Big Data for Government Symposium - Semantic …semanticommunity.info/@api/deki/files/27184/GARRETT-TTC_Gov... · Big Data for Government Symposium ... Vetting Commodity IT Software

Big Data for Government Symposium htt // tthttp://www.ttcus.com

Linkedin/Groups:Technology Training Corporation

@TECHTrain

Big Data Analytics

Dr. Randy Garrett

The views, opinions, and/or findings contained in this presentation are those of the author and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency

or the Department of Defense

Approved for Public Release, Distribution Unlimited

DARPA History


I2O: information to operations

• Cyber

Information Information is is a force multipliera force multiplier

• Cyber

• ISR exploitation

• New experts


The Earth at Night

NASA Earth Observatory/NOAA NGDCDistribution Statement “A” (Approved for Public Release, Distribution Unlimited)

The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research

Projects Agency or the Department of Defense.

Interconnectivity

6

Distribution Statement “A” (Approved for Public Release, Distribution Unlimited)The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research


Democritization of Technology

A ailable to Indi id als State Go e nments

• Instantaneous global communications

• Capital Equipment• Jet fighters, Naval fighting vessels,

Available to Individuals: State Governments:

• Low cost, rapid global transportation

• Ubiquitous mass media

long range artillery• Missiles (but not UAV’s,

Tomahawks)• Nuclear Weapons (?)

• Encryption• High Resolution Satellite Imagery• Precision Navigation & Timing

• Nuclear Weapons (?)

• State-of-the-art sensors• Sophisticated C2• Large numbers of trained troops

• Design & fabrication of sophisticated: parts, electronics, biological materials

• IED’s EFP semi submersibles

• Large numbers of trained troops

• IED s, EFP, semi-submersibles

• High performance computing

7



Understanding Organizations and Their Relationships

Traditional DOD(Nation State)

Unexplored Territoryp y

Historic Military Counter-InsurgencyCounter Insurgency


Our physical systems are vulnerable to cyber attacks…

Chinese cyber attack: “Highly sophisticated and targeted attack” on Google corporate i f t t (k A )

Small group of academics took control of a car using Bluetooth

infrastructure (known as Aurora)

gand OnStar. They were able to disable the brakes, control the

accelerator, and turn on the interior microphone.[1]p

False speedometer readingNote that the car is in park…[1] K. Koscher, et al. "Experimental Security Analysis of a Modern Automobile," in Proceedings of

the IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, 2010.

Approved for Public Release, Distribution Unlimited 9

Plan X

A single view of the cyber battlespace for planning, operation and situational awareness

Plan X System

Intuitive Interfaces

Cyber battlespace analytics

MissionPlanning

CapabilityDatabase

Platforms

Mission Execution

network mappingdata

deploy,operate,measure

Core Plan X Technology Base

analytics Platforms

• Real-time cyberspace analytics• Intuitive views and interactions• Single fused situational awareness• Machine execution


• Machine execution• Assured and integrated battle damage assessment • Work with range of skill sets, novice to expert

Scalable analytics & data processing technologyTechnical Area 1 - XDATA

Quadratic scaling O(n^2)Correlation of subsets of data

Statistics for an n^2 scaling analytic based on 20K records with feature vector length of 8000 used to• Propagation of uncertainty

Challenges to achieve practical solutions with know accuracy in realistic environments

records with feature vector length of 8000 used to generate a correlation coefficient matrix.

Data locality (random access seek times) along with CPU usage are the primary factors in execution.

Propagation of uncertainty

• Measuring non-linear relationships

S li d ti tiSmall

Medium

Large

Huge

• Sampling and estimation techniques for distributed platforms

*Actual measured timesother times above are estimated

Huge

Massive• Methods for distributed dimensionality reduction, matrix factorization etc.

Reduction methods?

n^3 scaling O(n^3)PCA/SVD, betweenness, force-directed layout

“Betweenness” using 4.7 million nodes and 29 million edges1.

• Streaming data feeds

• Optimal cloud configurations and

111 AFRL 2011 Approved for public release; distribution is unlimited.

p gresource allocation with asymmetric components

Getting convergent:Manageable diversity (CRASH‡)

New architectures guided by biology

System Users

Make all systems look the same to the system users and managers,

but different to the attackers.

High-Level Visible Layers to User Remain Unchanged

System Users

System Managers

Management Interface & Dynamic Loader Component

M

Diversity Management Middleware

y g

MapDependency

Map

Randomization of Lower Layers Attacker• Preventing common attacksAddress space layout randomization

Instruction set randomization

Functional Redundancy

y AttackerPreventing common attacks.• Adapting in response to

unanticipated attacks.• Create diversity so attacker

has to deal with heterogeneity.

MethodijMethodijTaskiTaski

‡ Clean-slate design of Resilient, Adaptive, Secure Hosts


Encrypted computing in the cloud as privately as in your data center (PROCEED‡)

It is theoretically possible to perform arbitrary computations on encrypted data without decrypting. Thus, preserving security even on untrustworthy computational infrastructure. [Gentry, 2009] [1]

What if all computation could be done on encrypted data?• Secure computational outsourcing

Will your foreign-built computer steal Secure computational outsourcing

• System hardware and software provenance concerns reduced

• Data provenance and availabilityremain concerns

your data?

