Publications

Today’s networked systems utilize advanced security components such as Next Generation Firewall (NGFW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and methods for network traffic classification. A fundamental aspect of these security components and methods is network packet visibility and packet inspection. To achieve packet visibility, a compute mechanism used by these security components and methods is Deep Packet Inspection (DPI). DPI is used to obtain visibility into packet fields by looking deeper inside packets, beyond just IP address, port, and protocol. However, DPI is considered extremely expensive in terms of compute processing costs and very challenging to implement on high speed network systems. The fundamental scientific paradigm addressed in this research project is the application of greater network packet visibility and packet inspection at data rates greater than 40Gbps to secure computer network systems. The greater visibility and inspection will enable detection of advanced content-based threats that exploit application vulnerabilities and are designed to bypass traditional security approaches such as firewalls and antivirus scanners. Greater visibility and inspection are achieved through identification of the application protocol (e.g., HTTP, SMTP, Skype) and, in some cases, extraction and processing of the information contained in the packet payload. Analysis is then performed on the resulting DPI data to identify potentially malicious behavior. In order to obtain visibility and inspect the application protocol and contents at high speed data rates, advanced DPI technologies and implementations are developed.

Abstract not provided.

This report summarizes a two-year LDRD project that investigated the problem of representing complex supply chains, identifying the worst risks and evaluating mitigation options. Our team developed a framework that includes a representation for business processes, risk assessment questions, risk indicators and methods for analyzing and summarizing the data. In our approach, the Process Matrix represents an overall supply chain for an end product in a high-level, tabular form. It connects the various touch-points of a business process including people, external vendors, tools, storage locations and transportation services while capturing the flow of both physical and intellectual artifacts. We believe these direct connections are exactly the things that a process owner can typically control. These material flows (both physical and intellectual) are also represented in a graph. This enables us to use graph-oriented analysis such as fault tree analysis and attack graph generation. Our approach is top-down, which helps users to get a more holistic understanding for a given amount of resources. Understanding the provenance of materials is difficult and it is easy to exhaust the analysts' resources. Rather than a tool to do vendor analysis or product comparison, our framework enables an enterprise-level analysis. The risk assessment questionnaires have a varying levels of detail and cover various aspects of the supply chain such as process steps, artifacts, suppliers, etc. and connections between these aspects such as artifact-storage, artifact-supplier, etc. Each question is further associated with one of seven risk indicators which can be used to summarize the risk. These risk indicators can also be weighted to reflect a user's concerns. We have successfully applied our framework to several use cases in various stages of its development and provided valuable insights to our partners, but it can also be applied to other complex systems outside of the supply chain security problem.