Brett Benyo

Representation and reasoning for DAML-based policy and domain services in KAoS and nomads

To increase the assurance with which agents can be deployed in operational settings, we have been developing the KAoS policy and domain services. In conjunction with Nomads strong mobility and safe execution features, KAoS services and tools allow for the specification, management, conflict resolution, and enforcement of DAML-based policies within the specific contexts established by complex organizational structures. In this paper, we will discuss results, issues, and lessons learned in the development of these representations, tools, and services and their use in military and space application.

DAML-based policy enforcement for semantic data transformation and filtering in multi-agent systems

This paper describes an approach to runtime policy-based control over information exchange that allows a far more fine-grained control of these dynamically discovered agent interactions. The DARPA Agent Markup Language (DAML) is used to represent policies that may either filter messages based on their semantic content or transform the messages to make them suitable to be released. Policy definition, management, and enforcement are realized as part of the KAoS architecture. The solutions presented have been tested in the Coalition Agents Experiment (CoAX) - an experiment involving coalition military operations.

Toward DAML-based policy enforcement for semantic data transformation and filtering in multi-agent systems

This paper describes an approach to runtime policy-based control over information exchange that allows a far more fine-grained control of these dynamically discovered agent interactions. The DARPA Agent Markup Language (DAML) is used to represent policies that may either filter messages based on their semantic content or transform the messages to make them suitable to be released. Policy definition, management, and enforcement are realized as part of the KAoS architecture. The solutions presented have been tested in the Coalition Agents Experiment (CoAX)—an experiment involving coalition military operations.

On the Evaluation of Space–Time Functions

The Proto spatial programming language abstracts the distributed execution of programs as evaluation of space-time functions over dynamically defined subspaces on a manifold. Previously, however, function evaluation has always been defined in terms of a complete in lining of expressions during compilation. This simplified the definition of programs, at the cost of limiting expressiveness and duplicating code in compiled binaries. In this paper, we address these shortcomings, producing a model of in-place function evaluation and analysis of its implications for Proto. We have extended the MIT Proto compiler and Proto Kernel virtual machine to implement this model, and empirically verified the reduction of compiled binary size.

A3: An Environment for Self-Adaptive Diagnosis and Immunization of Novel Attacks

This paper describes an ongoing research effort aiming to use adaptation to defend individual applications against novel attacks. Application focused adaptive security spans adaptive use of security mechanisms in both the host and the network. The work presented in this paper is developing key infrastructure capabilities and supporting services including mandatory mediation of application I/O, record and replay of channel interaction, and VMI-based monitoring and analysis of execution that will facilitate replay-based diagnosis and patch derivation for attacks that succeed and go unnoticed until a known undesired condition manifests. After describing the basics, we present the results from our initial evaluation and outline the next steps.

Moving target defense (MTD) in an adaptive execution environment

This paper describes how adaptation support facilitated by an execution environment can be used to implement moving target defenses (MTD). Reactive and proactive use of adaptation, although beneficial for cyber defense, comes with additional cost, and therefore needs to be employed selectively. We also describe the pros and cons of using reactive and proactive adaptation for MTD for a representative sample of adaptations supported by an execution environment that we are developing.

Isolation of Malicious External Inputs in a Security Focused Adaptive Execution Environment

Reliable isolation of malicious application inputs is necessary for preventing the future success of an observed novel attack after the initial incident. In this paper we describe, measure and analyze, Input-Reduction, a technique that can quickly isolate malicious external inputs that embody unforeseen and potentially novel attacks, from other benign application inputs. The Input-Reduction technique is integrated into an advanced, security-focused, and adaptive execution environment that automates diagnosis and repair. In experiments we show that Input-Reduction is highly accurate and efficient in isolating attack inputs and determining casual relations between inputs. We also measure and show that the cost incurred by key services that support reliable reproduction and fast attack isolation is reasonable in the adaptive execution environment.

Automated Self-Adaptation for Cyber-Defense -- Pushing Adaptive Perimeter Protection Inward

This paper presents a recently achieved incremental milestone on the long path toward more intelligently adaptive, automated and self-managed computer systems. We demonstrate the feasibility of integrated cyber-defense connecting anomaly detection and isolation mechanisms operating at different system layers with two complementary mediation policy adaptation techniques in service of automatic remediation against observed attacks and their future variants. We describe a number of experiments evaluating the relevance and effectiveness of the integrated cyber-defense operation.

Empirical Evaluation of the A3 Environment: Evaluating Defenses Against Zero-Day Attacks

A3 is an execution management environment that aims to make network-facing applications and services resilient against zero-day attacks. A3 recently underwent two adversarial evaluations of its defensive capabilities. In one, A3 defended an App Store used in a Capture the Flag (CTF) tournament, and in the other, a tactically relevant network service in a red team exercise. This paper describes the A3 defensive technologies evaluated, the evaluation results, and the broader lessons learned about evaluations for technologies that seek to protect critical systems from zero-day attacks.

Transparent Insertion of Custom Logic in HTTP(S) Streams Using PbProxy

Cost and testing considerations limit the acceptance and deployment of technologies that make information exchanges more secure, reliable, semantically understandable, and self-improving. PbProxy is a flexible proxy that enables transparent insertion of custom logic into HTTP and HTTPS interactions. It has successfully been used to facilitate behavior-based prevention of phishing attacks, machine learning of Web service procedures, and Web browsing over disruption-tolerant networks by injecting custom logic into existing applications and communication streams. PbProxy encapsulates common functionality into a proxy base and supports customizable plugins to foster code reuse.