Program Approach• PROCEED is searching for efficient ways to compute on encrypted data that can be

implemented on modern computers• Potential applications

• High assurance network guards• Training simulators• Image processing ‡ PROgramming Computation on EncryptEd Data (PROCEED)

[1] Craig Gentry. Fully Homomorphic Encryption Using Ideal Lattices. 41st ACM Symposium on Theory of Computing (STOC), 2009.


Active Authentication

Fingerprint Forensic authorshipMouse tracking

Beyond passwordsObjective

V lid t th i di id l t thRidge Ending

Ridge Bifurcation

Average word length

Type-token ratioTime over a single location

Drifting while reviewing topics

Validate the individual at the keyboard by those unique factors that make up the individual.

Approach

Core

Island

Use of Punctuation

Use of unique wordsDouble click

Approach

Focus on software biometrics (those without hardware sensors).

Rotate many different biometricsHovering to review

alt-text

Repurposed TechnologyExisting Technology New Technology

Source: epdeatonville.org\wp-content uploads\2011 04\fingerprint.jpg Source: The Mancurian Candidate, Robert Graves, P2, Amazon PreviewSource: google search for "real estate" with mouse tracking provided by IOGraph

Rotate many different biometrics as the human at the keyboard is working, resulting in an invisible authentication method.

Biometric Identity Modalities

Approved for Public Release, Distribution Unlimited.

Automated Program Analysis for Cybersecurity (APAC)

Objective• Develop new program analysis tools

and techniques for detecting malicious q gfunctionality in mobile applications.

• Seek fundamental advances in program analysis that might enable DoD to vet other kinds of software,

Third-party developers submit mobileDoD to vet other kinds of software,

too.Approach• Produce practical automated analysis

tools designed to keep malicious code

submit mobile apps to DoD.

Some contain hidden malicious functionality.

DoD analysts keep mobile app store free of malicious apps.

APP APP STORE

tools designed to keep malicious code out of DoD mobile application marketplaces.

• Translate goal of keeping malicious d f b l l

y malicious apps.

Develop new tools and techniques for vetting mobile apps.

code out of DoD mobile application marketplaces into lower-level properties that can be proven with automated program analysis tools.


VET: Vetting Commodity IT Software and Firmware

Objective• Fully-automated checks for broad classes

of malicious features and dangerous flaws in software and firmware

Approach• Detect attacks we have never seenDetect attacks we have never seen

before that are not based on signatures• Define malice:

• Determine broad classes of hidden malicious functionality to rule out Examplesy

• Confirm the absence of malice:• Demonstrate the absence of those broad

classes of hidden malicious functionality

• Examine equipment at scale:• Scale to non-specialist technicians who must

vet every individual new device used by DoD prior to deployment

Smart Phones

Routers Printers

Approved for Public Release, Distribution Unlimitedhttp://www.dtic.mil/whs/esd/cmd/index.htmhttp://broadband.mt.gov/providers.aspxhttp://www.benning.army.mil/library/content/MCoELibrariesEResources/mcoelibrarieseresources.htmhttp://www.mc4.army.mil/hardware/Printers

Images of specific hardware are for illustration only and should not be

interpreted as implying vulnerabilities

16

High Assurance Cyber Military Systems

Objective: • Cost-effective construction of high-

assurance cyber-physical systems.

Safety Policy

Security Policy y p y y

• Functionally correct.• Satisfy appropriate safety and security

properties.

Approach:

Functional Specification

Hardware Description

Approach:• Use clean-slate formal methods• Produce high-assurance operating system

components and control systems.l f h

Resource Constraints

Environment Description

SynthesizerVerified Libraries• Develop a suite of program synthesizers

and formal-methods tools.• Generate an integration workbench

containing all HACMS tools and assured

Synthesizer

Code

Proof

Diagnostic Information

Libraries

components.Proof

Clean-slate formal-methods-based approach


Cyber Grand Challenge

Objective:A Cyber Grand Challenge for

automated defenders similar to

Competition Testbed

automated defenders similar to DEFCON Capture the Flag

Approach:C t t t d t th t

Flag Monitoring

Vulnerability Scan

Key

Create automated systems that can sense and respond to cyber attacks more rapidly than human operators

Service Poller

Mixed Inputs

pCompete systems that can engage in

counter-adaptation cycles and repel novel threats from networks

• Anomaly detection, big data analytics, case-based reasoning, heuristics, game theory, and stochastic optimization

Compete at a high level in cyber competitions

Further dissemination only as directed by DARPA Public Release Center or higher DoD authority

Dark Nebula

© Robert TraubeDistribution Statement “A” (Approved for Public Release, Distribution Unlimited)

The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of

www.darpa.mil

20



Documents

Big Data for Government Symposium - Semantic …semanticommunity.info/@api/deki/files/27184/GARRETT-TTC_Gov... · Big Data for Government Symposium ... Vetting Commodity IT Software