Embed Size (px)
Citation preview
Open Security Technology
Tech@StateWashington, DCFebruary 11, 2011
Dept. of Homeland Security Science & Technology Directorate
Luke Berndt
Program Manager
Cyber Security Division
Homeland Security Advanced Research Projects Agency (HSARPA)
202-254-5332
2
US Govt Spends $38 Billion on IT Annually Trend is Not Sustainable
Bureaucracy (easy to blame)Complexity of Govt Enterprise Systems
Redundancy – Re-Invent the WheelExisting System of Acquisition, Management,
Updating, Technical Obsolescence Significant Hurdle
Cybersecurity = Protection of Infrastructure and Data
Need: Sustainable Government IT Systems
11 February 2011
3
Homeland Open Security Technology (HOST)
Focus: Gov contribution to and adoption of Open Source solutions that support cyber security
Make it easier for government (local, state, & federal) to take advantage of innovation in the OS space
Encourage the contribution of Gov funded research to OS community by improving processes
Investigate what OS is being used in Gov, acq best processes, & where gaps exist (user groups & census)
Seed development of OS solutions to fill key gaps Phase 2 - $10m over 5 years
11 February 2011
4
HOST: Initial work
OS Intrusion Detection DHS seeded development Create common, OS engine for
R&D, and commercial products Maintained by non-profit Supported by companies
11 February 2011
OpenSSL libraries widely used in OS software
Feds need Crypto, FIPS validated for acquisitions
Each version needs to be re-validated
DHS contributed to maintaining the FIPS validation
516 December 2010
Give open source community access to entire toolset Open-source developers register their project.
Coverity automatically downloads and runs tool over it. Developers get back bugs in coverity’s bug database
Big success: Roughly 500 projects registered 4,700+ defects actually patched. Some really crucial bugs found; dozens of security patches (e.g.,
X, ethereal)
Coverity: scan.coverity.com
6
Software Assurance MarketPlace (SWAMP)
BAA Topic 14: https://baa2.st.dhs.gov Focuses on the research infrastructure necessary to enable
software quality assurance and related activities A software assurance facility and the associated research
infrastructure services that will be made available to both software analysis researchers and software developers, both open source and proprietary
DHS expects the SWAMP to become a national level R&D resource in software assurance for open security technologies, used across civilian agencies and their communities as both a research platform and core component supporting US Government supported software development activities
11 February 2011
7
SWAMP Conceptual Architecture
11 February 2011
Software Assurance
MarketPlace (SWAMP)
So
ftwa
re A
na
lysi
s To
ols
–
Op
en
So
urce
an
d p
ote
ntia
lly c
om
mer
cial
Op
en S
ource
So
ftwa
re (for starte
rs)a
nd p
otentially a
ll governm
ent fu
nde
d so
ftwa
re
Other Resources (e.g., High Performance Computing Clusters)
