DARPA ISO Sponsored Research

2000 Project Summary
Integrity Through Mediated Interfaces
Information Sciences Institute

Project Website:  http://www.isi.edu/software-sciences/integrity-through-mediated-interfaces.html -- Additional project information provided by the performing organization 
Quad Chart:  Link to Quad Chart   provided by the performing organization
Objective: Provide end-to-end integrity management of data that ensures that it is only modified by authorized users using approved tools. It will detect and repair any other modifications to the data (such as by program bugs or malicous attacks). 
Approach: We will create an Integrity Manager that monitors and records the tools (i.e. programs), and operations within those tools, being applied to integrity-marked data sets to provide an end-to-end audit record of all the transformations performed on the data set. This operation level audit record can be used off-line for attribution (who made a specific change and when did it occur) and on-line for authorization (who and/or which tools are allowed to make particular types of changes to an integrity-marked data set). 
We will also associate integrity marks with these data sets when they are stored and check them when they are loaded. Any data sets that have been corrupted (their integrity marks don't match their contents) will be recreated by replaying the recorded sequence of data set modifications in their transaction history. 
Recent FY-99/FY-00 Accomplishments: We have created mediators that create cryptographic checksums for documents (i.e. files) and check that these cryptographic checksums are still valid when those documents are loaded. We have integrated these mediators into PowerPoint so that they are activated when documents are loaded and saved.
We have built an initial GUI monitor that detects application level operations occuring in the Windows GUI initiated by button selection or direct manipulation (e.g. moving or dragging). This GUI monitor will work with any tool-tip enabled application. 
FY-00 Plans: The GUI monitor will be extended to detect menu selection operations and keyboard input. It will also be extended to generate pseudo-events for each of the detected application-level operations. These pseudo-events will be fielded by application specific event handlers that use the application's COM interface to gather the particular data needed for the transaction history for that operation.
Application specific event handlers will be built for Microsoft PowerPoint and Word. 
Technology Transition: We will demonstrate end-to-end data set integrity for a major GCCS COTS product - Microsoft Office Suite (i.e. Word, Excel, PowerPoint, and Access). The integrity manager, attribution, and data restoration software will each be composed of application independent and application specific portions. The application independent technology will be transferrable without modification to additional COTS applications and data set types.
The most difficult task in extending integrity management to a new application is determining how application level operations have been implemented in terms of run-time-observable intermodule communications. The GUI and API spy technology we use to uncover these details will be refined to enable use to encompass the MS Office Suite. This technology will also be transferrable to simplify the task of bringing additional applications under control of the integrity manager. 
Principal Investigator: Robert Balzer
4676 Admiralty Way
Suite 1001
Marina del Rey, CA 90292-6695
310-822-1511
310-823-6714 fax
balzer@isi.edu

Beverly Hartmeyer
USC/ISI
4676 Admiralty Way
Marina del Rey, CA 90292-6695
310-822-1511 x205
310-823-6714 fax
beverlyh@isi.edu