High-end cybercriminals count on the fact that modern-day enterprise computer systems tend to be intricate and complicated. So sophisticated and dense that they let few people or other systems gain any significant visibility into their real machinery and software.
They are in fact mysterious black boxes.
The researchers at DARPA think its time for a change in the way security is handled in such systems and later this month will detail a program they call Transparent Computing (TC) they says “will develop technologies to record and preserve the provenance of all system elements/components (inputs, software modules, processes, etc.); dynamically track the interactions and causal dependencies among cyber system components; assemble these dependencies into end-to-end system behaviors; and reason over these behaviors, both forensically and in real-time.”
+More on Network World: Quick look: NASA Orion’s critical test mission+
Specifics of the program are a little tough to decipher but DARPA says: “TC will construct an enterprise-wide Information Plane that creates, propagates, and reasons about metadata associated with the computation. By automatically or semi-automatically “connecting the dots” across multiple activities that are individually legitimate but collectively indicate malice or abnormal behavior, TC will enable the prompt detection of APTs and other cyber threats, and allow complete root cause analysis and damage assessment once adversary activity is identified. In addition, the TC program will integrate its basic cyber reasoning functions in an enterprise-scale cyber monitoring and control construct that enforces security policies at key ingress/exit points, e.g., the firewall.”
DARPA said programs such as TC are necessary because the black box nature of modern computing systems provide little to no visibility of their internal workings.
+More on Network World: DARPA delving into the black art of super secure software obfuscation+
“This greatly limits our ability to understand cyber behaviors at the level of detail necessary to detect and counter some of the most important types of cyber threats, in particular, Advanced Persistent Threats (APTs). APT adversaries act slowly and deliberately over a long period of time to expand their presence in an enterprise network and achieve their mission goals (e.g., information exfiltration, interference with decision making, denial of capability).
Beyond the APT problem, our lack of understanding of complex system interactions interferes with (and sometimes completely inhibits) our ability to diagnose and troubleshoot less sophisticated attacks or non- malicious faulty behavior that spans multiple applications and systems, DARPA stated.
Check out these other hot stories: