National Technical Reports Library - NTRL

National Technical Reports Library


Details
Actions:
Download PDFDownload PDF
Download

Organically Assured and Survivable Information Systems (OASIS) demonstration and Validation Program.


ADA425566

Publication Date 2004
Personal Author Scnackenberg, D.
Page Count 32
Abstract This document summarizes the results of the Boeing team's survivable Joint Battlespace Infosphere (JBI) design effort. The objective of the effort was to develop the design for a JBI system that could operate through sophisticated adversary attack, and yet scale well to wide-area networks. The design approach ensures that intrusion tolerance mechanisms do not significantly degrade performance, yet are still able to tolerate compromised components. For the system to be deployable and the results to transition to real systems, the performance costs of providing intrusion tolerance must be contained. This final report provides an overview of the system's design, which supports JBI operation over both local and wide-area networks. There are multiple survivable JBI enclaves, each comprising a data and management LAN. The data LANs in remote enclaves communicate over a data IPSec VPN, and the management LANs communicate over a separate VPN. These VPNs separate data and management traffic, reducing the risk that penetration of the data LAN will lead to penetration of the management LAN. The system implements eight layers of defense that are responsible for data integrity, data confidentiality, and availability. The defense layers provide protection against basic system threats of benign network and computer faults, passive attacks, low intensity active attacks, denial of service, and internal attacks. Methods of deception employed by the system include honeypots, platform/application disguising, IP address hiding, traffic hiding, and code address hiding. The design has several dynamic reactions available for use when network security state changes. The report also discusses the system's intrusion detection mechanisms and project accomplishments (i.e., information assurance, varied intrusion tolerance approaches, group communications, pervasive packet filtering, strong access control, and survivability grammar). (7 figures, 17 refs.).
Keywords
  • Data management
  • Information systems
  • Survivability
  • Fault tolerant computing
  • Systems management
  • Network architecture
  • Intrusion detection(Computers)
  • Local area networks
  • Low costs
  • Threats
  • Demonstrations
  • Wide area networks
  • Joint military activities
  • Hybrid systems
  • Computer access control
  • Data transmission security
  • Firewalls(Computers)
  • Information assurance
  • Joint battlespace infosphere
  • Intrusion tolerant survivable systems
  • Application-level authorizations
  • Enclave-level correlation
  • Intrusion reporting
  • Intrusion response
  • Intrusion detection
  • Byzantine fault tolerance
  • Virtual private networks
  • Nids(Network intrusion detection systems)
  • Survivable spread
  • Oasis(Organically assured and survivable information systems)
Source Agency
  • Non Paid ADAS
Corporate Authors Boeing Phantom Works, Seattle, WA.
Supplemental Notes The original document contains color images.
Document Type Technical Report
Title Note Final rept. Aug 2002-Oct 2003.
NTIS Issue Number 200502
Contract Number
  • F30602-02-C-0203
Organically Assured and Survivable Information Systems (OASIS) demonstration and Validation Program.
Organically Assured and Survivable Information Systems (OASIS) demonstration and Validation Program.
ADA425566

  • Data management
  • Information systems
  • Survivability
  • Fault tolerant computing
  • Systems management
  • Network architecture
  • Intrusion detection(Computers)
  • Local area networks
  • Low costs
  • Threats
  • Demonstrations
  • Wide area networks
  • Joint military activities
  • Hybrid systems
  • Computer access control
  • Data transmission security
  • Firewalls(Computers)
  • Information assurance
  • Joint battlespace infosphere
  • Intrusion tolerant survivable systems
  • Application-level authorizations
  • Enclave-level correlation
  • Intrusion reporting
  • Intrusion response
  • Intrusion detection
  • Byzantine fault tolerance
  • Virtual private networks
  • Nids(Network intrusion detection systems)
  • Survivable spread
  • Oasis(Organically assured and survivable information systems)
  • Non Paid ADAS
  • F30602-02-C-0203
Loading