Accession Number:

ADA465393

Title:

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

Descriptive Note:

Final rept., 15 Jun 2001-14 Nov 2006

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA

Personal Author(s):

Report Date:

2007-01-15

Pagination or Media Count:

187.0

Abstract:

This report summarizes the results of the work on the AFOSRs Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security Self-Securing Devices, funded by the Air Force Research Laboratory contract number F49620-01-1-0433. The scientific goal of this CIPURI effort was to fundamentally advance the state-of-the-art in network security and digital intrusion tolerance by exploring a new paradigm in which individual devices erect their own security perimeters and defend their own critical resources e.g., network links or storage media. Together with conventional border defenses e.g., firewalls, such self-securing devices provide a flexible infrastructure for dynamic prevention, detection, diagnosis, isolation, and repair of successful breaches in borders and device security perimeters. More specifically, the research sought to understand the costs, benefits and appropriate realization of 1 multiple, increasingly-specialized security perimeters placed between attackers and specific resources 2 independent security perimeters placed around distinct resources, isolating each from compromises of the others 3 rapid and effective intrusion detection, tracking, diagnosis, and recovery, using the still-standing security perimeters as a solid foundation from which to proceed 4 the ability to dynamically shut away compromised systems, throttling their network traffic at its sources and using secure channels to reactively advise their various internal components to increase their protective measures and 5 the ability to effectively manage and dynamically update security policies within and among the devices and systems in a networked environment. The underlying motivation throughout this research was to go beyond the single perimeter mindset that typifies todays security solutions and results in highly brittle protections.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE