DARPA ISO Sponsored Research

2000 Project Summary

Dependable Intrusion Tolerance
SRI International

Project Website: 

http://www.sdl.sri.com/emerald/  

Quad Chart: 

Quad Chart - PPT Format  

Objective:

We explore a synthesis of techniques from intrusion detection and fault tolerance. Rather than trying to detect all possible intrusions, we focus instead on detection, diagnosis, and recovery from a finite number of attacks or deviations from expected system behavior.
We are adapting our existing EMERALD technology as well as other detection, unsupervised learning, and proof-based methods for the detection aspect.
Concepts from fault tolerance are adapted to ensure delivery of service (possibly degraded)
 

Approach:

We will harden our emerald components by securing inter process communications. Feedback mechanisms will be employed to mitigate adverse symptoms, even if the cause is not fully understood. Proof based triggers, challenge/response protocols, and competitive learning techniques to discover novel adverse patterns will complement detection capabilities. Our initial prototype will be a resilient web server, delivering redundant content from servers with diverse platforms and operating systems. The intrusion-tolerant http proxy will dynamically enact policy in response to the situation, managing sensors, firewalls, and services. Response mechanisms beyond the control loop analogy include error masking and rebuilding components from distributed peers.  

Recent FY-00 Accomplishments:

Project began July 00. We have been active in hardening appropriate EMERALD components, developing the competitive learning prototype, and the feedback loop analogy for symptom remediation.  

FY-01 Plans:

We will build our phase I resilient web server, limited to static content, on a redundant fault tolerant architecture. We seek to experimentally verify the delivery of valid content to legitimate clients in the presence of an attack or non-malicious fault.  

Technology Transition:

The initial tech transfer is from EMERALD to this project. As with EMERALD, we are committed to deployment in environments such as JICPAC, as well as eventual transition of this technology to the commercial sector.  

Principal Investigator:

Alfonso Valdes

SRI International
333 Ravenswood Ave
Menlo Park, Ca. 94025

(650)859-4976 (voice)
(650)859-2844 (fax)

valdes@sdl.sri.com

 

 
Return to the ITS Project Summary Page   ]