Skip to Main Content U.S. Department of Energy
Asymmetric Resilient Cybersecurity

Asymmetric Resilient Cybersecurity Capabilities and Projects


Below is a list of ARC Initiative capabilities and projects. For more information about the ARC Initiative, please contact Chris Oehmen; or contact any of the principal investigators to learn more about their projects.

External Capabilities

Resilience Technology and Evaluation

Culmination of ARC technology concept integration

Module integration interface for Resilient Cyber Systems (MiiRCS)
Principal Investigator: Jeff Jensen

View more

Description

In order to support integration of the ARC research tools, a framework needs to be built that will help define the technical integration points of the various modules, create a sample set of integrations for reference, and will function effectively on the ARC testbed. We are designing and implementing technologies in the capacities of Discovery, Reasoning, Decider, and Actuator (a variation of the Observe-Orient-Decide-Act [OODA] loop) within a common platform to enable resilient operation of enterprise cyber systems. . Technologies from within the ARC Initiative, as well as relevant concepts from elsewhere will be incorporated into an integrated suite of resilience-related technologies. The technical approach to achieving the objectives consists of three broad tasks: categorization of technologies, design and implementation, and evaluation and optimization.

Artifacts

Demonstration Integration
Principal Investigator: Pradeep Ramuhalli

View more

Description

We are implementing, evaluating, and adapting an integrated suite of technologies for achieving asymmetric resilience in enterprise system security. We are designing and implementing technologies around the Observe-Orient-Decide-Act (OODA) loop within a common platform to enable resilient operation of enterprise cyber systems. Technologies from within the ARC Initiative, as well as relevant concepts from elsewhere will be incorporated into an integrated suite of resilience-related technologies. The technical approach to achieving the objectives consists of three broad tasks: categorization of technologies, design and implementation, and evaluation and optimization.

Artifacts


Experiment, Test, and Evaluation Platform

Experimental platform for rigorous, repeatable evaluation of resilience and other cyber technologies

Testbed
Principal Investigator: Thomas Edgar

View more

Description

The CyberNET testbed was developed to improve and enhance cybersecurity research. CyberNET is a unique capability that provides the ability to emulate enterprise network environments to enable controlled experimentation that wouldn’t be possible in operational environments. CyberNET offers a sterile and dynamic playground that is easily configurable and customizable where researchers can build, test, evaluate, or otherwise conduct their research in an enterprise-like environment. CyberNET will accelerate the research of scientists and engineers while reducing costs, time, and redundancies across the cybersecurity domain. Enhanced modeling and simulation, supported by real world datasets, will increase realism in models, leading to more relevant research.

Artifacts

Impediments
Principal Investigator: David Manz

View more

Description

Directly supporting the development of methodologies and capabilities to evaluate, test, probe, and own cyber enterprise networks. We are leveraging state of practice tools, techniques, and procedures to build upon existing efforts in penetration testing and vulnerability assessments. Testing will be conducted within the CyberNET testbed, a unique capability that provides the ability to emulate enterprise network environments to enable controlled experimentation that wouldn?t be possible in operational environments. CyberNET offers a sterile and dynamic playground that is easily configurable and customizable where researchers can build, test, evaluate, or otherwise conduct their research in an enterprise-like environment. CyberNET accelerates the research of scientists and engineers while reducing cost, time, and redundancies across the cyber security domain. Enhanced modeling and simulation, supported by real world datasets, will increase realism in models, leading to more relevant research. The impediments effort will be placed in context of resilient cyber systems and will culminate in a process or framework 'kit" that is tailored to the unique and changing characteristics of cyber resilient systems.

Artifacts


Passive Asset Dependency Discovery

Passively detecting dependencies between services and applications

Kritikos
Principal Investigator: Tom Carroll

View more

Description

Kritikos is a (near) real-time enterprise introspection method for discovering cyber assets, identifying the functional relationships and dependencies between assets, and assessing the importance of the assets in terms of the business processes that they serve.

Artifacts


Uncertainty Tolerant Decision Support

Providing decision support to human-focused or automated systems with special emphasis on capturing uncertainty in state measures

Rendezvous: Optimization and Stochastic Algorithms for Asymmetric Resilient Infrastructure
Principal Investigator: Sam Chatterjee

View more

Description

A broadly accepted idea in cyber defense is that a cyber system cannot be successfully defended on a continual basis against malicious attacks. While the economic constraints restrict the amount of resources available to defenders of a system, the attackers operate at a relatively low cost leading to the well understood asymmetry in cyber defense. We are developing a mathematical framework to understand and enable defenders with a limited budget to gain the asymmetrical advantage over the attackers. Specifically, based on fundamental concepts such as multi-objective optimization, stochasticity, and attacker-defender multi-stage Stackelberg games, we are developing efficient proactive strategies for defenders to disrupt the cyber kill chain in order to increase the cost for attackers while minimizing the costs to defend while satisfying the constraints on available resources. The novelty of this approach is to bring together multidisciplinary ideas to bear on a fundamentally challenging problem in cybersecurity.

Artifacts

Cyber Contingency Analysis
Principal Investigators: Patrick Mackey and Mark Rice

View more

Description

It is often difficult to come up with metrics to describe the resiliency of a cyber system. We might feel a system is in a good state currently but does it remain so when an element becomes compromised or disabled? A similar problem exists with power systems. To deal with this, power grid operators use a technique known as contingency analysis. By observing what the system might look like given a list of possible contingencies, they adjust the system so that no violations will occur. This makes the system resilient against any one element becoming disabled. Can we apply this same concept to improve the resiliency of cyber systems?

