Publications

Despite the significant effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits a running...

A traditional trade-off when designing a mission critical network is whether to deploy a small, dedicated network of highly reliable links (e.g. dedicated fiber) or a largescale, distributed network of less reliable links (e.g. a leased line over the Internet). In making this decision, metrics are needed that can express...

We describe two components for achieving cyber survivability in a contested environment: an architectural component that provides heterogeneous computing platforms and an assessment technology that complements the architectural component by analyzing the threat space and triggering reorientation based on the evolving threat level. Together, these technologies provide a cyber moving...

Despite the significant amount of effort that often goes into securing critical infrastructure assets, many systems remain vulnerable to advanced, targeted cyber attacks. This paper describes the design and implementation of the Trusted Dynamic Logical Heterogeneity System (TALENT), a framework for live-migrating critical infrastructure applications across heterogeneous platforms. TALENT permits...

Situational awareness - the perception of "what's going on" - is crucial in every field of human endeavor, especially so in the cyber world where most of the protections afforded by physical time and distance are taken away. Since ancient times, military science emphasized the importance of preserving your awareness...

Despite the significant amount of effort that often goes into securing mission critical systems, many remain vulnerable to advanced, targeted cyber attacks. In this work, we design and implement TALENT (Trusted dynAmic Logical hEterogeNeity sysTem), a framework to live-migrate mission critical applications across heterogeneous platforms. TALENT enables us to change...

An integral part of modeling the global view of network security is constructing attack graphs. In practice, attack graphs are produced manually by Red Teams. Construction by hand, however, is tedious, error-prone, and impractical for attack graphs have larger than a hundred nodes. In this paper we present an automated...

The 1998 and 1999 DARPA off-line intrusion detection evaluations assessed the performance of intrusion detection systems using realistic background traffic and many examples of realistic attacks. This paper discusses three extensions to these evaluations. First, the Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) has been developed to simplify intrusion detection...

This paper describes the architecture of a system being developed to defend information systems using coordinated autonomic responses. The system will also be used to test the hypothesis that an effective defense against fast, distributed information attacks requires rapid, coordinated, network-wide responses. The core components of the architecture are a...

Eight sites participated in the second DARPA off-line intrusion detection evaluation in 1999. Three weeks of training and two weeks of test data were generated on a test bed that emulates a small government site. More than 200 instances of 58 attack types were launched against victim UNIX and Windows...