Trust In Cyberspace, Appendix J, Nat'l Academy Press, 1999


	Trust in Cyberspace Committee on Information Systems Trustworthiness, National Research Council (1999) 352 pages 6 x 9



	J Research in Information System Security and Survivability Funded by the NSA and DARPA

	In a recent study, Anderson et al. (1998) identified a total of 104 individual research projects that were funded in FY 1998 by DARPA's Information Survivability program, a unit of the Information Technology Office (ITO). In addition, 45 information security projects were identified from the NSA and were included in the Anderson et al. (1998) study. These projects were categorized as depicted below (some projects were counted in two categories). Heterogeneity Preferential Replication/Lifespan, Architectural/Software Diversity, Path Diversity, Randomized Compilation, Secure Heterogeneous Environments NSA R2 = 0 projects; DARPA ITO = 2 projects Static Resource Allocation Hardware Technology NSA R2 = 1 project; DARPA ITO = 0 projects Dynamic Resource Allocation Detect & Respond to Attacks/Malfunctions, Dynamic Quality of Services, Active Packet/Node Networks, Dynamic Security Management NSA R2 = 3 projects; DARPA ITO = 12 projects Redundancy Replication NSA R2 = 0 projects; DARPA ITO = 3 projects



	appendix J 299

	Resilience and Robustness Cryptography/Authentication, Modeling and Testing, Fault/Failure-Tolerant Components, Advanced Languages & Systems, Wrappers, Firewalls, Secure Protocols, Advanced/Secure Hardware NSA R2 = 28 projects; DARPA ITO = 54 projects Rapid Recovery and Reconstitution Detect and Recover Activities NSA R2 = 0 projects; DARPA ITO = 2 projects Deception Decoy Infection Routines NSA R2 = 0 projects; DARPA ITO = 0 projects Segmentation/Decentralization/Quarantine Secure Distributed/Mobile Computing, Enclave/Shell Protection, Intruder Detection and Isolation, Specialized "Organs," Autonomous Self Contained Units, Damage Containment NSA R2 = 2 projects; DARPA ITO = 11 projects Immunologic Identification Autonomous Agents, "Lymphocyte" Agents, Detection of Anomalous Events, Mobile Code Verification, Self/Nonself Discrimination, Information Dissemination NSA R2 = 1 project; DARPA ITO = 12 projects Self-Organization and Collective Behavior Adaptive Mechanisms, Formal Structure Modeling, Emergent Properties & Behaviors, Node/Software Optimization, Market-Based Architecture, Scalable Networks (VLSI) NSA R2 = 0 projects; DARPA ITO = 10 projects Other/Miscellaneous Multiple Approaches to Network Security/Survivability, Technology Forecasting NSA R2 = 10 projects; DARPA ITO = 3 projects Reference Anderson, Robert H., Phillip M. Feldman, Scott Gerwehr, Brian Houghton, Richard Mesic, John D. Pinder, and Jeff Rothenberg. 1998. A "Minimum Essential Information Infrastructure" for U.S. Defense Systems: Meaningful? Feasible? Useful? Santa Monica, CA: RAND National Defense Research Institute, in press.