Artifacts


Homomorphic Encryption Comparison

Comparison operations for homomorphic encryption technologies

Integrate Adaptive Resilient Asymmetric Data Security (IARADS)
Principal Investigator: Jian Yin

View more

Description

Exploring how to achieve asymmetric resilient data through techniques that include: partition and distribution, practical secure multiparty computation, hardware and software diversity, and Byzantine fault tolerance. In particular, we are providing and evaluating various concreted mechanisms that can achieve data confidentiality and integrity, in addition to data availability. Our mechanisms are designed to be resilient in face of attacks. Our mechanisms aim to protect availability, confidentiality and integrity of mission critical applications even in face of partial failures, in which parts of the system are compromised by attacks. This capability will allow us to increase the cost and difficulty for attackers and reduce potential damages from successful attacks. Most significantly, we are able to effectively counter zero-day attacks, in which unknown vulnerabilities are exploited, and insider threats.

Artifacts


Model Driven Situational Awareness

State measures of complex cyber systems that go beyond log files and other traditional sources of state information; key is providing new context

Topological Analysis of Graphs in Cybersecurity (TAGs-CS)
Principal Investigator: Emilie Purvine

View more

Description

Different states and behaviors of dynamic cyber networks can be identified using methods from topological data analysis, coupled with novel forms of graph statistics, applied to cyber graph data. To complement traditional data analysis methods, topological methods are effective in identifying the shapes or structures of a data set, as distinct from the details. Topological measures may thus be especially effective in distinguishing states of a cyber-network within its resiliency cycle. We are complementing these topological methods with novel graph statistical methods and investigate the correlation between these statistical metrics and the appearances of topological features. We are advancing scientific knowledge by pushing the boundaries on what can be learned and understood from graph data. Given the relative importance of graph data in the real-world and computational challenges surrounding it, our high-risk/high-reward approaches to analyzing graph data problems will provide researchers a new avenue for understanding their data.

Artifacts

Discrete Mathematical Foundations for Cyber Systems Analysis (CyberMath)
Principal Investigator: Cliff Joslyn

View more

Description

Our goal is to develop a modeling formalism for representing state and change of state in general cyber systems, and model them with hierarchically interacting discrete mathematical models.

Artifacts

M&Ms4Graphs: Multi-scale, Multi-dimensional Graph Analytics Tools for Cybersecurity
Principal Investigator: Sutanay Choudhury

View more

Description

We developed graph-theoretic models to characterize a complex cyber system at multiple scales. The models will be used to provide continuous metrics-based updates to drive an asymmetric resilient infrastructure. The algorithms in the software framework include multi-scale graph modeling, spectral analysis, role mining, shortest-path, and analysis of graph models.

Artifacts

Family of Resilience Metrics for Cybersecurity
Principal Investigator: Mary Lancaster

View more

Description

An objective, reliable, repeatable basis for evaluating cybersecurity resilience is needed. A cybersecurity resilience framework facilitates discussion and decision making among stakeholders and cybersecurity practitioners, allows comparisons between system configurations, and enables the creation of minimum acceptable performance thresholds.

Artifacts


Services and Institutional Capabilities

Tabletop Training & Coordination

Training for coordinated cyber response and decision making

Dorci - The Defenders Role in Resilient Cybersecurity
Principal Investigator: Rick Riensche

View more

Description

Implementing cutting edge concepts in automation, algorithms, and infrastructure can severely increase the complexity for the human managing all of it, negating the increase in cost for the adversary, unless we start early and evaluate the role of cyber defenders in a new paradigm of resilient infrastructure. We are identifying the defender?s role in resilient cyber security, how to best convey needed information to them for situational awareness, and how to provide the ability to investigate malicious activity. Studies are being conducted across many organizations to 1) identify key awareness challenges presented by resilient technologies, 2) study various approaches for conveying network awareness while the underlying infrastructure is dynamic, and 3) find why certain data attributes are required today (to allow us to potentially answer the question in a different manner). Studies will be compiled and assessed for insight on how to proceed forward with enabling defenders in the future; prototypes will then be developed, incorporating concepts from resiliency applications, and validated with the defender community.

Artifacts


Science Council

Assistance of analysisof experimental plans and interpretations of results by experienced experimentalist having a variety of backgrounds

Science Council
Principal Investigator: Erin Miller

View more

Description

A fundamental assumption of the ARC Initiative is that significant improvements in sustaining functionality of cyber systems in the face of ongoing attacks requires thinking strategically about the problem and conducting research that is defensible, repeatable, and has enduring impact. The initiative has engaged scientists from other research domains to develop science practices that are relevant to cybersecurity research with the intent of enhancing the quality and impact of the initiatives research results.

Artifacts


CyberFit and Data Stewardship Board

Assistance of analysisof experimental plans and interpretations of results by experienced experimentalist having a variety of backgrounds

CyberFit
Principal Investigator: Chance Younkin

View more

Description

CyberFit lays the groundwork for cyber operations, cyber research, and cyber engineering to team up and create a culture of Cyber Fitness, better standing up against our adversaries. While there has long been a positive attitude between cyber operations, researchers, and software engineers, the culture gap and lack of interaction between these groups has been problematic. The CyberFit approach to removing this culture gap is to lay a foundation of teamwork and technology. CyberFit Trench Talks provide the communication, feedback, and engagement foundation of teamwork, while the CyberFit Data Warehouse is the technology delivers, data, novel technology, and finally solutions to problems. Together the Data Warehouse and the Trench Talks provide the teamwork and technology foundation for a blended culture of CyberFit-ness.

Artifacts

Asymmetric Resilient Cybersecurity

The ARC Team