Moving Target Reference Implementation

Similar documents
Applying Software Quality Models to Software Security

How To Use Elasticsearch

Contracting Officer s Representative (COR) Interactive SharePoint Wiki

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

A Systematic Method for Big Data Technology Selection

Exploring the Interactions Between Network Data Analysis and Security Information/Event Management

2012 CyberSecurity Watch Survey

VoIP in Flow A Beginning

Building Resilient Systems: The Secure Software Development Lifecycle

Overview. CMU/SEI Cyber Innovation Center. Dynamic On-Demand High-Performance Computing System. KVM and Hypervisor Security.

Department of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division

Cyber Intelligence Workforce

Data Management Maturity (DMM) Model Update

Network Monitoring for Cyber Security

Abuse of CPE Devices and Recommended Fixes

Agile Development and Software Architecture: Understanding Scale and Risk

Penetration Testing Tools

Software Security Engineering: A Guide for Project Managers

Architectural Implications of Cloud Computing

Buyer Beware: How To Be a Better Consumer of Security Maturity Models

Assurance Cases for Design Analysis of Complex System of Systems Software

Supply-Chain Risk Management Framework

Network Analysis with isilk

Extending AADL for Security Design Assurance of the Internet of Things

Monitoring Trends in Network Flow for Situational Awareness

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

The CERT Top 10 List for Winning the Battle Against Insider Threats

Common Testing Problems: Pitfalls to Prevent and Mitigate

SOA for Healthcare: Promises and Pitfalls

Getting Started with Service- Oriented Architecture (SOA) Terminology

UFO: Verification with Interpolants and Abstract Interpretation

emontage: An Architecture for Rapid Integration of Situational Awareness Data at the Edge

Software Assurance Competency Model

The Key to Successful Monitoring for Detection of Insider Attacks

Risk Management Framework

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

CRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1

CMMI for SCAMPI SM Class A Appraisal Results 2011 End-Year Update

How To Ensure Security In A System

An Application of an Iterative Approach to DoD Software Migration Planning

Deriving Software Security Measures from Information Security Standards of Practice

CRR Supplemental Resource Guide. Volume 3. Configuration and Change Management. Version 1.1

$100 SiLK Network Flow Sensor

CERT Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1

Service Measurement Index Framework Version 2.1

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

CERT Resilience Management Model (CERT -RMM) V1.1: NIST Special Publication Crosswalk

Trends and New Directions in Software Architecture

A Study of Systems Engineering Effectiveness. Building a Business Case for Systems Engineering

Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center

Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM ) Framework, Version 1.0

Arcade Game Maker Pedagogical Product Line: Marketing and Product Plan

CMMI: What do we need to do in Requirements Management & Engineering?

CERT Virtual Flow Collection and Analysis

CERT/CC Overview & CSIRT Development Team Activities

CMMI for Development, Version 1.3

Easily deploy and move enterprise applications in the cloud

CRR Supplemental Resource Guide. Volume 6. Service Continuity Management. Version 1.1

Open Source Used In Cisco Instant Connect for ios Devices 4.9(1)

CMMI for Development, Version 1.3

Cloud Computing Security in the Tactical Environment the Difference a Year Makes

Incident Management Capability Metrics Version 0.1

Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination

Information Asset Profiling

Portions derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

Guidelines for Developing a Product Line Concept of Operations

CMMI for Acquisition, Version 1.3

How To Manage A Privileged Account Management

Microsoft SharePoint

Integrate Microsoft Windows Hyper V

Port Following. Port Following. Feature Description

Guidelines for Developing a Product Line Production Plan

Transcription:

CYBER SECURITY DIVISION 2014 R&D SHOWCASE AND TECHNICAL WORKSHOP Moving Target Reference Implementation Software Engineering Institute, Carnegie Mellon University Andrew O. Mellinger December 17, 2014

Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by Department of Homeland Security under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Department of Homeland Security or the United States Department of Defense. References herein to any specific commercial product, process, or service by trade name, trade mark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. DM-0001991

Team Profile SEI Emerging Technology Center Matt Gaston, PhD Andrew Mellinger David Shepard Stephanie Rosenthal, PhD SEI CERT Division Jose Morales, PhD Carnegie Mellon University David Garlan, PhD Bradley Schmerl, PhD Florida Institute of Technology Marco Carvalho, PhD 3

Customer Need Adoption + Ease of Development & Deployment The government has made substantial investments into moving target and adaptive cyber defense and needs widespread adoption of these technologies. Researchers need a secure, easy to use, and consistent development and deployment path for new techniques. 4

Approach Iteratively build moving target middleware for parallel deployment into different lab environments. Moving target middleware supports installation, configuration, update, system monitoring, alerts, and optimization, and provides services for configuration management, knowledge management, ensembles of moving target techniques, and more. Federation SEI DHS FIT 5

Approach - Agents & Self-Adaptation Blend multi-agent systems and self-adaptive systems. Multi-Agent System Self-Adaptive System Resilient Partition tolerant Localized performance Distributed load Incomplete view of data http://www.ibm.com/developerworks/library/ac-edge6/ Centralized management Can hold big picture Can reason about all properties Central point of failure 6

Approach - Security Properly designed middleware promotes secure design in extension components. We want to make security easy. Designed-In Security Security architectures for middleware Secure design and coding practices Appropriate decomposition and privilege isolations Strong management and policy configuration 7

Transition Activities The transition process is part of the project. Updates early and often Deploy Reference Implementation at the SEI Deploy Reference Implementation at DHS Collaborate with FIT on federation Start with AARC and HEZDP SEI Federation DHS FIT 8

Benefit Measurable improvements in security posture for real networks. New technologies can be evaluated in a standard environment. Architecture that is specific to MTD promotes useful research. Facilitates experimentation, prototyping, and collaboration. Facilitates bootstrapping of commercial solutions. 9

Related Work MTC2 from FIT (We are already collaborating with them.) Moving Target Defense Researchers Adaptive Cyber Defense Researchers Adaptive Systems Researchers Datacenter automation solutions Cloud solutions could also be adapted 10

Contact Info Presenter Andrew Mellinger ETC Telephone: +1 412-268-5161 Email: aomellinger@sei.cmu.edu Web http://www.sei.cmu.edu http://www.sei.cmu.edu/contact.cfm U.S. Mail Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA 15213-2612 USA Customer Relations Email: info@sei.cmu.edu Telephone: +1 412-268-5800 SEI Phone: +1 412-268-5800 SEI Fax: +1 412-268-6257 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information