File preview
Photos placed in horizontal position with even amount of white space between photos and header
Pilo%ng
a
Secure
System
Design
Compe%%on
Ben
Cook
on
behalf
of
the
FIREAXE
Team
Adam
Anderson,
Mitch
Adair,
William
Atkins,
Alan
Berryhill,
Dominic
Chen,
Ben
Cook,
Jeremy
Erickson,
Michael
Z.
Lee,
Steve
Hurd,
Ron
Olsberg,
Lyndon
Pierson,
Owen
Redwood,
Yevgeniy
Vorobeychik
Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND NO. 2012-10175C
Origins
of
a
Secure
System
Design
Compe%%on
for
Students
§
April
2010
at
Carl
Landwehr’s
Designing
a
Secure
Systems
Engineering
Compe%%on
(DESSEC)
Workshop
§ DESSEC’s
Workforce
Development
track
iden%fied
needs
and
poten%al
compe%%on
“specifica%ons”
§ Considered
how
to
aYract,
mo%vate,
inform,
and
educate
students
in
cyber
security
§ Acknowledged
significant
gap
in
secure
design
educa%on
§ Highlighted
importance
of
adversarial
mindset,
understanding
of
“lore”,
ability
to
convert
aYack
knowledge
to
robust
defense,
and
confidence
to
take
on
real-‐world
system
engineering
problems
§ Produced
several
loosely
developed
compe%%on
ideas:
Cyber
Cup,
Cyber
Village,
Cyber
Scouts,
Weakest
Link
§ In
late
2010
Doug
Maughan
at
DHS
S&T
endorsed
CCD
pilot
2
The
Compe%%on
Se]ng:
Sandia’s
Center
for
Cyber
Defenders
(CCD)
§ CCD
is
a
highly
selec%ve,
applied
research
internship
ins%tute
at
Sandia’s
New
Mexico
and
California
sites
§ Hosted
30
undergraduate
and
graduate
students
in
summer
2012
from
about
20
universi%es
(selected
from
over
300
applicants)
§ Offers
collabora%ve,
threat-‐informed,
project-‐ based
internships
in
cyber
security
§ Contributes
enabling
solu%ons
to
real
na%onal
security
R&D
projects
in
cyber
security:
examples
include
control
system
modeling,
network
situa%onal
awareness,
protocol
analysis,
digital
forensics,
and
red
teaming
3
The
Compe%%on
Specifica%on:
A
Stylized
Electronic
Vo%ng
System
§ Designed
to
help
students
iden%fy
and
internalize
security
principles
§ Assumed
realis%c
but
limited
threat
model
§ Clearly
(or
so
we
thought)
spelled
out
specifica%on
including
requirements,
rules,
and
evalua%on
and
scoring
procedure
EVS consists of a server (election management system) and client (voting station) with sneakernet USB for data transfer
4
Compe%%on
Structure
and
Results
§ Compe%%on
structured
into
mul%ple
rounds
each
having
a
dis%nct
design
and
then
red
team
phase
§ “Design
and
red
team”
itera%ve
structure
was
chosen
to
cul%vate
and
integrate
adversarial
mindset
into
an
evolu%onary
design
process
§ Pilot
included
two,
three-‐person
student
teams
and
white
team
for
oversight
§ Constrained
red
teaming
to
predefined
aYack
scenarios
with
either
user-‐
or
root-‐level
access
§ Students
produced
two
substan%ally
different
designs
§ NM
team
focused
on
customizing
the
kernel
and
produced
very
small,
highly
restricted
OS,
while
CA
team
implemented
limited
user
shell
and
“red
pill”
§ Teams
choose
different
development
plaforms,
tools,
and
crypto
libraries
5
Observa%ons
§ Students
improved
their
understanding
of
and
ability
to
ar%culate
secure
design
principles
§ § § § § Reduce
aYack
surface
Use
exis%ng
tools
Enforce
policies
at
lowest
level
Defense
in
depth
Prevent
easy
access
§ Specifica%on
of
an
effec%ve
compe%%on
is
nontrivial:
despite
extensive
pre-‐work,
numerous
ambigui%es
surfaced
and
unan%cipated
issues
arose
§ Compe%%ons
are
great
mo%vator…
this
was
billed
as
research
project
but
students
were
quick
to
forget
6
What’s
Ahead?
§ Scale
and
sustain
compe%%on
§ Need
to
automate
evalua%on
and
find
partners
§ Experiment
with
different
formats
and
themes,
e.g.,
§ Could
compe%%on
be
used
to
familiarize
students
with
new
technologies
and
accelerate
adop%on?
§ What
are
realis%c
expecta%ons
with
respect
to
innova%on
versus
educa%on?
Gratefully
acknowledge
DHS
S&T
–
Doug
Maughan
and
Ed
Rhyne
–
for
their
funding
and
encouragement
and
Special
thanks
to
Jeremy
Epstein
and
Carl
Landwehr
for
their
technical
guidance
7
More
info…
DESSEC
Workshop
Report
produced
by
I3P
www.thei3p.org/docs/publicaIons/410.pdf
ACSAC
Poster
Session
next
week
Upcoming
CSIIRW
presenta%on
and
paper,
FIREAXE:
The
DHS
Secure
Design
CompeIIon
Pilot
Connect
with
Sandia’s
technical
leads:
Eugene
Vorobeychik,
yvorobe@sandia.gov
Will
Atkins,
wdatkin@sandia.gov
8
Pilo%ng
a
Secure
System
Design
Compe%%on
Ben
Cook
on
behalf
of
the
FIREAXE
Team
Adam
Anderson,
Mitch
Adair,
William
Atkins,
Alan
Berryhill,
Dominic
Chen,
Ben
Cook,
Jeremy
Erickson,
Michael
Z.
