Information Assurance Research

1
Information Assurance Research Development in
Support of Homeland Security A Government,
Industry, Academia Partnership Challenge

• Erik G. Mettala, Ph.D., Vice President
  Director, Network Associates Laboratories

2
Outline

• Problem
• Context
• Threats, Attacks, Vulnerabilities
• McAfee Protection-in-Depth Strategy
• Research Development Challenges

3
First Responder Problem
4
First Responder Problem

• Diverse formal entities responding
• Heterogeneous communication systems
• Time Critical Information
• That must remain private
• That potentially protects the first responder
  e.g. locations of dangerous substances
• Interoperability is key
• Security is paramount

5
Threats, Attacks, Vulnerabilities
6
Network Incidents are Increasing
Source CMU Computer Emergency Response Team
7
Application Vulnerabilities are Increasing
Source CMU Computer Emergency Response Team
8

• Machines Infected per Hour at Peak

e
c
t
e
d
Code Red
Nimda
Goner
Slammer
2,777
6,250
12,500
100,000
Malicious Agent
Source McAfee AVERT
9
The Speed Of Attack AcceleratesSlammer Goes
Global In 3 Minutes
10
Companies Are Becoming More Porous, Susceptible
to War Driving

• Web services applications under development by
  98 of large enterprises
• 70 of WiFi networks are not secure
• 50M telecommuters
• 500 million Smart Phones by 2006

11
The Intrusion Protection Challenge

• Intrusion Protection technologies are nascent in
  nature
• Intrusion protection is addressing a
  fundamentally hard, if not intractable problem
• Regardless of the difficulty, the need remains
  high
• Requires substantial RD partnership among
  government, industry, academia

12
McAfee Protection-in-Depth Strategy
13
McAfee Protection-in-Depth Strategy
McAfee SystemProtection Solutions
McAfee NetworkProtection Solutions
McAfee VirusScan McAfee Desktop
Firewall McAfee ePolicy Orchestrator Magic
Service Desk
McAfee SpamKillerTM McAfee WebShield McAfee
GroupShield McAfee Entercept
Sniffer Network Protection Platform McAfee
IntruShieldTM InfiniStreamTM Forensics
Sniffer Portable McAfee IntruShieldTM nPOTM
Solution Magic Service Desk
14
Research Development Challenges
15
Host Intrusion Protection

• Operating systems
• Boot loaders
• Drivers
• Libraries
• Windowing systems
• Network stacks
• Interpreters
• Applications

• Host intrusion prevention
• Trusted computing platforms
• Behavior blocking
• Host intrusion prediction/pre-incident detection
• Host intrusion impact assessment
• Host intrusion recovery remediation
• Host intrusion incident management

16
Network Intrusion Protection

• Network intrusion prediction
• Scalable intrusion protection mechanisms
• Network intrusion response recovery
• Coordinated intrusion protection mechanisms

• Network attack source identification
• Post-intrusion network reconstitution
• Intrusion detection for MANETs (mobile ad-hoc
  networks)
• Distributed DDoS protection
• Intrusion traceback through non-cooperative
  networks

17
Wireless Intrusion Protection

• Cryptographic techniques for the wireless
  physical link layers
• Security for wireless MANETs
• Low energy cryptographic techniques

• Low bandwidth cryptographic protocols
• Efficient key management
• Security for wireless LANs
• Steganography
• Wireless mobile intrusion detection
• Wireless mobile intrusion response
• Wireless mobile intrusion management

18
Malicious Code Defense

• Malware technology trends
• Malicious code detection
• Zero-day worm protection
• Comprehensive malware scanning

• Intrusion tolerance self-regeneration
• SPAM detection blocking
• Self-protecting data technologies
• Dynamic quarantine of unknown worms
• Correlation of multiple sensors to detect
  malicious activity

19
Security Policy Management

• Security policy languages
• Security configuration synthesis
• Automated security policy deployment

• Security policy management
• Security components
• Access controls
• Enforcement in heterogeneous environments
• Security visualization

20
High-Performance Assurance Forensics

• Assurance
• System architecture design implementation
  trade-offs
• Packet capture, storage, semantic processing,
  classification, deep content inspection,
  presentation, event correlation
• Techniques for improving speed accuracy
• Network processors, high-bandwidth wireless
  networks, storage are networks
• Fault Management

• Forensics
• Data mining, collection, reduction,
  normalization
• Machine learning algorithms applications
• Visualization techniques
• Techniques to improve speed, accuracy
  understanding of data aggregation, information
  processing, decision making, presentation
• Domain-specific application analysis, information
  gathering, network forensic analysis
• Adaptive network-centric situation assessment

21
Threats, Attacks, Vulnerabilities (TAV)

• Security Metrics
• System, Network Application Vulnerabilities
• Vulnerability Taxonomies
• Attack Mechanisms

• Simulation, measurement, bench-marking of
  existing future TAVs
• Pattern-based approaches to detecting
  vulnerabilities
• Developing applying formal models to security
  analysis
• Adaptation of economics, decision theory, game
  theory research
• Architectural strategies solutions

22
Our Customers and Partners
Our customers and partners include Government
agencies, leading technology corporations, and
leading universities
23
Summary

• Problems with malicious activity are increasing
• Products are available to solve some of the
  problems
• Research must be focused to keep up with
  eventually get ahead of problems
• Partnership among government, industry,
  academia is the solution