Formally Generating Adaptive Security Protocols

Constable, Robert L.

Formally Generating Adaptive Security Protocols

Active / Technical Report | Accession Number: ADA582372 |

Open PDF

Abstract:

Over the five years of the project Formally Generating Adaptive Security Protocols, new formal tools based on original theoretical results of the research team allowed them to formally specify requirements for distributed protocols in a formal logic of system events. The project developed a constructive protocol description language and tools to automatically synthesize executable code from such descriptions and prove that the synthesized code satisfied formal requirements. These new automated tools produce many provably equivalent variants of the specified protocols that meet the requirements. The variants are used to change protocols on the fly to functionally equivalent protocols that have different behaviors. This ability to correctly change code on the fly creates a moving target defense that renders system more resistant to attack. This synthetic diversity defense was tested against attack scenarios that caused processes to fail, and the test system showed it was able to survive these attack scenarios.

Author(s):

Constable, Robert L.

Author Organization(s):

CORNELL UNIV ITHACA NY

Descriptive Note:

Final technical rept. May 2008-Oct 2012

Supplementary Note:

Prepared in cooperation with ATC-NY, Ithaca, NY. The original document contains color images. DOI: 10.21236/ADA582372

Pagination:

0024

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

AFRL-RI-RS-TR-2013-077

Contract/Grant Number(s):

FA8750-08-2-0153

Task Number(s):

PH

Project Number(s):

4519

Monitor Series:

TR-2013-077, AFRL-RI-RS

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_4.6_Engineering; JCA_4.6.1_General Engineering; JCA_5.3_Planning; JCA_5.5.2_Task; JCA_5.5_Direct; JCA_1.2.3_Educating; JCA_1.2.6_Concepts

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*COMPUTER NETWORK SECURITY, ATTACK, DISTRIBUTED COMPUTING, SYNTHESIS, VERIFICATION

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

ATTACK RESISTANT, DISTRIBUTED SYSTEMS, DIVERSITY, EVENT LOGIC, FORMAL METHODS, PE61102F, PE62702F, WUAFRL4519PH01

Report Date:

2013 Mar 01

Creation Date:

2013 Sep 04