PARC and GMU selected for DARPA ConSec project
The Palo Alto Research Center, Inc. (PARC, a Xerox company) and George Mason University (GMU) have been awarded a contract from the Defense Advanced Research Project Agency (DARPA) Configuration Security program (ConSec), PARC announced February 12. Within ConSec, researchers from PARC and GMU will collaborate on a project christened SCIBORG: Secure Configurations for the Internet of Things (IoT) based on Optimization and Reasoning on Graphs. The goal of SCIBORG is to devise fundamentally new approaches to determine security configurations that protect critical infrastructure and IoT-based systems.
“SCIBORG will measure its success in terms of the reduction of the impact of potential attacks. To reason about the security of an IoT configuration, it is important to evaluate the attack paths that are available to the adversary,” said Hamed Soroush, senior researcher at PARC and the Principal investigator. “Configuration settings that reduce the impact of these attack paths would, by this line of reasoning, be more secure.”
The ConSec program aims to develop new approaches to generate and deploy secure configurations of components that make up large cyber-physical and cyber-military systems. Particularly desired are configurations that will minimize the vulnerability to attacks while maintaining the expected functionality and performance. This is an intractable problem because the space of possible configuration settings is extremely large and because it is not clear how to reason about security and functionality in a system-of-systems scenario.
“SCIBORG’s focus on attack paths has an interesting side benefit; it provides one way to generate evidence explaining why a chosen configuration is more secure,” said Shantanu Rane, who manages the Cyber-Physical Systems Security research area at PARC and will be the co-PI on this project.
To achieve SCIBORG’s goals, PARC and GMU researchers will ingest per-component configurations and construct graph-based models to capture within-component and between-component dependencies among configuration elements. They will seek efficient and automated approaches to minimize the impact of possible attack paths, while maintaining functionality and performance.
“SCIBORG’s approach explicitly encodes constraints on the configuration parameters using graph-based models, allowing us to significantly reduce the actual number of configurations that need to be tested for security and functionality,” said Ersin Uzun, director of PARC’s System Sciences Laboratory.