalo Alto, CA 94304

Matzner, SaraU. Texas at Austin Applied Research LabsInformation Systems Laboratory, P.O. Box 8029,Austin Texas 78713

Maxion, RoyCarnegie Mellon University5000 Forbes AvenuePittsburgh, PA 15213

McGovern, OwenDISALetterkenny Army DepotChambersburg, PA 17201-4122

Merritt, Larry D.NSA9800 Savage RoadFt. George G. Meade, MD 20755

Neumann, Peter GSRI International333 Ravenswood Ave.Menlo Park, CA 94025

Skolochenko, StevenOffice of Information Systems Security1500 Penn. Ave. NW, Annex, Rm. 3090,Washington, DC 20220

Skroch, MichaelDARPA/ISO3701 N. Fairfax Dr.Arlington, VA 22203

Solo, DavidCitibank666 Fifth Ave., 3rd Floor/Zone 6New York, NY 10103

Teslich, RobyneLawrence Livermore National LaboratoryPO Box 808, Room L-52Livermore CA 94550

Tung, BrianUSC Information Sciences Institute4676 Admiralty Way Ste. 1001,Marina del Rey, CA 90292

van Wyk, KennethPara-Protect5600 General Washington Drive ste. B-212Alexandria, VA 22312

Walczak, PaulArmy Research Laboratory2800 Powder Mill RoadAdelphi, MD 20783

Zissman, MarcMit Lincoln Laboratory244 Wood StreetLexington, MA 20420