DARPA pushes large-systems survivability

As defensive information warfare assumes a higher profile throughout government, the Defense Advanced Research Projects Agency is placing renewed emphasis on its year-old Information Survivability program with a new push into large-systems survivability.

The agency recently released a broad agency announcement (BAA) soliciting proposals for protecting large systems. Multiple awards are anticipated in August or September.

With its mandate to look 10 years or more beyond the state of the art, DARPA is focusing on problems such as vulnerabilities and security measures for "systems of systems," amalgams of hundreds or thousands of computers all sharing a common infrastructure, according to Howard Shrobe, overall Information Survivability program manager. He is hoping the BAA will generate "technology explorations" and lead to "prototypes the research community can start to experiment with."

One of the key aspects of securing large systems is the development of a "public health infrastructure," Shrobe said, a highly trustable subnetwork that can continue to operate during an attack, help to gauge the seriousness of an attack and mount measures against it.

The public health network would be distributed and made to look like everything else. Within this infrastructure, there might be a hierarchy of intrusion detection systems that would cooperatively share information, decide on the seriousness of the attack, alert critical systems to take protective measures and pass information up to higher levels.

Shrobe puts special emphasis on areas such as intrusion detection, adaptive architectures, resource allocation and variability among component systems.

One intrusion detection project at the University of California at Davis has already developed prototype code to be tested this summer on a 10-LAN network. Known as GrIDS, for Graph-based Intrusion Detection System, the U.C. Davis technology helps to identify the structure of sudden attacks on systems as large and critical as the FAA's air traffic control network.

The UC Davis researchers are also proposing an "automatic response to intrusion system" under DARPA's latest BAA, said Karl Levitt, professor of computer science. The proposal would use AI-related agent technology and design in a number of "built-in behaviors," he said. "Most of the effort goes into figuring out on the fly which is the best of its programmed behaviors to employ" for a given situation.

Variability of software such as operating systems is also a possible self-protection mechanism, Shrobe said. This might include "self-improving software," that "tunes" itself slightly differently at different times and places, depending on different runtime demands. Or software installers could be designed to lay out programs "in modules in random order each time, so at least the memory layouts of different instances of programs are different," Shrobe said.

Researchers need to "think about ways we can make systems we're running have more randomness and unpredictability," Shrobe said. "Variability of behavior, structure and so on is a hedge against what you don't know."

Aside from the BAA, the Information Survivability program is also receiving more attention from DARPA, with four program managers instead of one covering networks, computer systems, assurance/integration and large-scale systems survivability, respectively. IS is also requesting about $40 million next year, an increase of $15 million over current funding.

**

Adams is a free-lance writer based in Washington, D.C.