developing a requirements framework for cybercraft trust
play

Developing a Requirements Framework for Cybercraft Trust Evaluation - PowerPoint PPT Presentation

Sep 03, 2023 •324 likes •556 views

Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Developing a Requirements Framework for Cybercraft Trust Evaluation J. Todd McDonald Shannon Hunt Center for Cyberspace Research Department of Electrical and

  1. Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Developing a Requirements Framework for Cybercraft Trust Evaluation J. Todd McDonald Shannon Hunt Center for Cyberspace Research Department of Electrical and Computer Engineering Air Force Institute of Technology Wright Patterson AFB, OH Air University: The Intellectual and Leadership Center of the Air Force 1 Integrity - Service - Excellence

  2. Sponsor Develop America's Airmen Today ... for Tomorrow Research sponsorship by: Cybercraft Initiative AFRL/RIGA Cyber-Operations Branch Rome Labs, NY Air University: The Intellectual and Leadership Center of the Air Force 2 Integrity - Service - Excellence

  3. Context: Air Force Mission Develop America's Airmen Today ... for Tomorrow “ The mission of the United States Air Force is to deliver sovereign options for the defense of the United States of America and its global interests -- to fly and fight in Air, Space, and Cyberspace .” - Michael W. Wynne Cybercraft: Cyberspace Superiority Aircraft: Air Superiority Spacecraft: Space Superiority Air University: The Intellectual and Leadership Center of the Air Force 3 Integrity - Service - Excellence

  4. What is a Cybercraft? Develop America's Airmen Today ... for Tomorrow “ A Cybercraft is a trusted computer entity designed to cooperate with other Cybercraft to defend Air Force networks.” • Cybercraft fleet • Composed of autonomous agents • Installed on every AF network device (1+ million agents) • Incorporate decision engines to rapidly make decisions and take defensive actions without human intervention • Command and Control network to pass commands, policies, environment data, payloads, etc. What is required for a commander to trust a Cybercraft to act autonomously to defend military information systems? Air University: The Intellectual and Leadership Center of the Air Force 4 Integrity - Service - Excellence

  5. Motivation & Goals Develop America's Airmen Today ... for Tomorrow • Can we create a reference framework for evaluating various trust models and their applicability for use in Cybercraft? • Can we link specific Cybercraft scenarios to specific trust model expressions? • Can we express and evaluate transitive trust for specific Cybercraft mission scenarios? This research presents an approach for considering trust expression in relation to Cybercraft requirements, analysis, and design consideration Air University: The Intellectual and Leadership Center of the Air Force 5 Integrity - Service - Excellence

  6. Conceptual Architecture Develop America's Airmen Today ... for Tomorrow Aircraft Cybercraft • Command • Command Long Service Life Large Investment • Control • Control Wide Variety Of Missions Intense Scrutiny • Communication • Communications Attribution • Delivery Authentication Reliability Payload Payload Trusted platform for C3 Trusted view of cyberspace • Cause Effects • Cause Effects Trusted execution of commander’s intent Hardware root of trust on every AF cyber asset Rapid Development Expendable Specific Effects Effectiveness Sensors Effectors Decision Engines Air University: The Intellectual and Leadership Center of the Air Force 6 Integrity - Service - Excellence

  7. Cybercraft Domain Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 7 Integrity - Service - Excellence

  8. Trust in Cybercraft Develop America's Airmen Today ... for Tomorrow • Why bother with trust (yuck, it’s elusive) versus security anyway ??? • Non-human autonomy / decision making • Ability to characterize human-like decision making process • Root of trust (platform) • Hardware versus software protection (virtualization/OS level) • Transitivity from platform to payloads • Trust in an agent’s abilities (platform/payload) • Confidence in the data produced by an agent • Identify which agents may be compromised or are incompetent • Limitation of powers (payload) • Policy-defined bounds for autonomous decisions • How not to create a DDOS threat from our own Cybercraft fleet • Establishing commander-level trust in boundaries • Depiction of the environment (payload) • Combining data produced by different agents • Estimating the effectiveness of a Cyber-operation (Cyber BDA) Air University: The Intellectual and Leadership Center of the Air Force 8 Integrity - Service - Excellence

  9. Transitive Trust Develop America's Airmen Today ... for Tomorrow • A  B  C  D  E • Read A trusts B, who trusts C, who trusts D, who trusts E, therefore A trusts E D trusts??? • Possibilities assessments A • Platform to platform trusts??? E trusts??? • Agent to agent (payloads) C • Platform to agent (payload) • Platform to environment • Payload to environment Air University: The Intellectual and Leadership Center of the Air Force 9 Integrity - Service - Excellence

