{"id":2656,"date":"2018-02-13T11:43:41","date_gmt":"2018-02-13T14:43:41","guid":{"rendered":"https:\/\/www.nachodelatorre.com.ar\/mosconi\/?p=2656"},"modified":"2018-02-13T11:43:41","modified_gmt":"2018-02-13T14:43:41","slug":"programa-de-configuracion-segura-para-hacer-que-los-sistemas-conectados-a-la-red-sean-menos-vulnerables","status":"publish","type":"post","link":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=2656","title":{"rendered":"Programa de Configuraci\u00f3n Segura para hacer que los sistemas conectados a la red sean menos vulnerables"},"content":{"rendered":"<p>DARPA enfoca la vista en la superficie expansiva de ataque de los dispositivos gen\u00e9ricos disponibles en el mercado.<!--more--><\/p>\n<p><img loading=\"lazy\" class=\" alignright\" src=\"https:\/\/www.darpa.mil\/DDM_Gallery\/consec-consiguration-security-619-316.jpg\" alt=\"Consec\" width=\"408\" height=\"208\" \/>The rise of network-connected systems that are becoming embedded seemingly everywhere\u2013from industrial control systems to aircraft avionics\u2013is opening up a host of rich technical capabilities in deployed systems. Even so, as the collective technology project underlying this massive deployment of connectivity unfolds, more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options. While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing.<\/p>\n<p>\u201cWith commodity devices, software and configuration settings now govern behaviors that were physically impossible in special-purpose hardware, creating security risks and increasing system vulnerability,\u201d said\u00a0<a href=\"https:\/\/www.darpa.mil\/staff\/mr-jacob-torrey\">Jacob Torrey<\/a>, program manager in DARPA\u2019s Information Innovation Office (I2O). \u201cCertain functionality built into COTS components may not be necessary for all users or applications, and unwanted functionality can be hard to detect and turned-off. For instance, an unneeded maintenance or diagnostic service left enabled could create an opportunity for an attacker to circumvent other security controls and use the system\u2019s as-deployed functionality to generate a malicious effect. This opaqueness is creating challenges for system operators who must rely on component configurations to reduce attack surfaces created by unnecessary functionality.\u201d<\/p>\n<p>To address the challenges created by the proliferation of COTS devices and help harden the security surface of network-connected composed systems, DARPA has launched a new program called Configuration Security (ConSec). The program, just announced today, aims to develop a system to automatically generate, deploy, and manage inherently more secure configurations of components and subsystems for use in military platforms.<\/p>\n<p>\u201cThrough ConSec we hope to gain a better understanding of the available functionality across COTS devices and what\u2019s needed for the task at hand and then use system configurations to create the functionality that\u2019s actually required while minimizing the excess that can be used as an attack surface,\u201d said Torrey. \u201cWhile our objective is to build this capability for military platforms, there is the potential for the program to have broader applications for commercial and industrial systems as well.\u201d<\/p>\n<p>Prospective performers are tasked with finding ways to automate the traditionally more manual process of system configuration. To tackle this feat, the program is divided into two technical areas. The first area focuses on reducing the amount of human-in-the-loop time required to understand what capabilities a system needs to deliver across different operating environments, the functionality required to achieve its mission in each operating environment, and the possible component configurations needed to create the desired functionality. \u201cConsider, for example, a naval vessel. Its functionality when at sea is likely different than what\u2019s required of it while at port, or in dry-dock undergoing maintenance,\u201d said Torrey. \u201cOur aim is to automate the process of identifying these different operating environments, the system\u2019s expected functionality in each scenario, and the components needed to make it all happen, which is currently a manual, labor intensive process.\u201d<\/p>\n<p>To accomplish this, DARPA is asking researchers to develop models and functional specifications of systems based on human-friendly information formats\u2013such as checklists, operating manuals, and other written human standard operating procedures (SOPs)\u2013as well as an analysis of the system\u2019s underlying components\u2019 hardware and firmware. Input from these analyses should help determine how settings in a component\u2019s configuration space might impact its functionality, how the behavior of human operators impacts system behavior, and what operational and mission contexts pertain for the full, composed system.<\/p>\n<p>The ConSec program\u2019s second technical area focuses on uncovering component configurations that will enable the composed system to achieve its mission under different, relevant operational contexts. Here proposers are asked to leverage the models and functional specifications that emerge from work in the first technical area to find ways of identifying secure configurations that eliminate unused and unnecessary functionality as a way to shrink the system\u2019s vulnerabilities to attack. \u201cEssentially we\u2019re asking potential performers to determine how to take all of the best pieces and functionality and combine them to fulfill the requirements of a high-level composed system while turning off all of the things we don\u2019t need,\u201d said Torrey.<\/p>\n<p><strong>Fuente:<\/strong>\u00a0<em><a href=\"https:\/\/www.darpa.mil\/news-events\/2018-01-09\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.darpa.mil<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>DARPA enfoca la vista en la superficie expansiva de ataque de los dispositivos gen\u00e9ricos disponibles en el mercado.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[23,29],"tags":[],"_links":{"self":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/2656"}],"collection":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2656"}],"version-history":[{"count":0,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/2656\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}