| Abstract |
This document summarizes the results of the Boeing team's survivable Joint Battlespace Infosphere (JBI) design effort. The objective of the effort was to develop the design for a JBI system that could operate through sophisticated adversary attack, and yet scale well to wide-area networks. The design approach ensures that intrusion tolerance mechanisms do not significantly degrade performance, yet are still able to tolerate compromised components. For the system to be deployable and the results to transition to real systems, the performance costs of providing intrusion tolerance must be contained. This final report provides an overview of the system's design, which supports JBI operation over both local and wide-area networks. There are multiple survivable JBI enclaves, each comprising a data and management LAN. The data LANs in remote enclaves communicate over a data IPSec VPN, and the management LANs communicate over a separate VPN. These VPNs separate data and management traffic, reducing the risk that penetration of the data LAN will lead to penetration of the management LAN. The system implements eight layers of defense that are responsible for data integrity, data confidentiality, and availability. The defense layers provide protection against basic system threats of benign network and computer faults, passive attacks, low intensity active attacks, denial of service, and internal attacks. Methods of deception employed by the system include honeypots, platform/application disguising, IP address hiding, traffic hiding, and code address hiding. The design has several dynamic reactions available for use when network security state changes. The report also discusses the system's intrusion detection mechanisms and project accomplishments (i.e., information assurance, varied intrusion tolerance approaches, group communications, pervasive packet filtering, strong access control, and survivability grammar). (7 figures, 17 refs.). |
