The rise of network-connected systems that are becoming embedded seemingly everywhere-from industrial control systems to aircraft avionics-is opening up a host of rich technical capabilities in deployed systems. Even so, as the collective technology project underlying this massive deployment of connectivity unfolds, more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options. While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing.

"With commodity devices, software and configuration settings now govern behaviors that were physically impossible in special-purpose hardware, creating security risks and increasing system vulnerability," said Jacob Torrey, program manager in DARPA's Information Innovation Office (I2O).

"Certain functionality built into COTS components may not be necessary for all users or applications, and unwanted functionality can be hard to detect and turned-off. For instance, an unneeded maintenance or diagnostic service left enabled could create an opportunity for an attacker to circumvent other security controls and use the system's as-deployed functionality to generate a malicious effect. This opaqueness is creating challenges for system operators who must rely on component configurations to reduce attack surfaces created by unnecessary functionality."

To address the challenges created by the proliferation of COTS devices and help harden the security surface of network-connected composed systems, DARPA has launched a new program called Configuration Security (ConSec). The program, just announced today, aims to develop a system to automatically generate, deploy, and manage inherently more secure configurations of components and subsystems for use in military platforms.

"Through ConSec we hope to gain a better understanding of the available functionality across COTS devices and what's needed for the task at hand and then use system configurations to create the functionality that's actually required while minimizing the excess that can be used as an attack surface," said Torrey.

"While our objective is to build this capability for military platforms, there is the potential for the program to have broader applications for commercial and industrial systems as well."

Prospective performers are tasked with finding ways to automate the traditionally more manual process of system configuration. To tackle this feat, the program is divided into two technical areas. The first area focuses on reducing the amount of human-in-the-loop time required to understand what capabilities a system needs to deliver across different operating environments, the functionality required to achieve its mission in each operating environment, and the possible component configurations needed to create the desired functionality.

"Consider, for example, a naval vessel. Its functionality when at sea is likely different than what's required of it while at port, or in dry-dock undergoing maintenance," said Torrey.

"Our aim is to automate the process of identifying these different operating environments, the system's expected functionality in each scenario, and the components needed to make it all happen, which is currently a manual, labor intensive process."

To accomplish this, DARPA is asking researchers to develop models and functional specifications of systems based on human-friendly information formats-such as checklists, operating manuals, and other written human standard operating procedures (SOPs)-as well as an analysis of the system's underlying components' hardware and firmware. Input from these analyses should help determine how settings in a component's configuration space might impact its functionality, how the behavior of human operators impacts system behavior, and what operational and mission contexts pertain for the full, composed system.

The ConSec program's second technical area focuses on uncovering component configurations that will enable the composed system to achieve its mission under different, relevant operational contexts. Here proposers are asked to leverage the models and functional specifications that emerge from work in the first technical area to find ways of identifying secure configurations that eliminate unused and unnecessary functionality as a way to shrink the system's vulnerabilities to attack.

"Essentially we're asking potential performers to determine how to take all of the best pieces and functionality and combine them to fulfill the requirements of a high-level composed system while turning off all of the things we don't need," said Torrey.

Torrey expects that the program will roll out in three phases over the next three-and-a-half years. The deadline for proposals for the ConSec program is February 8, 2018. Additional details about the program can be found via the DARPA Broad Agency Announcement, found here.

Tweet

Hackers already targeting Pyeongchang Olympics: researchers
Washington (AFP) Jan 6, 2018
Hackers have already begun targeting the Pyeongchang Olympic Games with malware-infected emails which may be aimed at stealing passwords or financial information, researchers said Saturday. The security firm McAfee said in a report that several organizations associated with the Olympics had received the malicious email with the primary target being groups affiliated with ice hockey. "The ... read more

Related Links
Defense Advanced Research Projects Agency
Cyberwar - Internet Security News - Systems and Policy Issues

Thanks for being there; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Monthly Supporter $5+ Billed Monthly Option 1 : $5.00 USD - monthly Option 2 : $10.00 USD - monthly Option 3 : $15.00 USD - monthly Option 4 : $20.00 USD - monthly Option 5 : $25.00 USD - monthly Option 6 : $50.00 USD - monthly Option 7 : $100.00 USD - monthly paypal only		SpaceDaily Contributor $5 Billed Once credit card or paypal