Network-centric warfare demands robust systems that can respond automatically and dynamically to both accidental and deliberate faults. Adaptation of fault-tolerant computing techniques has made computing and information systems intrusion-tolerant and much more survivable during cyber attacks, but even with these advancements, a system will inevitably exhaust all resources in the face of a sustained attack by a determined cyber adversary. Computing systems and information systems also have a tendency to become more fragile and susceptible to accidental faults and errors over time if manually applied maintenance or refresh routines are not administered regularly. The Self-Regenerative Systems (SRS) program seeks to address these deficiencies by creating a new generation of security and survivability technologies. These "fourth-generation" technologies will bring attributes of human cognition to bear on the problem of reconstituting systems that suffer the accumulated effects of imperfect software, human error, and accidental hardware faults, or the effects of a successful cyber attack. The overarching goals of the SRS program are to implement systems that always provide critical functionality and show a positive trend in reliability, actually exceeding initial operating capability and approaching a theoretical optimal performance level over long time intervals. Desired capabilities include self-optimization, self-diagnosis, and self-healing; it will be important for systems to support self-awareness and reflection in order to achieve these capabilities.

The approach of this program to constructing self-regenerative systems that meet the above needs is to create fourth generation survivability and security mechanisms to complement received first-generation security mechanisms (trusted computing bases, encryption, authentication and access control), second-generation security mechanisms (boundary controllers, intrusion detection systems, public key infrastructure, biometrics) and third-generation security and survivability mechanisms (real-time execution monitors, error detection and damage prevention, error compensation and repair). Among other things, new fourth generation technologies will draw on biological metaphors such as natural diversity and immune systems to achieve robustness and adaptability, the structure of organisms and ecosystems to achieve scalability, and human cognitive attributes (reasoning, learning and introspection) to achieve the capacity to predict, diagnose, heal and improve the ability to provide service.

The vulnerabilities of computing and information systems addressed by this program include mobile/malicious code, denial-of-service attacks, and misuse and malicious insider threats, as well as accidental faults introduced by human error and the problems associated with software aging. The program will build on the advances made in earlier programs addressing the DoD's operational needs for information systems, such as the ability to operate through attacks, maintenance of critical functionality, graceful degradation of non-critical functions in the face of intrusions and attacks when full functionality cannot be maintained, and the ability to dynamically trade off security, performance and functionality as a function of threat.

Fault-tolerant systems deal with accidental faults and errors while intrusion-tolerant systems cope with malicious, intentional faults caused by an intelligent adversary. Combining fault- and intrusion-tolerance technologies produces very robust and survivable systems, but these techniques depend upon resources that may eventually be depleted beyond the point required to maintain critical system functionality. The fourth generation technologies we seek will reconstitute and reconfigure these resources in such a manner that the systems are better protected in the process, reliability is continually improved as vulnerabilities and software bugs are discovered and fixed autonomously, and the ability to provide critical services is never lost.

Assessment and validation of self-regenerative approaches will be carried out to determine their efficacy. The challenge here is that security and survivability requirements have heretofore defied quantification and analytical approaches. Progress made in creating a practical framework for validating intrusion-tolerance techniques will be built upon and extended to validate SRS technologies.

The first phase of this effort is planned to be 18 months long. This is a solicitation for Phase I only. If results are promising, a Phase II follow-on program is a possibility.

Phase I program goals are to create the core technologies needed

1. to design and develop systems that provide 100% critical functionality at all times in spite of attacks;
2. for a system to learn its own vulnerabilities over time,
3. to ameliorate those vulnerabilities,
4. to regenerate service after attack, and
5. ultimately, to improve its survivability over time.

The ultimate goal at the end of a Phase II program would be to achieve sufficient system robustness and regenerative capacity to provide 100 per cent availability of critical functionality and system integrity in the face of sustained malicious attacks and accidental faults.

There will be four major research thrusts in the Phase I technology development of the program. These areas, along with their success criteria, are as follows:

1. Biologically-inspired diversity. This research thrust area will create a genetically diverse computing fabric in which diversity limits the impact of any given vulnerability. Coarse-grained diversity (e.g., using several different operating systems or server software packages in an architecture) has been used to achieve intrusion tolerance, but that approach was limited by the relatively small number of manually-created interchangeable operating systems, server packages, and similar software components. The technical approach of the SRS program is to achieve fine-grained diversity at the module level to remove common vulnerabilities and to automatically generate numerous diverse software versions. The success criterion for this thrust is the automatic production of 100 functionally-equivalent versions of a software component with no more than 33 having the same deficiency.
2. "Cognitive immunity" and self-healing. This research thrust area will show automated cyber immune response and system regeneration. The technical approach will include biologically-inspired response strategies, machine learning, and cognitively-inspired proactive automatic contingency planning. The success criterion for this thrust is the accurate diagnosis of at least 10% of the root causes of system problems and automatic effective corrective action for at least half of those diagnoses.
3. Granular, scalable redundancy. This research thrust area will increase the practicality of redundancy techniques by dramatically reducing the time required to achieve consistency among replicas after an update. This thrust area will attack the consistency problem in two distinct sub-areas-a centralized server setting, and a distributed publish/subscribe setting. Performers who propose to the scalable redundancy thrust area may address either or both sub-areas. Success criteria here include the following: in the centralized server setting, attain a three-fold reduction in latency for achieving consistency of replicated data while tolerating up to five Byzantine failures; in the distributed publish/subscribe setting, attain a fifteen-fold reduction in latency for achieving consistent values of data shared among one hundred to ten thousand participants while using robust epidemic algorithms, where all participants can send and receive events.
4. Reasoning about the insider threat to preempt insider attacks and detect system overrun. The technical approach will include inferring user goals, enabling anomaly detection, and combining and correlating information from system layers, direct user challenges, etc. The success criterion for this thrust is the thwarting or delaying of at least 10% of insider attacks.

These research areas will explore techniques that span the spectrum from autonomic/reflexive response through and including introspection and learning. Proposals should address only one research thrust area. A proposer may submit multiple proposals. The success criteria for the four thrust areas constitute the program's gating evaluation criteria for the possibility of a Phase II follow-on program. They are minimum requirements to gain confidence that self-regenerative systems are feasible. A Phase II program would seek much higher levels of performance. Phase I offerors are strongly encouraged to aim for performance that exceeds these criteria where possible.

It is envisioned that a Phase II program would integrate the more promising techniques into an exemplar system prototype to demonstrate the advantages of implementing these technologies in high value critical applications. The system demonstrated would exhibit the fourth generation capabilities of self-optimization, self-awareness, self-diagnosis, self-healing and reflection.

Source