Information Assurance for Network-Centric Naval Forces (2010) / Chapter Skim
Currently Skimming:
Appendix F: Suggested Elements of a Naval Information Assurance Research and Development Program
Appendix F: Suggested Elements of a Naval Information Assurance Research and Development Program
Pages 174-182
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 174... ...
Sophisticated adversaries, skilled in the art of cyber exploitation and cyberattack, can design their exploits to be difficult to detect. Developing and maintaining survivable networks require secure network functions (routing, addressing)
|
From page 175... ...
Current tools for alerting network operators to attack conditions are text-oriented and voluminous, making the job of understanding the state of the network arduous and error-prone. Network visualization tools exploit a person's capability to process visual cues rapidly for pattern recognition and anomaly detection.
|
From page 176... ...
Large collections of common components provide a severe threat from a single common attack that may lead to catastrophic consequences, but also an opportunity that may also be leveraged to enhance security. Research topics in this area include the following: • Secure composition.
|
From page 177... ...
This makes uneditab age on the one hand, but on the other, uniformly susceptible to a single contagion. To break monoculture and increase resiliency, artificial diversity techniques funded by DARPA introduce diversity into the computing fabric; these techniques permit applications to interoperate, but change the structural properties of code to make different instances of the same software diverse in implementation.
|
From page 178... ...
. Furthermore, driven by customer demand and time-to-market considerations, commercial application vendors typically introduce products to market that are less than sufficiently tested, evaluated, and debugged, thereby providing sophisticated adversaries with the opportunity to exploit software design flaws that have not been discovered by the vendor prior to product release.
|
From page 179... ...
First, design patterns for attack tools have been developed to allow the rapid creation of zero-day attack vectors; second, tools have been designed to allow the generation of a very large set of variants that can avoid discovery, thereby forcing a defense that would need to look for an unmanageable number of attack signatures. In summary, signature-based defenses will become technically obsolete, while current IA architecture designs are dependent on such defenses.
|
From page 180... ...
One of the most effective techniques for detecting insider threats is to analyze user behavior patterns for inappropriate access of net work resources such as file servers, printers, and outbound connections. Ongoing work at the MITRE Corporation employs Bayesian analysis of user behavior to detect certain insider threats with a reasonably high reliability.
|
From page 181... ...
Role-based access control considers means of associat ing the logical roles of a user with the specific data and applications used by the specific roles defined with an enterprise. Research in this area by NSF has been extended by DARPA and some industrial laboratories also to associate "behavior" with a user's credentials as a means of granting access to network resources.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.