Can transparent computing stop the worst cyberattacks?
- By Defense Systems Staff
- Dec 04, 2014
Cyber spies and criminals rely on the fact that computer networks are complex systems, the equivalent of a maze of dark alleys and byways that gives them plenty of places to hide. Some network intrusions can go months or even years before being detected, and in many cases an organization that’s been hacked doesn’t find out on its own but only after being notified by a security company or other outside source.
The Defense Advanced Research Projects Agency wants to throw light on the problem, by providing a clear view of everything going on inside a system, which would make it easier to identify and respond to attacks.
The agency recently released a solicitation for its Transparent Computing program, which it says “aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction, while imposing minimal performance overhead.”
DARPA said it is focused particularly on stopping Advanced Persistent Threats, a term that generally refers to sophisticated, organized, long-running attacks aimed at stealing information, such as the attacks from China that struck contractors of the U.S. Transportation Command for a just about a solid year between June 2013 and May 2014. APTs tend to originate with well-heeled organizations such as nation-states and organized criminals.
Today’s computing systems act as “black boxes” that obscure their inner workings, allowing ATPs as well as less sophisticated attacks, to go unnoticed, DARPA said. The Transparent Computing, or TC, program wants to develop technologies to record the source of all of a system’s components, such as software modules and processors, and track all of the interactions between those components. TC would then take an overall view of system behaviors and “reason” over those behaviors, both in real time and forensically.
“Logically, TC will construct an enterprise-wide Information Plane that creates, propagates, and reasons about metadata associated with the computation,” a process of “connecting the dots” that “will enable the prompt detection of APTs and other cyber threats, and allow complete root cause analysis and damage assessment once adversary activity is identified,” DARPA said.
With the TC program, the agency is looking to develop the basic technologies and a prototype for a multilayer data collection architecture and an analysis/enforcement engine for proactive policy enforcement and near-real-time intrusion detection and forensic analysis.
The agency will hold a proposer’s day Dec. 15 from 2 p.m. to 5:30 p.m. at the DARPA Conference Center in Arlington, Va. Preregistration is required.