From Information Assurance to Trusted Systems A Strategic Shift

shoulderslyricalAI and Robotics

Nov 21, 2013 (3 years and 11 months ago)

68 views

From Information Assurance to
Trusted Systems


A Strategic Shift

Patricia A.
Muoio

Chief, NSA Trusted Systems Research

(formerly known as National Information Assurance Research Lab)

Briefing to SINET, October 4, 2011


Why Trusted Systems?


It’s all about enabling safe operations in risky or
compromised environments


Traditional IA mechanisms are key components,
but IA lockdown, border war mentality won’t get
you there


Need smart systems, ability to adapt, ability to be
proactive in addressing threats


Consider the SYSTEM, not the BOUNDARY


Consider the ADVERSARY in designing protections

Address
Componetry


Investigate new technology components and
systems to address emerging trusted system
needs such as:


Trusted platform mechanisms


Policy statement and enforcement mechanisms


Mobility mechanisms

Address Design


Develop methods to design software or
hardware with no vulnerabilities


Develop methods that enable us to assess the
soundness of our software


Address composition and secure software re
-
use


Develop methods to allow some level of
confidence given an
untrusted

supply chain

Take advantage

of Cryptography


Investigate capabilities that provide integrated
use of cryptography
for more than traffic
confidentiality.


Cryptography in systems context


deep
integration into efforts that enable new CONOPS

Bring about trustworthy

system behaviors


Investigate new ways to design and integrate
systems to provide desired properties such as:


Active Defense


Risk Adaptive,
Situationally

Variant Response


Resilience


Moving Target


Immune Systems


Autonomic Systems


Usability

What industry can do


Encourage critical thinking rather than “check the
box” in developing security solutions


develop
ways to realistically assess our risk posture


Advance the state of the practice in smart
systems


Advance the state of the practice in dynamic risk
management


Work with us on CONOPS that stretch the
envelope for safe operations