Search This Blog

Brian Luke Community Blogger, WGRZ-TV

Sunday, January 2, 2011

DARPA Goal for Cybersecurity: Change the Game

DARPA Goal for Cybersecurity: Change the Game

By Cheryl Pellerin
American Forces Press Service
WASHINGTON, Dec. 20, 2010 - Self-proclaimed "technogeeks" at the Defense Advanced Research Projects Agency, after determining the nature of the cybersecurity threat, have devised programs to tackle the problem and, most importantly, surprise their adversaries, DARPA's deputy director said.
Kaigham "Ken" Gabriel spoke here at the Dec. 16 Cyber Security Forum, sponsored by The Atlantic and Government Executive magazines, and afterward spoke with American Forces Press Service.
He said the agency's sole mission since its inception in 1958 has been to prevent and create technology surprises. Two of the agency's recent cybersecurity programs, called CRASH and PROCEED, were created for that purpose.
CRASH, the Clean-slate Design of Resilient, Adaptive, Secure Hosts program, seeks to build new computer systems that resist cyberattacks. After successful attacks they would adapt, learn from the attack and repair themselves, Gabriel said.
CRASH evolved from a workshop DARPA held earlier this year where they pulled together cybersecurity and operating-system experts and infectious-disease biologists, he said.
"The first couple of hours, someone who was there described it as being like a junior high school dance," he added. "All the biologists were on one side of the room, the computer scientists on the other. Finally one of them walked over and began talking, and they all started mixing."
Some interesting ideas came out of the workshop, Gabriel said. One was that biology starts from the supposition that attackers -- bacteria or viruses -- will get through the body's defenses. The body doesn't even try to stop them; biology just deals with it.
The body doesn't care how many times things get in, he added. And bodies are genetically diverse; viruses or bacteria that infect one body won't necessarily infect all the others, or infect them in the same way.
This concept applies to computer vulnerabilities because most computer hardware is built the same way, Gabriel said.
"The idea is to look at the structure of computers, which are identical and have no security in the hardware ... because performance was king 15 or 20 years ago," he said. "Transistors and computer performance were precious and you didn't give up any of it to security. Now, the world is different."
Today, security could be added to computer hardware, giving computers a sort of genetic diversity that would make them less vulnerable to cyber infections.
Getting such new, more robust hardware architecture into the market will take some time, Gabriel said, noting that the reason for programs like CRASH is to create something he calls convergence between cyberthreats and cybersecurity.
To analyze the problem of convergence, DARPA compared the number of lines of source code written over 20 years in security software and the number of lines of code in malware written over the same period.
Over 20 years, he said, the lines of code in security software increased from about 10,000 to 10 million lines. The number of lines of code in malware was surprisingly constant at about 125 lines.
This analysis and others "led us to understand that many of the things we're doing are useful, but they're not convergent with the problem," Gabriel said. "We're never going to catch up [with malware], so how do we change the game? How do we essentially create surprise for our adversaries in this challenge area?"
Along with CRASH, another way is PROCEED, or Programming Computation on Encrypted Data, he said.
"Encryption is one way of protecting things, but if you want to operate on encrypted data -- process it, do something with it -- you have to decrypt it first. You operate on it while it's in a decrypted state, then take your result, encrypt that again and send it on," Gabriel said.
For the past 20 or 30 years, people have been debating about whether it's possible to do operations on encrypted data without decrypting it first.
"It was considered to be such a difficult problem that people were mathematically trying to prove it couldn't be done," he said. "Then, about a year and a half ago, someone proved that it could be done. That's the good news. The bad news is, it's very inefficient right now -- 12 orders of magnitude less efficient than it needs to be."
PROCEED is working to improve that efficiency, he said.
"If we were able to do relevant sorts of operations without ever having to decrypt, that would be a tremendous gain because ... whenever you decrypt into the open, you create vulnerability," Gabriel said.
Convergence is the objective of both programs, he added. "They are aggressive programs; they may or may not be successful. That's the nature of DARPA. But we have high hopes."
Related Sites:
Related Articles:
Warfighters to Get Improved 'Eyes in the Sky'
DARPA Effort Speeds Biothreat Response

----------------------------------------------- Donations to

No comments:


NETC LRC News and Information


Technology Headlines

The TSA Blog


White Video Feed

NYSDOT Recent Press Releases

Indian Point Press Releases

Indian Point Nuclear Power Plant EAS Messages

Indian Point Nuclear Power Plant

New York State-Wide RSS

Department of Homeland Security News

Department of Homeland Security Podcasts

Erie County RSS Feed

Erie County Emergency Management

The Weather Channel: Your Local Weather Outlook--Niagara Falls, NY (14304)

