The growth of the internet-of-things (IoT) and network-connected composed systems (e.g., aircraft, critical-infrastructure, etc.) has led to unprecedented technical diversity in deployed systems. From consumer IoT devices developed with minimal built-in security, which are often co-opted by malware to launch large distributed denial of service (DDoS) attacks on internet infrastructure, to remote attacks on Industrial Control System (ICS) devices, these newly connected, composed systems provide a vast attack surface.
While the diversity of functionality and the scope of what can now be connected, monitored, and controlled over the network has increased dramatically, economies of scale have decreased platform diversity. More and more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options to replace single-purpose, custom devices. For example, the central processing unit (CPU) market has consolidated on ARM, x86 and stream processors.
While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing. “With commodity devices, software and configuration settings now govern behaviors that were physically impossible in special-purpose hardware, creating security risks and increasing system vulnerability,” said Jacob Torrey, program manager in DARPA’s Information Innovation Office (I2O).
“Certain functionality built into COTS components may not be necessary for all users or applications, and unwanted functionality can be hard to detect and turned-off. For instance, an unneeded maintenance or diagnostic service left enabled could create an opportunity for an attacker to circumvent other security controls and use the system’s as-deployed functionality to generate a malicious effect. This opaqueness is creating challenges for system operators who must rely on component configurations to reduce attack surfaces created by unnecessary functionality.”
To address the challenges created by the proliferation of COTS devices and help harden the security surface of network-connected composed systems, DARPA has launched a new program called Configuration Security (ConSec). The program, aims to develop a system to automatically generate, deploy, and manage inherently more secure configurations of components and subsystems for use in military platforms.
“Through ConSec we hope to gain a better understanding of the available functionality across COTS devices and what’s needed for the task at hand and then use system configurations to create the functionality that’s actually required while minimizing the excess that can be used as an attack surface,” said Torrey. “While our objective is to build this capability for military platforms, there is the potential for the program to have broader applications for commercial and industrial systems as well.”
Configuration Security (ConSec) program
The ConSec program will develop a system to automatically generate, deploy, and enforce configurations of components and subsystems for use in military platforms. These configurations should address system vulnerabilities and minimize attack surfaces while maintaining expected functionality and performance. By viewing each individual component’s configuration as elements of the composed system’s behavior and security, more secure configurations can be developed and deployed to enhance security without requiring new software development or large hardware changes.
Prospective performers are tasked with finding ways to automate the traditionally more manual process of system configuration. To tackle this feat, the program is divided into two technical areas.
First Technical Area
The first area focuses on reducing the amount of human-in-the-loop time required to understand what capabilities a system needs to deliver across different operating environments, the functionality required to achieve its mission in each operating environment, and the possible component configurations needed to create the desired functionality.
“Consider, for example, a naval vessel. Its functionality when at sea is likely different than what’s required of it while at port, or in dry-dock undergoing maintenance,” said Torrey. “Our aim is to automate the process of identifying these different operating environments, the system’s expected functionality in each scenario, and the components needed to make it all happen, which is currently a manual, labor intensive process.”
To accomplish this, DARPA is asking researchers to develop models and functional specifications of systems based on human-friendly information formats–such as checklists, operating manuals, and other written human standard operating procedures (SOPs)–as well as an analysis of the system’s underlying components’ hardware and firmware. Input from these analyses should help determine how settings in a component’s configuration space might impact its functionality, how the behavior of human operators impacts system behavior, and what operational and mission contexts pertain for the full, composed system.
Second Technical Area
The ConSec program’s second technical area focuses on uncovering component configurations that will enable the composed system to achieve its mission under different, relevant operational contexts. Here proposers are asked to leverage the models and functional specifications that emerge from work in the first technical area to find ways of identifying secure configurations that eliminate unused and unnecessary functionality as a way to shrink the system’s vulnerabilities to attack.
“Essentially we’re asking potential performers to determine how to take all of the best pieces and functionality and combine them to fulfill the requirements of a high-level composed system while turning off all of the things we don’t need,” said Torrey
Third Technical area
TA3 will develop tools, techniques, and procedures to produce representative configuration based vulnerabilities in complex composed systems. This injection of configuration vulnerabilities will provide a baseline for evaluating TA1 and TA2 configuration sets.
TA4 – System Integrator and Evaluator
The TA4 performer will be responsible for evaluating the performance of TA1 and TA2 systems against ConSec metrics and integrating TA1 and TA2 systems into configuration-time and runtime subsystems.
TA4 proposals should discuss additional, objective metrics for determining the security improvement of the overall ConSec system, as well as methods to ensure that essential functionality has not been removed or changed through the deployment of an incorrect configuration set.
TA4 must propose a simple simulated/emulated testbed that can initially be provided to ConSec performers 3 months after program start. This testbed can be augmented over the duration of the effort to facilitate automated regression testing and evaluation.
DARPA awards GrammaTech $8.4m for autonomous cyber hardening technology
GrammaTech, a developer of commercial embedded software assurance tools and advanced cybersecurity solutions, has been awarded a $8.4 million, 4-year contract from Defense Advanced Research Projects Agency (DARPA), an agency of the US Department of Defense. This fund will go towards developing technology that generates and deploys secure configurations to commercial off-the-shelf (COTS) equipment rapidly and largely autonomously.
Modern networked systems are everywhere, they provide automation in buildings, they control industrial processes and power plants, and they are a key component in modern automobiles. These systems incorporate many general-purpose COTS components that must be configured appropriately for the larger system to meet its operational requirements. The configuration of such networked systems is often done in an ad-hoc way, which may leave critical parameters in their factory settings, exposing unnecessary attack surfaces and weakening the security of the system.
“Seemingly benign minor configuration missteps, such as exposing unneeded services or keeping factory-set access credentials, can quickly add up to serious security breaches in complex networked systems, as the past has proven,” says Mark Hermeling, Senior Director of Product Marketing at GrammaTech. “This project is focused on reducing the chance of human error in the configuration of these systems
Perspecta Labs wins prime contract for DARPA’s ConSec programme
The US Defense Advanced Research Projects Agency’s (DARPA) has selected Perspecta Labs as the prime contractor to support its Configuration Security (ConSec) programme. Perspecta Labs is the research subsidiary of information technology (IT) service management company Perspecta. With a base value of $5.4m, the contract will be carried out in three phases over a performance period of three and a half years.
The ConSec programme has been designed by DARPA to advance the development of new technologies that can automatically generate, deploy and enforce configurations of components and subsystems. The component and subsystem configurations are built to be used on military platforms, critical infrastructure and network-connected systems for the Internet of Things. New configurations are expected to deliver the required functionality and performance while reducing vulnerabilities and minimising the attack surface.
Perspecta Labs president Dr Petros Mouchtaris said: “Perspecta Labs will draw on its rich portfolio of research and development in machine learning and cybersecurity to deliver this work. “We are excited to bring our innovative techniques to identify, correct and prevent configuration errors in complex networks and distributed systems to our DARPA partner in support of their mission to improve security to critical military and commercial platforms.”
As the prime contractor to the programme, the company will be responsible for designing, developing, demonstrating, testing and supplying the optimised context-specific configuration for attack surface minimisation (OCCAM) system. The OCCAM system will be used to automatically generate correct and secure configurations, as well as human-readable supporting evidence to facilitate the transition of the platform to the new upgraded configuration. Recently, Perspecta has received an additional eight-month extension with a ceiling value of $485m for the Next Generation Enterprise Network contract, which would provide the US Navy and the US Marine Corps with uninterrupted IT and network security services until May 2020.