Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Combating Short- and Long-Term Cyber Threats Stacey A. Dixon, Ph.D. | Deputy Director
Intelligence Advanced Research Projects Activity
25 October 2017
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
IARPA Partners & Customers: The Intelligence Community
Coast Guard
Central Intelligence Agency
Army
Navy
Air Force
Na9onal Reconnaissance Office
Na9onal Geospa9al-Intelligence Agency
Na9onal Security Agency
Defense Intelligence Agency
Department of State
Department of Energy
Department of the Treasury
Department of Homeland Security
Federal Bureau of Inves9ga9on
Drug Enforcement Administra9on
Marine Corps
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
IARPA Mission
IARPA envisions and leads high-risk, high-payoff research that delivers innovative technology for
future overwhelming intelligence advantage
Ourproblemsarecomplexandmul)disciplinary Weemphasizetechnicalexcellence&technicaltruth
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
IARPA Method Bringthebestmindstobearonourproblems
FullandopencompeHHontothegreatestpossibleextent World-class,rotaHonalProgramManagers
Defineandexecuteresearchprogramsthat: Havegoalsthatareclear,measureable,ambiHousandcredible EmployindependentandrigorousTest&EvaluaHon InvolveICpartnersfromstarttofinish Runfromthreetofiveyears Publishpeer-reviewedresultsanddata,tothegreatestpossibleextent TransiHonnewcapabiliHestointelligencecommunitypartners
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
4 Core Research Thrusts
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Computing R&D
TRUSTWORTHY COMPONENTS
Gainthebenefitsofleading-edgehardwareandsoTwarewithoutcompromisingsecurity
RevoluHonaryadvancestosolveproblemsintractablewithtoday’scomputers
COMPUTATIONAL POWER
SAFE AND SECURE SYSTEMS
ProtecHngsystemsagainstcyberthreats
“Operate effectively in a globally interdependent and networked environment”
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
User
ApplicaHon
OperaHngSystem
Hypervisor
Firmware
Hardware
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
IARPA Cybersecurity-related research
User
TICCAT
CAUSE
STONESOUP
SCITESPAR
VirtUE
ApplicaHon
OperaHngSystem
Hypervisor
Firmware
HardwareRAVEN
HECTOR
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Cyber-attack Automated Unconventional Sensor Environment (CAUSE)
Howcanweforecastcyber-aWackevents,hourstoweeksearlierthanexisHngmethods?
CAUSEProgramgoals DevelopandvalidateunconvenHonalmulH-disciplinarysensortechnologythatwillforecastcyber-aWacksandcomplementexisHngadvancedintrusiondetecHoncapabiliHes.
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
CAUSE Approach
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
CAUSE Performer Modeling & Analytic Approaches LearningthespaHo-temporalstructurerelaHngobservablebehaviors(e.g.socialmediainteracHons)withhistoricalcyber-aWackdata
Learningotherfeaturesfromsensordata(e.g.,Darkwebposts)thatarepredicHveofevents
FusingnotonlypredicHonsfrommulHplemodels,butsignalsfrommulHplesensorsaswell
TrainingatranslaHonmodelusingaconvoluHonalneuralnetwork(CNN)approachforfeatureextracHonfromwebsitesinotherlanguages
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
CAUSE Sensor Research CONVENTIONAL UNCONVENTIONAL
INTERN
AL
NetworkBehaviorAnomalyDetec)on ThermalAnomalyDetec)onEX
TERN
AL
VulnerabilityMen)ons SocialMediaSen)mentAnalysis
ArehighfrequencymenHonsofsoTwarevulnerabiliHesindicaHveoffuturecyber-aWacks?
