Storming Media: Pentagon Reports and DocumentsPentagon Reports: Fast. Definitive. Complete.     
New Account »
Forgot Password?
Advanced Search »
ComputersComputer Systems

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

Authors: Gregory R. Ganger; CARNEGIE-MELLON UNIV PITTSBURGH PA
Abstract:
This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices), funded by the Air Force Research Laboratory contract number F49620-01-1-0433. The scientific goal of this CIP/URI effort was to fundamentally advance the state-of-the-art in network security and digital intrusion tolerance by exploring a new paradigm in which individual devices erect their own security perimeters and defend their own critical resources (e.g., network links or storage media). Together with conventional border defenses (e.g., firewalls), such self-securing devices provide a flexible infrastructure for dynamic prevention, detection, diagnosis, isolation, and repair of successful breaches in borders and device security perimeters. More specifically, the research sought to understand the costs, benefits and appropriate realization of (1) multiple, increasingly-specialized security perimeters placed between attackers and specific resources; (2) independent security perimeters placed around distinct resources, isolating each from compromises of the others; (3) rapid and effective intrusion detection, tracking, diagnosis, and recovery, using the still-standing security perimeters as a solid foundation from which to proceed; (4) the ability to dynamically shut away compromised systems, throttling their network traffic at its sources and using secure channels to reactively advise their various internal components to increase their protective measures; and (5) the ability to effectively manage and dynamically update security policies within and among the devices and systems in a networked environment. The underlying motivation throughout this research was to go beyond the "single perimeter" mindset that typifies today's security solutions and results in highly brittle protections.

Limitations: APPROVED FOR PUBLIC RELEASE
Description: Final rept., 15 Jun 2001-14 Nov 2006
Pages: 187
Report Date: 15 JAN 2007
Contract Number: F496200110433
Report Number: A393564
Keywords relating to this report:
*ANTIINTRUSION DEVICES
*EMBEDDED SYSTEMS
*NETWORKS
*SECURITY
*SELF OPERATION
COST BENEFIT ANALYSIS
INFRASTRUCTURE
INTRUSION DETECTION_COMPUTERS_
PERIMETERS_DEFENSE_
Email This Abstract
  
 
Home | About Us | Contact Us | Advanced Search | Privacy Policy | Restrictions on PDF Usage
© 2001-2013 Storming Media LLC. All rights reserved.