Air Force and DARPA look to Kudu Dynamics to detect and counter long-term cyber security threats
WRIGHT-PATTERSON AFB, Ohio, 19 June 2015. U.S. Air Force cyber security experts are looking to Kudu Dynamics LLC in Catharpin, Va., to help enhance the understanding of internal computer functions as a way to detect and counter advanced cyber warfare threats.
Officials of the Air Force Research Laboratory at Wright-Patterson Air Force Base, Ohio, announced a $7.2 million contract to Kudu Dynamics late Thursday to participate in the Transparent Computing project. The Air Force Research Lab awarded the contract on behalf of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va.
Kudu Dynamics cyber experts will develop ways for the prompt detection of advanced persistent threats and other cyber threats and allow complete root cause analysis and damage assessment once adversary activity is identified.
The DARPA Transparent Computing program aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during computer and network system operation across all layers of software abstraction, while imposing minimal performance overhead.
Modern computing systems act as black boxes in that they accept inputs and generate outputs but provide little to no visibility of their internal workings, DARPA researchers explain.
This lack of transparency limits the ability to understand cyber behaviors at the level of detail necessary to detect and counter some of the most important types of cyber threats like Advanced Persistent Threats (APTs).
APT adversaries act slowly and deliberately over a long period of time to expand their presence in an enterprise network and achieve their goals, such as information exfiltration, interference with decision making, and denial of capability.
Because modern computing systems are opaque, the APT can remain undetected for years if their activities can blend with the background noise inherent in any large, complex environment.
Beyond the APT problem, the lack of understanding of complex system interactions interferes with the ability to diagnose and troubleshoot less sophisticated attacks or non-malicious faulty behavior that spans several applications and systems.
The Transparent Computing program aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction, while imposing minimal performance overhead.
The program will develop technologies to record and preserve the origins of all system elements and components like inputs, software modules, and processes; dynamically track the interactions and dependencies among components; assemble these dependencies into system behaviors; and reason about these behaviors forensically and in real-time.
The Transparent Computing program will construct an enterprise-wide information plane that creates, propagates, and reasons about computational metadata that could reveal malice or abnormal computer behavior concealed within individually legitimate computer activities.
Transparent Computing will enable the prompt detection of APTs and other cyber threats, and allow complete root cause analysis and damage assessment once adversary activity is identified, DARPA researchers say.
In addition, the Transparent Computing program will integrate its basic cyber reasoning functions in an enterprise-scale cyber monitoring and control construct that enforces security policies at key data input and output points, like the firewall.
The program will produce basic technologies and an experimental prototype with multilayer data collection and an analysis/enforcement engine that will enforce permissible and impermissible interactions, as well as near-real-time intrusion detection and forensic analysis.
The Transparent Computing program will have five technical areas: tracking causal relationship among programs and data; analyzing data forensically and in real-time; constructing the integrated experimental prototype; creating scenarios to guide periodic simulated cyber attacks; and simulating cyber attacks.
On this contract Kudu Dynamics experts will do the work in Catharpin, Va., and should be finished by August 2019. The contract was part of a competitive acquisition with 51 offers submitted. More Transparent Computing contracts may be awarded.