Lee,
Steve
Hurd,
Ron
Olsberg,
Lyndon
Pierson,
Owen
Redwood,
Yevgeniy
Vorobeychik
Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND NO. 2012-10175C
Origins
of
a
Secure
System
Design
Compe%%on
for
Students
§
April
2010
at
Carl
Landwehr’s
Designing
a
Secure
Systems
Engineering
Compe%%on
(DESSEC)
Workshop
§ DESSEC’s
Workforce
Development
track
iden%fied
needs
and
poten%al
compe%%on
“specifica%ons”
§ Considered
how
to
aYract,
mo%vate,
inform,
and
educate
students
in
cyber
security
§ Acknowledged
significant
gap
in
secure
design
educa%on
§ Highlighted
importance
of
adversarial
mindset,
understanding
of
“lore”,
ability
to
convert
aYack
knowledge
to
robust
defense,
and
confidence
to
take
on
real-‐world
system
engineering
problems
§ Produced
several
loosely
developed
compe%%on
ideas:
Cyber
Cup,
Cyber
Village,
Cyber
Scouts,
Weakest
Link
§ In
late
2010
Doug
Maughan
at
DHS
S&T
endorsed
CCD
pilot
2
The
Compe%%on
Se]ng:
Sandia’s
Center
for
Cyber
Defenders
(CCD)
§ CCD
is
a
highly
selec%ve,
applied
research
internship
ins%tute
at
Sandia’s
New
Mexico
and
California
sites
§ Hosted
30
undergraduate
and
graduate
students
in
summer
2012
from
about
20
universi%es
(selected
from
over
300
applicants)
§ Offers
collabora%ve,
threat-‐informed,
project-‐ based
internships
in
cyber
security
§ Contributes
enabling
solu%ons
to
real
na%onal
security
R&D
projects
in
cyber
security:
examples
include
control
system
modeling,
network
situa%onal
awareness,
protocol
analysis,
digital
forensics,
and
red
teaming
3
The
Compe%%on
Specifica%on:
A
Stylized
Electronic
Vo%ng
System
§ Designed
to
help
students
iden%fy
and
internalize
security
principles
§ Assumed
realis%c
but
limited
threat
model
§ Clearly
(or
so
we
thought)
spelled
out
specifica%on
including
requirements,
rules,
and
evalua%on
and
scoring
procedure
EVS consists of a server (election management system) and client (voting station) with sneakernet USB for data transfer
4
Compe%%on
Structure
and
Results
§ Compe%%on
structured
into
mul%ple
rounds
each
having
a
dis%nct
design
and
then
red
team
phase
§ “Design
and
red
team”
itera%ve
structure
was
chosen
to
cul%vate
and
integrate
adversarial
mindset
into
an
evolu%onary
design
process
§ Pilot
included
two,
three-‐person
student
teams
and
white
team
for
oversight
§ Constrained
red
teaming
to
predefined
aYack
scenarios
with
either
user-‐
or
root-‐level
access
§ Students
produced
two
substan%ally
different
designs
§ NM
team
focused
on
customizing
the
kernel
and
produced
very
small,
highly
restricted
OS,
while
CA
team
implemented
limited
user
shell
and
“red
pill”
§ Teams
choose
different
development
plaforms,
tools,
and
crypto
libraries
5
Observa%ons
§ Students
improved
their
understanding
of
and
ability
to
ar%culate
secure
design
principles
§ § § § § Reduce
aYack
surface
Use
exis%ng
tools
Enforce
policies
at
lowest
level
Defense
in
depth
Prevent
easy
access
§ Specifica%on
of
an
effec%ve
compe%%on
is
nontrivial:
despite
extensive
pre-‐work,
numerous
ambigui%es
surfaced
and
unan%cipated
issues
arose
§ Compe%%ons
are
great
mo%vator…
this
was
billed
as
research
project
but
students
were
quick
to
forget
6
What’s
Ahead?
§ Scale
and
sustain
compe%%on
§ Need
to
automate
evalua%on
and
find
partners
§ Experiment
with
different
formats
and
themes,
e.g.,
§ Could
compe%%on
be
used
to
familiarize
students
with
new
technologies
and
accelerate
adop%on?
§ What
are
realis%c
expecta%ons
with
respect
to
innova%on
versus
educa%on?
Gratefully
acknowledge
DHS
S&T
–
Doug
Maughan
and
Ed
Rhyne
–
for
their
funding
and
encouragement
and
Special
thanks
to
Jeremy
Epstein
and
Carl
Landwehr
for
their
technical
guidance
7
More
info…
DESSEC
Workshop
Report
produced
by
I3P
www.thei3p.org/docs/publicaIons/410.pdf
ACSAC
Poster
Session
next
week
Upcoming
CSIIRW
presenta%on
and
paper,
FIREAXE:
The
DHS
Secure
Design
CompeIIon
Pilot
Connect
with
Sandia’s
technical
leads:
Eugene
Vorobeychik,
yvorobe@sandia.gov
Will
Atkins,
wdatkin@sandia.gov
8