Afrl-afosr-va-tr-2015-0303 Mission-centered Network Models: Defending Mission-critical Tasks from Deception

Traditional cybersecurity has focused on techniques to analyze and eliminate vulnerabilities in a network,often in response to actual security breaches of previously unknown weaknesses. Recognizing that inpractice network operations can never be fully secure, a major focus of recent research is on intrusions thatare assumed to be ongoing in the network by one or more malicious parties. In this new view oncybersecurity, a key desired capability is to be able to accomplish a mission even while the network iscompromised and subject to deception. However, traditional network models lack a representation of themission and of how network resources are utilized to accomplish various aspects of the mission. Thisproject investigated a new approach to develop a general framework for representing models of missiongoals and tasks, and to exploit those models to make a mission more robust to deception operations co-occurring in the network. These mission-centered network models (MCNMs) build on and extend currenttwo-layered (logical/physical) network models by integrating a new layer of task-level representations ofthe mission into those models. In this new task-oriented layer, a mission can be characterized as a set ofgoals, each accomplished by a set of interdependent tasks that place requirements on the networkresources. The system can then dynamically control the mappings of those tasks onto network resourcesusing a variety of algorithms that take into account which resources are currently compromised. As a result,a mission can be protected from ongoing intrusion and deception activities by dynamically reallocating resources as they become compromised and by examining provenance records of task outcomes todetermine their reliance on compromised resources. MCNMs can be used to determine which resourcesare critical for any given mission, to prioritize the use of uncompromised resources, to accomplish andestimate the trust on mission tasks when resources are compromised, and to determine the practical impacton the mission of deception activities. MCNMs enable a new approach to cybersecurity in network-basedoperations. Distribution Statement This is block 12 on the SF298 form. Distribution A Approved for Public Release Explanation for Distribution Statement If this is not approved for public release, please provide a short explanation. E.g., contains proprietary information.