FEMA: New York Federal Disaster Declarations

Niagara County RSS Feed

National Weather Service

Albany County RSS Feed

Allegany County RSS Feed

Bronx County RSS Feed

Broome County RSS Feed

Cattaraugus County RSS Feed

Chemung County RSS Feed

Cayuga County RSS Feed

Ontario County RSS Feed

Warren County RSS Feed

City of Toronto News Releases

US Consumer Product Safety Commission - Recent Recalls and Product Safety News

Center for Missing & Exploited Children: NY Missing

Lead Photos - U.S. Dept. of Defense Alert - Maritime - Gulf of Mexico Oil Spill

Contract - U.S. Dept. of Defense

Speech - U.S. Dept. of Defense

Transcript - U.S. Dept. of Defense

The Grill Sergeants

FBI Extra

NASA Breaking News

NASA Ames Research Center News and Features

NASACast Video

USGS Earthquake ShakeMaps

City of Toronto news releases, Emergency Medical Services

City of Toronto news releases, Fire Services



City of Toronto news releases, Fire Services

Visitor Snapshot

Royalty Free News Music Reviews

Automobile RSS Feed

Speed and Accuracy Statement

The information you find here is in the form of raw data, usually delivered via RSS feeds. The information is delivered via website in the most rapid manner possible. Usually this is the manner of delivery of information to media. Therefore, this service gets the audience information to the public more rapidly then any media outlet that has to re-write the information for their email club or SMS feeds.

In some cases, cases, from time to time, updates and correctons are offered by the authors of this information, is not responisble for the content of RSS feeds, press releases, or any other content. The content of the information presented is the responsiblity of the producer of the content.

There are many reasons for presenting the information as the page does. The public really never has had a view of the raw data before now. Most cases we see news packaged, polished and prioritized. This blog network offers a wide audience a variety of news, some of it is produced by Motioncenter and some by the government or other sources.

Read what you like, ignore what doesn't interest you, but at least Motioncenter doesn;t tell you what the news is, you choose.

Material Connection Disclosure

You should assume that the owner of this website has an affiliate relationship and/or another material connection to the providers of goods and services mentioned on this site and may be compensated when you purchase from a provider. You should always perform due diligence before buying goods or services from anyone via the internet or offline. THIS IS A BLOG. A NON-COMMERCIAL WEBPAGE At no time does commerce transact on this site. If it had then it would require a Secure Sockets Layer certificate and a merchant account. Being a non-commercial site there are some licensing privledges that this site will participate in. Mystuffnow is an online radio station broadcasting twenty four hours daily. This station can be bet described as a hybrid format of adult contemporary, international and ad popular music. In a sense it may, be compared to compared random radio format, but mystuffnow has three dedicated day parts. These day parts include a morning, evening and overnight separate music selection. The morning and afternoon have a selection of classic rock and current hot hits. To make the station more unique a new track, or tracks from the overnight day part have been added to make the station stand out from traditional stations that broadcast locally. The overnight day part is called “After Hours” and mimics the general principals of a quiet storm programming style where as there are fewer commercials and the music is more adult in nature, not just in lyrics but the music is more unique, offering international and slower tracks. This is meant for relaxation or whatever you may be doing in the late night hours. This station is run by computerized traffic software. At any moment a live deejay can broadcast and a morning show or news programming is possible, all playlists are run automatically. One positive of this is the fact that the software ensures that all artists get paid their royalties and this station avoids any fines for digital media issues. Update: Mystuffnow is currently off the air.

No Endorsement Statement

No endorsement is implied nor should it be inferred. No government agency, or organization has endorsed Motioncenter.Info. is a media organization with a mission of offering unbiased information as it becomes available, without any form of bias.

Privacy Policy

This is a website run by Group Speeddog Results Marketing, L.L.C... We take our readers privacy very seriously. Promotions through Third Party Merchants While this site is not endorsed or owned by any of the third party merchants appearing on this site, this site may at times receive various types of compensation when a viewer makes a purchase or clicks on a link appearing on this site. This site is not responsible for any claims or warranties associated with any third-party merchant link or website. This site does not directly collect any information regarding its viewers without your prior knowledge and permission; nor does it share their information with third-party vendors or merchants . It is not now, nor ever will be, our practice to sell your information to any third-party under any circumstance. We use third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. Google Advertising Cookie and Privacy Policies What is the DoubleClick DART cookie? The DoubleClick DART cookie is used by Google in the ads served on the websites of its partners, such as websites displaying AdSense ads or participating in Google certified ad networks. When users visit a partner’s website and either view or click on an ad, a cookie may be dropped on that end user’s browser. The data gathered from these cookies will be used to help better serve and manage ads on the publisher’s site(s) and across the web. *Google, as a third party vendor, uses cookies to serve ads on your site. *Google’s use of the DART cookie enables it and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet. *Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.