DARPA sees transparent IT as window on new threats
The Defense Advanced Research Projects Agency plans to research transparent computing, (TC) an effort to overcome challenges related to identifying threats and intrusions into today’s often opaque networks.
The TC project in particular aims to expose advanced persistent threat (APT) attacks that can remain in agency networks and systems passively for months or even years before activating.
The characteristics of today’s networks provide few advantages for tracking such threats, according to DARPA.
“Modern computing systems act as black boxes in that they accept inputs and generate outputs but provide little to no visibility of their internal workings,” DARPA said in its announcement framing some of the project’s goals.
“This greatly limits our ability to understand cyber behaviors at the level of detail necessary to detect and counter some of the most important types of cyber threats, in particular, advanced persistent threats .”
But even beyond APT detection, DARPA said, the government’s lack of understanding of complex system interactions “interferes with [and sometimes completely inhibits] our ability to diagnose and troubleshoot less sophisticated attacks … that span multiple applications and systems.”
The TC program aims to make “currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operations across all layers of software abstraction, while imposing minimal performance overhead,” DARPA said.
Other objectives of the TC project cited by DARPA include:
- Develop technologies to record the provenance of all system inputs, software modules, processes, etc.
- Dynamically track causal dependencies among cyber system components; assemble these dependencies into end-to-end system behaviors; and reason over these behaviors both forensically and in real-time.
- Integrate basic cyber reasoning functions in an enterprise-scale cyber monitoring and control construct that enforces security policies at the firewall.
- Produce a prototype comprising a multilayer data collection architecture and an analysis and enforcement engine that will enable both proactive enforcement and near-real-time intrusion detection and forensic analysis.
“By automatically or semi-automatically connecting the dots across multiple activities that are individually legitimate but collectively indicate malice or abnormal behavior, TC will enable the prompt detection of APTs and other cyber threats and allow complete root cause analysis and damage assessment once adversary activity is identified,” according to the announcement.
DARPA will hold a proposers day, Dec. 15, to brief organizations and answer questions from industry on a broad agency announcement it plans to issue on TC.
Connect with the GCN staff on Twitter @GCNtech.