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
CAUSE Program Challenges Challenge#1:GroundTruth
EventTypes:atypologydefiningtherelevantcyber-aWackeventspaceisnecessaryforpredicHvemodelingandanalyHcs
HighFidelity:accuratepredicHonofeventdetailsadvancesthestate-of-the-artofcyber-aWackforecasHngandprovidesuHlityfordeployingeffecHvedefensivemeasures
LessonsLearned:developingreliabledatacollecHonandencodingprocessesisparamountforexecuHngasuccessfulprogram
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
CAUSE Program Challenges Challenge#2:Transparency
Cybersecurityanalystsarereluctanttoadoptblackboxsystemsthatfailtorevealthedecisionprocessandlacktransparency
AprogramobjecHveistopromotetransparencybyprovidinganAuditTrailcapabilitytorevealthedecisionprocessandconnectthedots
NarraHveprovidescontextaboutthewarningfromAuditTraildetails
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
CAUSE Technical Challenges HighDimensionalDataSources
PerHnentdatasources(e.g.,socialmedia,darkweb,news)areinherentlynoisyandhavehighdimensionality
Keychallengetoextractfeaturesandreducedimensionality
SensorResearch ConvenHonalandunconvenHonalsensorsrelyonbothinternal(e.g.,securityappliance)andexternaldatasources
SensorsmeasuremulH-modalobservablesignalssuchassenHment,outrage,andintentfrommulHpledatasources
KeychallengetomeasurenoisysignalsindicaHveofcyber-aWacks
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Virtuous User Environment (VirtUE)
Howcanwedevelopuserenvironmentsthataremoredynamic,secure,auditable,transferrable,andefficientthanthecurrentofferingsprovidedbytradiHonalphysicalworkstaHonsandcommercialVirtualdesktopinfrastructure?
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
VirtUE Program Goals UsethetechnologiesofthecloudtocreateanewuserinterfacethatmiHgatesuser-basedcomputerthreatsinthegovernment’scompuHngenvironment-“AbeWerVirtualDesktopInfrastructure”
MiHgatethisComputerSecurityConundrum: Computerusersareresponsibleformostofourcurrentsecurityincidents.Spear-Phishing,MaliciousWebcontent,usercarelessnessormalice
UsersneedconvenientaccesstocompuHngresourcestomaintainproducHvityandachieveorganizaHonalgoals
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Build a Dynamic, Securable User Environment Using the Cloud – A “Virtue”
“a virtual appliance built specifically for the purpose of safe, user-interactive computing tasks in the cloud”
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Redesign the Legacy User Environment Leveraging the Cloud
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
DBAdminVirtue
SharePointUserVirtue
AuditorVirtue
Emailuservirtue
InternetConsumervirtue
Documentcreatorvirtue
User interacting with 6 virtues in one interface
Provide a Clever Presentation Interface Merging User’s VirtUEs
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Scientific advances to Continuous Insider Threat Evaluation (SCITE)
HowcanweadvancethescienceandpracHceofinsiderthreatdetecHon?
ProgramGoals: ModelandforecasttheperformanceofexisHngandproposedinsiderthreatdetecHonenterprises
DevelopanewclassofacHveindicatorsandassociatedautomateddetecHontools
Status:programinprogress
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Security and Privacy Assurance Research (SPAR)
WhatdoyoudowhenaqueryistoosensiHvetoshare,andbulkingesHonofthedataraisesprivacyissues?
Query
Clientlearns:• Response• Querypolicy• Otherrecordcontents• Otherclients’queries
Serverlearns:• Querystructure• Querycontents• Queryresponse• Cross-querytrends
Client Server Database,Policy
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
SPAR Program Goals CreatesystemsthatguaranteeprivacywhilealsomaintainingcertainsecuritycharacterisHcs
GivesassurancetoadataownerthatonlyrelevantinformaHonisshared SupportsapracHcalsetofquerytypesandscalestorealisHcdatabasesizes
EnablescollaboraHonbetweennon-tradiHonal/occasionalpartners,andadministraHonwithoutaccesstocontent
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
SPAR Sharing Architecture Query
Client learns: • Response • Query policy • Other record contents • Other clients’ queries
Server learns: • Query structure • Query contents • Query response • Cross-query trends
Third party learns: • Query structure • Cross-query trends • # of records returned • Query contents • Record contents
Encrypted (DB)
Client Server
Third Party
DB, Policy
• Third Party learns limited information about DB and Queries
• Third Party management jointly decided by Client/Server
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Homomorphic Encryption Computing Techniques with Overhead Reduction (HECTOR)
Challenge:TobalancetheneedsofpolicycompliancewithprovidingaccesstodataneededtoprotectnaHonalsecurity.
Goal:Developacomprehensivesetofcryptographictools,programminglanguages,designandverificaHontoolstoenablenon-cryptographicexpertsystemarchitectsandapplicaHondeveloperstodevelopsecuredistributedapplicaHonsleveragingadvancedcryptographictechniques.
