Emerging and Evolving Cyber Threats Require Sophisticated Response and Protection Capabilities

1
Emerging and Evolving Cyber Threats Require
Sophisticated Response and Protection Capabilities

• Data and Identity Integrity and Protection
• Preventing Ex-Filtration and Corruption of Stored
  Data
• Protection of Data (Secure, Trusted, Protected
  Information Sharing)
• Stand-off Brain Scan Authentication and
  Identification

• Advanced Algorithms
• Cyber Attack Detection and Machine Speed Response
• Multi-Level and Distributed Ad-Hoc Trust
• Distributed Intrusion Detection and Attack
  Containment (DIDAC) for Organizational Cyber
  Security
• Distributed Zero-Day Attack Detection

2
Next-Generation Validation and Response Tools for
Critical Protection Mechanisms

• Large-Scale Cyber Security and Network Test Bed
• Software Verification and Validation
• Vulnerability Assessments
• Large-Scale Cyber Situation Awareness, Warnings,
  and Response
• IAVA Compliance Enabling Technology (ICETECH)

3
Intrusion Prevention, Detection, and Response at
the Granular Level

• Multi-Level Evidence Based Intrusion Detection
  System Using Bayesian Network to Detect Insider
  Threats
• Robust, flexible, and scalable distributed
  intrusion detection system (DIDS) overlay in an
  enterprise network

4
Designing Integrated Methods and Tools for
Managing Computer Security

• Logic for system security (security specification
  and abstraction notation)
• Security certification formula, which formulates
  the condition under which a system (represented
  by its security abstraction) meets a given set of
  security requirements (represented by security
  specifications).
• Security Management Tool
• Supports all phases of the system life-cycle,
  online security monitoring (uses Baysian
  assessment mechanism) and codification of
  security preserving architecture.

5
Designing Integrated methods and Tools for
Managing Computer Security

• Recognition that security is best managed by
  focusing on the observable / quantifiable
  measures of security rather than hypothesized
  causes.
• Derivation of a Logic for system security, which
  encompasses means to specify security
  requirements, derive security properties, and
  verify/ certify system against security standards.

6
Outcomes in terms of Methodology

• we can assess security measures/ procedures in
  terms of their observable/ quantifiable impact.
• we can derive security strategies that deploy
  complementary measures, minimize redundancy,
  and maximize security gains.
• we can use the proposed logic to deploy methods
  for security testing and security verification,
  thereby merging security concerns with other
  dependability concerns (reliability, safety,
  etc).
• we can use the proposed logic to support the
  concept of security preserving architectures,
  whereby any instance of the architecture is
  certified to meet certain security requirements.

7
Outcomes in terms of Tools

• A tool that supports the management of system
  security by quantifying the impact of existing
  security measures and directing the manager to
  possible security gaps.
• The inference mechanism of this tool can be used
  for online security monitoring, by analyzing
  various security parameters online (through
  bayesian analysis) and alerting the monitored
  system if its vulnerability reaches predefined
  thresholds.