• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Secure Execution Environments

Enterprise Wrappers for Information Assurance

Problem
Under previous DARPA funding, SPARTA ISSO developed software "wrapping" technology to significantly increase the security and reliability of large software systems composed of standardised software components. The success of Generic Software Wrappers at intercepting and augmenting component interactions is compelling. They implement practical security (e.g., restricting, filtering) and reliability (e.g., intrusion detection, redundancy, crash data recovery) policies in an abstract, portable manner. However, with an increased emphasis on networking and distributed computing, the host-based detection and response capabilities of wrappers need a way to scale to networks of computers, enterprises, and beyond.

Solution
SPARTA ISSO has received funding under The DARPA Autonomic Information Assurance program to scale Generic Software Wrappers to the enterprise. Working in concert with Teknowledge Corporation, SPARTA ISSO is designing and implementing a scalable, secure, cross-platform management infrastructure for wrapping technologies, including NAI?s multi-platform Generic Software Wrappers and Teknowlege Corporation?s NT-based mediators.

Details
SPARTA ISSO will augment the Generic Software Wrappers Toolkit to support the above wrapper management infrastructure. This will entail modifications to existing components (e.g., wrapc, the WDL compiler) as well as the development of additional infrastructure components (e.g., the host controller). The new system will establish a new trust model (below), with a more flexible approach than previous trust models (e.g., a Trusted Computing Base ?TCB ? is not required so long as the base operating system operates in a more or less correct manner when it isn?t stressed). Additionally, SPARTA ISSO will work with other DARPA AIA principal investigators to integrate Enterprise Wrappers as both a detector and response tool into a system designed to react to attacks at machine speed.

In addition to these base capabilities, additional research may be funded to study and implement wrappers with the following:

Specification-Based Intrusion Detection, Cryptographic Resource Protection, Process-Arresting Forensic Capabilities, Cross-System Authentication, Advisory Integrity Labels, Host-Based Boundary Controller, Composition Safety Analysis Techniques, Privilege Control, Program Sandboxing, Controlled Execution, Synthetic Execution Environments, a Windows NT Stand-Alone Program Sandbox, Untrusted Wrappers, and a Network Shield Controller.

Additionally, we have been focusing research on using wrappers to implement intrusion detection techniques. Wrappers provide better access to system data, including all system call parameters, for intrusion detection and the ability to respond faster, stopping attacks at the first system call at which they are detected. We have written wrappers that successfully implement specification-based and sequence-based intrusion detection concisely and with low overhead.

Research Focus

Three Fundamental Challenges
Our research is focusing on three fundamental challenges for practically deploying non-bypassable wrappers across an enterprise:

• How to securely manage multi-platform, multi-vendor wrapper configurations over a network.
• How to manage data flow, using both "push" and "pull" models, to facilitate intelligent, network-wide detection and response capabilities.
• How to write wrappers that take advantage of their new, networked environment without burdening the wrapper writer with system- and network-specific details.

To meet these challenges, we are:

• Identifying extensions to our Wrapper Definition Language (WDL), database, and Wrapper Query Language (WQL) to permit high-level, abstract interactions with networked components.
• Working with Technowledge on a boundary controller and other cross-platform components for interoperability.

Additional Information
For additional technical information on Enterprise Wrappers for Information Assurance, contact Dave Balenson at 443-430-8000 (David.Balenson@SPARTA.com), or visit our Web page. Software developed under the Enterprise Wrappers contract will be released under the GNU General Public License.