  10. Root of Trust Develop America's Airmen Today ... for Tomorrow • Does the root of trust in the Cybercraft platform transfer to the other components of the system • OS • Network • Applications • Third-party software Air University: The Intellectual and Leadership Center of the Air Force 10 Integrity - Service - Excellence

  11. Software Process Models vs. Trust Models Develop America's Airmen Today ... for Tomorrow Software Process Models Trust Models • • Specification-based (waterfall) Allows for a mathematically way to gauge trustworthiness of • Usage of prototyping interacting entities • Enable devices to form, maintain, • Iterative / Evolutionary processes and evolve trust opinions • Incremental delivery • Opinions are used for the • Spiral development configuration of the system • Agile development • Incorporate Quality of Service (QoS) • Rational Unified Process requirements • Extreme Programming • Whether or not certain transactions with take place or not (low – high risk) • Plan for the lack of a globally available infrastructure • Entities that are dynamic and anonymous • Human tailored • Subjective • Highly customizable Air University: The Intellectual and Leadership Center of the Air Force 11 Integrity - Service - Excellence

  12. Bridging Trust and Requirements Develop America's Airmen Today ... for Tomorrow • How do we transition from user requirements to evaluating commander’s trust? • How do we express agent-based trust in terms of system usage and possible mission areas? • We need models to precisely evaluate security assumptions, attacks, and risks within the Cybercraft architecture • We need a mathematical approach to understanding transitive trust and root of trust questions specific to Cybercraft missions “It is essential that regardless of the (trust) model chosen, the reason we want to use the model and our expectation of what it will provide in terms of security must be clearly defined.” Air University: The Intellectual and Leadership Center of the Air Force 12 Integrity - Service - Excellence

  13. Requirements Analysis Develop America's Airmen Today ... for Tomorrow • Explicit Cybercraft requirements are immature, therefore explicit trust model requirements are immature • Solution: Provide iterative approach • Attack/Defense Trees • Visualize attacks on our networks and ways to defend them • Use Cases • Text describing step-by-step interaction between a user and a system Air University: The Intellectual and Leadership Center of the Air Force 13 Integrity - Service - Excellence

  14. Trust Model Evaluation Develop America's Airmen Today ... for Tomorrow • Three main ideas of trust • initial trust • trust exchange • trust evolution • Three models under view • hTrust (human Trust) • VTrust (Trust Vector) • P2P (Peer to Peer) • Applying the models: • Evaluate fitness of models for Cybercraft trust questions • Apply specific scenarios Air University: The Intellectual and Leadership Center of the Air Force 14 Integrity - Service - Excellence

  15. Current Scenarios Develop America's Airmen Today ... for Tomorrow • Scenario One – transitive trust • How far can each model create a transitive trust chain (a  b  c  d  e …) • Scenario Two – AV update • Case one: AV is installed on machine and up-to-date • Case two: AV is not installed • Case three: AV is installed but not updated Air University: The Intellectual and Leadership Center of the Air Force 15 Integrity - Service - Excellence

  16. Scenario 1 Analysis Develop America's Airmen Today ... for Tomorrow • hTrust – chain fell apart after agent c • P2P – chain can be quite long VTrust Chain Trust Results 1.00 • VTrust – depends on the values 0.90 0.80 0.70 VTrust initial values Trust Value 0.60 0.50 0.40 0.30 0.20 0.10 0.00 a-c a-d a-e a-f a-g Agents VTrust Chain Trust Results 1.0000 VTrust final results 0.9000 0.8000 0.7000 Trust Value 0.6000 0.5000 0.4000 0.3000 0.2000 0.1000 0.0000 a-c a-d a-e a-f a-g a-h a-i a-j a-k a-l a-m a-n a-o a-p a-q a-r a-s a-t a-u a-v a-w a-x a-y a-z Agent Air University: The Intellectual and Leadership Center of the Air Force 16 Integrity - Service - Excellence

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Health Engagement with BME Communities in Brighton & Hove The Trust for Developing

Health Engagement with BME Communities in Brighton & Hove The Trust for Developing

Health Engagement with BME Communities in Brighton & Hove The Trust for Developing Communities The Trust for Developing Communities The Trust for Developing Communities The Trust for Developing Communities - - - - supporting community

130 views • 8 slides
Developing & Evaluating Space-Based Earth Observation Data Requirements for GEOGLAM Alyssa

Developing & Evaluating Space-Based Earth Observation Data Requirements for GEOGLAM Alyssa

Developing & Evaluating Space-Based Earth Observation Data Requirements for GEOGLAM Alyssa K. Whitcraft et al. GEOGLAM Secretariat akwhitcraft@GEOGLAM.org CEOS LSI-VC Meeting Los Angeles, CA 20 July 2016 Policy Framework for