Status:TheBroadAreaAnnouncementclosesonDecember1st.
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Securely Taking on Executable Software of Uncertain Provenance (STONESOUP)
HowcanwebenefitfromhighlyfuncHonalsoTwareproducedbyaglobalizedindustrywithoutpuhngtheenterpriseatrisk?
Is this SOUP safe?
SOUP
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
STONESOUP Accomplishments ProtectssystemsbyautomaHcallyprevenHngsoTwareweaknessesfrombeingexploited
AutomaHcallyfindsandmiHgatesexploitablesecurityvulnerabiliHesinsoTware
Analyzesprograms,notthedataprocessedbyprograms FindsflawsthatleadtoinsecureprogramcondiHons,ratherthanlookingforknownaWackpaWerns
Status:Programendedin2015 ToolsarehostedonlinebyNIST.SearchIARPASTONESOUPNIST
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Circuit Analysis Tools (CAT) and Rapid Analysis of Various Emerging Nanoelectronics (RAVEN)
Microelectronicsdesignsareadvancingfasterthanourcapacitytoanalyzethem.
HowdowekeepupwithmicroelectronicswhennextgeneraHoncircuitsare10,000xsmallerthanahumanhair?
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Circuit Analysis Tools (CAT) Developtoolsforintegratedcircuitanalysisatfuturetechnologynodes,specificallythe22nmnodeandbeyond.
Analysistoolscapableofworkingwithadvancedpackagesincludingbutstackeddie.
ToolsandtechniquesmustaddressanalysisandimagingchallengesforwhichtherearecurrentlynosoluHons.
ProgramStatus Programcomplete. Commercialproductsareinthemarketplace.
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Rapid Analysis of Various Emerging Nanoelectronics (RAVEN)
TheRAVENprogramaimstodevelopaprototypeanalysistoolforacquiringimagesfromalllayersina1cm2areaofa14nmintegratedcircuit,within25days.
Programgoalsinclude:afullyautomatedprototypetoolcapableofrapidimageacquisiHonfromanindividualchip.
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
Trusted Integrated Chips (TIC) Over90%oftheworld’sintegratedcircuitfoundrycapacityiscontrolledbynon-UScompanies.
HowcanweleveragethisglobalinfrastructurewhileprotecHngintellectualpropertyandensuringsecurity?
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
TIC Program Goals EnsuretheU.S.IntelligenceCommunitycanobtainthehighestperformancepossibleinintegratedcircuits.
Obtainassurancethatdesignsaresafeandsecure–notcompromisedwithmaliciouscircuitry.
Ensuresecurityofdesigns,capability,andperformancewhilesimultaneouslyprotecHngintellectualproperty.
RealizesecuresystemscombiningadvancedCMOSwithhighervaluechips.
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
TIC Technical Accomplishments Demonstratedsplit-manufacturingofintegratedcircuitsusingastate-of-the-artuntrustedFEOL(FrontEndofLine)foundryandatrustedBEOL(BackEndofLine)foundry.
130nm,65nm,and28nmnodes.
ProgramStatus Programisinitsfinalphase. Findingsarebeingsharedwithgovernmentandindustry.
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
IARPA Cybersecurity-related research
User
TICCAT
CAUSE
STONESOUP
SCITESPAR
VirtUE
ApplicaHon
OperaHngSystem
Hypervisor
Firmware
HardwareRAVEN
HECTOR
INTELLIGENCEADVANCEDRESEARCHPROJECTSACTIVITY(IARPA)
How to Engage with IARPA iarpa.gov|301-851-7500
RESEARCH PROGRAMS
“SEEDLINGS” RFIS AND WORKSHOPS
Opportuni)estoEngage:PRIZE
CHALLENGES
MulH-yearresearchfundingopportuniHesonspecifictopics.
Noproposalsrequired.SubmitsoluHonstoourproblems–ifyoursoluHonsarethebest,youreceiveacashprizeandbraggingrights.
OpportuniHestolearnwhatiscoming,andtoinfluenceprograms.
Typicallya9-12monthstudy;youcansubmityourresearchproposalatanyHme.WestronglyencourageinformaldiscussionwithaPMbeforeproposalsubmission.
• ReachouttoourProgramManagers.• ScheduleavisitifyouareintheDCareaorinvite
ustovisityou