493 views • 27 slides
Regulatory and Institutional Framework for e-Trust in Burkina Faso Tunis , 04 & 05 April

Regulatory and Institutional Framework for e-Trust in Burkina Faso Tunis , 04 & 05 April

INTERREGIONAL STANDARDIZATION FORUM FOR PKI & E-TRUST 2 nd edition Regulatory and Institutional Framework for e-Trust in Burkina Faso Tunis , 04 & 05 April 2019 Anfana TRAORE Advisor of Digital Economy Development Minister

723 views • 20 slides
Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Vlp

Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Vlp

Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Vlp University of Luxembourg Interdisciplinary Centre for Security, Reliability and Trust CritiX Critical and Extreme Security and Dependability

266 views • 12 slides
Brave Hearts, Bold Minds A Framework for developing the Character and Care of Boys Dr Ian PM

Brave Hearts, Bold Minds A Framework for developing the Character and Care of Boys Dr Ian PM

Brave Hearts, Bold Minds A Framework for developing the Character and Care of Boys Dr Ian PM Lambert and Dr Hugh Chilton Who are you? Why are you here? The need for a Framework for Character and Care Developing a Framework for Character and

800 views • 57 slides
Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements Christophe

Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements Christophe

Third International Workshop on Requirements Engineering and Law (RELAW 10) - September 28 th 2010 Conceptualizing a Responsibility based Approach for Elaborating and Verifying RBAC Policies Conforming with CobiT Framework Requirements

429 views • 27 slides
Agenda Motivation and Related Works ALS The pALS framework Achievements and Results

Agenda Motivation and Related Works ALS The pALS framework Achievements and Results

19/04/2010 pALS: an Object Oriented Framework for Developing Parallel Cooperative Developing Parallel Cooperative Metaheuristics Harold Castro , Andrs Bernal COMIT (COMunications and Information Technology) Systems and Computing Engineering

478 views • 12 slides
Framework and Requirements for Shared Mesh Protec8on in

Framework and Requirements for Shared Mesh Protec8on in

Framework and Requirements for Shared Mesh Protec8on in MPLS-TP IETF 84 July, 2012 Yaacov Weingarten Sam K. Aldrin Contributors to SMP

266 views • 9 slides
Developing the UKs regulatory framework for automated vehicles Jessica Uguccioni Law

Developing the UKs regulatory framework for automated vehicles Jessica Uguccioni Law

Developing the UKs regulatory framework for automated vehicles Jessica Uguccioni Law Commission of England and Wales 79 th Session of WP.1 18 September 2019 The Law Commissions Independent statutory bodies created in 1965 Purpose:

230 views • 18 slides
Framework and Requirements for the Internet Intelligent Networks L. Slutsman, G. Ash AT&T

Framework and Requirements for the Internet Intelligent Networks L. Slutsman, G. Ash AT&T

Framework and Requirements for the Internet Intelligent Networks L. Slutsman, G. Ash AT&T Labs F. Haerens Alcatel V. Gurbani Lucent Technologies IETF-47 IPTEL 1 Outline Generalized IIN architecture Transparent Access from SIP

142 views • 11 slides
Talking with parents about immunisation- developing trust and providing information Redbridge

Talking with parents about immunisation- developing trust and providing information Redbridge

Talking with parents about immunisation- developing trust and providing information Redbridge 29-09-2011 David Elliman (Whittington Health) with acknowledgements to Helen Bedford Immunisation process Research shows:- Most parents

857 views • 83 slides
INTER-TRUST Interoperable Trust Assurance Infrastructure Grant agreement no: 317731 Introduction

INTER-TRUST Interoperable Trust Assurance Infrastructure Grant agreement no: 317731 Introduction

INTER-TRUST ICT FP7- G.A. 317731 INTER-TRUST Interoperable Trust Assurance Infrastructure Grant agreement no: 317731 Introduction The main objective of the INTER-TRUST project is to develop a framework to support trustworthy applications

255 views • 4 slides
The Process of Developing a Draft Framework for SAMS for the Transformation of Agriculture in

The Process of Developing a Draft Framework for SAMS for the Transformation of Agriculture in

The Process of Developing a Draft Framework for SAMS for the Transformation of Agriculture in Africa: Sending the Hand-hoe to the Museum by Geoffrey C. Mrema Department of Engineering Sciences & Technology College of Agriculture Sokoine

481 views • 9 slides
Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts,

Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts,

Presenting a live 90-minute webinar with interactive Q&A Special Purpose Acquisition Companies: Structuring IPOs and Facilitating Future Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts, and

484 views • 29 slides
Developing a new framework for managing absence Dr Richard Preece, Consultant in occupational

Developing a new framework for managing absence Dr Richard Preece, Consultant in occupational

Developing a new framework for managing absence Dr Richard Preece, Consultant in occupational medicine Melissa Holley, Head of Human Resources Management Mid Cheshire Hospitals NHS FT A celebration of those light bulb moments that are

524 views • 30 slides
SeerSuite: Developing a Scalable and Reliable Application Framework for Building Digital

SeerSuite: Developing a Scalable and Reliable Application Framework for Building Digital

SeerSuite: Developing a Scalable and Reliable Application Framework for Building Digital Libraries by Crawling the Web Pradeep Teregowda*, Isaac Councill # , Juan Fernandez*, Shuyi Zheng*, Madian Khabsa*, C. Lee Giles* * Pennsylvania State

586 views • 31 slides
When Do People Trust Their Social Groups? Xiao Ma Justin Cheng Shankar Iyer Mor Naaman

When Do People Trust Their Social Groups? Xiao Ma Justin Cheng Shankar Iyer Mor Naaman

When Do People Trust Their Social Groups? Xiao Ma Justin Cheng Shankar Iyer Mor Naaman @infoxiao @jcccf @therealshankar @informor 1 Frith (2007), Lieberman (2013) 2 3 What is a "good" group? 4 What is a

866 views • 64 slides
Measuring Trust in Peruvian Shantytowns Dean Karlan Markus Mobius Tanya Rosenblat Yale

Measuring Trust in Peruvian Shantytowns Dean Karlan Markus Mobius Tanya Rosenblat Yale

Measuring Trust in Peruvian Shantytowns Dean Karlan Markus Mobius Tanya Rosenblat Yale University Microsoft Research University of Michigan Adam Szeidl Central European University July 2015 Measuring Trust in Peruvian Shantytowns 1 / 36

672 views • 38 slides
Building a Web App that Doesnt Trust the Server Daniel Huigens What do we want to achieve?

Building a Web App that Doesnt Trust the Server Daniel Huigens What do we want to achieve?

Securing ProtonMail: Building a Web App that Doesnt Trust the Server Daniel Huigens What do we want to achieve? Allow you to trust that we cant read your email Without trusting the server 2 How does our web app work? Normal

317 views • 17 slides
TOOLS FOR TRUST Moderator : Deb eborah Morto ton, Deputy Director, Parks & Recreation, City

TOOLS FOR TRUST Moderator : Deb eborah Morto ton, Deputy Director, Parks & Recreation, City

TOOLS FOR TRUST Moderator : Deb eborah Morto ton, Deputy Director, Parks & Recreation, City of Richmond, Richmond, VA Panelists : Chr hristi tian Cle legg, Deputy City Manager, City of Stockton, Stockton, CA Elo Elon Sim imms, Columbus

738 views • 22 slides
A Calculus for Trust Management Vladimiro Sassone University of Sussex, UK GC 2004:

A Calculus for Trust Management Vladimiro Sassone University of Sussex, UK GC 2004:

Why A Calculus for Trust Management Vladimiro Sassone University of Sussex, UK GC 2004: MyThS/MIKADO/DART Meeting Venice 16.06.04 with M. Carbone and M. Nielsen V. Sassone CTM Why Trust and Trust Management Trust: What is it? Think of

652 views • 16 slides
CMSC 20370/30370 Winter 2020 Building Trust/Rapport For Need- Finding Case Study: Low Income

CMSC 20370/30370 Winter 2020 Building Trust/Rapport For Need- Finding Case Study: Low Income

CMSC 20370/30370 Winter 2020 Building Trust/Rapport For Need- Finding Case Study: Low Income Users Jan 27, 2020 Quiz Time (5-7 minutes). Quiz on Tough Times at Homeless Shelters Principles of Good Design Administrivia GP1 due on Friday

743 views • 59 slides
The Challenges of Online Trust For online and offline business Alex Todd, President, Trust

The Challenges of Online Trust For online and offline business Alex Todd, President, Trust

The Challenges of Online Trust For online and offline business Alex Todd, President, Trust Enabling Strategies McMaster World Congress 2005 1 Why do we still not trust the Internet? 2 Internet Trends 200 175 Users Growth Usage 150

566 views • 28 slides
Culture after the Dark Ages Finding your way into whats next Jason Hynson Rhonda

Culture after the Dark Ages Finding your way into whats next Jason Hynson Rhonda

Culture after the Dark Ages Finding your way into whats next Jason Hynson Rhonda Chapman Victory Mission Great Game of Business Springfield, MO Springfield, MO Oh My! I dont even like going to work! DATA: According to a 2018

564 views • 19 slides

More recommend