go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 Critical Infrastructure
Grants Program  
    Grants Program | Awards
 Program Essentials
 Point of Contact
 Federal Register Notice

 NIST Links  
 NIST Grants Office
 Computer Security Division

   Search CSRC

Welcome to the Computer Security


The information provided below includes the award recipient name, the project title, the amount of Federal funding and the number of years funded.

Telcordia Technologies, Morristown NJ., Advanced Security Profiles & Enforcement for Next Generation Networks, $997,000 (2 of 2 years) Contact:  Thea Hocker, phone: 973-829-4689, email: thocker@telcordia.com Krista Wald (973) 829-4757.
Technical contact: Dave Waring, phone: 973-829-4850, email dlw@research.telcordia.com

Telcordia Technologies will conduct research that will address security concerns due to the merging of data networks (i.e. the Internet) and voice networks (i.e. the public switched telephone network).  The program will consist of two research tracks. The first will focus on interactions among protocol layers.  It will examine emerging interconnection architectures and transport layer protocol stacks to identify inter-layer security dependencies and exposures, and then create security profiles to guard against these vulnerabilities. A second research track will explore a novel new approach to intrusion detection, based upon behavioral specifications and monitoring at the operating system level.

University of Maryland/NAI Labs, College Park, and Glenwood, MD, Secure Wireless LAN/Man Infrastructure Test Bed, $861,236 (2 of 4 years)
Contact:  Christopher McCarthy, Public Relations Coordinator, 301-314-2716
Technical Contact:  Bill Arbaugh, University of Maryland, College Park, phone: 301-405-2774, email: www.cs.umd.edu/~waa

The explosive growth in wireless networks over the last few years resembles the rapid growth of the Internet within the last decade. During the beginning of the commercialization of the Internet, organizations and individuals connected to the Internet without concern for the security of their system or networks. Over time, it became apparent that some form of security was required to prevent outsiders from exploiting the connected resources. To protect the internal resources, organizations usually purchased and installed an Internet firewall.

We believe that current wireless access points present a larger security problem than the early Internet connections for two reasons. First, a large number of organizations, based on vendor literature, believe that the security provided by their deployed wireless access points is sufficient to prevent unauthorized access which is unfortunately false. Second, several efforts are under way to combine currently disjoint wireless local area networks (WLAN) into wireless metropolitan networks (WMAN)- essentially creating a new wireless based infrastructure. The fact that such an infrastructure will be critical is without question.

There are several goals of the UMCP Secure Wireless LAN/MAN Infrastructure test bed. First, the test bed will test the secure inter-operation between a multitude of different wireless equipment- both commercial and developmental. Second, the test bed will support research designed to address the integration issues that surround the new draft security architecture for IEEE 802.11 (Enhanced Security Network (ESN)), as well as the security and management issues surrounding scalability, naming, and fraud control in wireless metropolitan networks. Finally, the test bed will serve as a wireless security training apparatus for students, faculty, and other collaborators.

University of California, San Diego, CA, Real-Time Intrusion Detection, $612,826 (2 of 3 years)
Contact:  George Varghese, Professor, Computer Science and Engineering, 858-549-3816

The Sensilla proposal addresses prominent deficiencies of current
intrusion detection systems using an approach called *network attack
detection*. We seek to detect attacks before they turn into actual
intrusions by detecting port scans and other pre-attack exploits. A
particular novel feature of our research is that we aim to detect
abstract multi-packet attack signatures} (rather than specific, single
packet patterns exemplified by current signature based systems). We
do so using light-weight mechanisms with provably low false positive
rates that can be implemented in high speed. The project seeks to
invent a new high level attack detection language for managers to
input patterns they wish to monitor, to implement these mechanisms,
and to test our algorithms on real networks.

University of Tulsa, OK, Vulnerability Analysis Tools and Attack management systems for Converged Networks, $691,362 (3 of 3 years)
Contact:  Sujeet Shenoi (PI)
Center for Information Security
Department of Computer Science
University of Tulsa, Tulsa, OK 74104

Society has never been more reliant on telecommunications, yet the public telephone network (PTN) backbone is more vulnerable than ever. PTN vulnerabilities are growing due to system complexity, deregulation, increasing numbers of motivated, highly skilled attackers, and the automation and coordination of attacks. Meanwhile, the convergence of the PTN with ever-expanding IP and wireless networks is introducing new entry points for attack.

The primary research objectives are: (i) develop a suite of tools for dynamically mapping converged networks and analyzing vulnerabilities, and (ii) construct sophisticated attack management systems for converged networks that integrate vulnerability analysis with real-time attack detection, modeling and visualization.
The suite of tools to be constructed includes scanners for mapping and acquiring detailed information about IP networks and gateways, convergence technologies, and SS7 networks and SS7-based wireless gateways. The information, including operating system profiles and data, IP service fingerprints, and point codes and connection data for SS7 networks, will be integrated with an attack model database to support sophisticated querying and analysis of network vulnerabilities.

The attack management systems will help visualize and direct responses to PTN attacks. Distributed attack notification services linked to intrusion detection systems and an attack model database will provide detailed information about PTN attacks. Incident data will be correlated with network topology and vulnerabilities to facilitate attack tree construction for attack analysis and risk mitigation. The attack management systems will enable network security administrators to make rapid, intelligent decisions in the face of coordinated attacks.

Schweitzer Engineering Inc., Washington State University, Pullman, WA, and University of Idaho, Moscow, ID, Industrial Applications of Information Security to Protect the Electric Power Infrastructure, $774,736 (1.6 of 2 years)
Technical point of contact: Jeff Roberts, Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA 99163-5603, Phone 509-332-1890
Press point of contact: Susan Fagan, Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA 99163-5603, Phone 509-338-4397 Contact:  Susan Fagan, phone: 509-338-4397, email: susan_fagan@selinc.com

The North American electric power grid fuels our digital society and supports virtually all non-military critical infrastructure within the United States. However, increasing reliance on computer technology for improved ommunication and automation of electric power stations has created vulnerabilities within the power grid that are similar to those seen in traditional computer networks. Particularly vulnerable are (1)control center and subtstation communications, and (2)computer controlled protection equipment like circuit breakers and circuit reclosers. Cyber attacks and electronic sabotage targeted against these vulnerabilities have the capability of inducing power sysem fluctuations that can lead to cascading blackouts over very large geographic areas. Loss of life, property, production, and service may result from those outages.

Schweitzer Engineering Laboratories, Inc. (SEL) will conduct applied research in the use of Information Security (InfoSec) principles within the control and protection systems governing the North American power grid. SEL will be joined by two subcontractors, Washington State University (WSU) and the University of Idaho (UI), in a collaborative research effort that will apply InfoSec and Internet Protocol Security principles, conduct in situ security and survivability assessments, develop a prototypical secure information infrastructure, and develop greater awareness about InfoSec within the electric power industry."

University of Pittsburgh, PA, A Survivable and Secure Wireless Information Architecture, $432,199 (2 of 2 years)
Contact:  Prashant Krishnamurthy, Assistant Professor, Department of Information Science and Telecommunications University of Pittsburgh, 135, N. Bellefield Avenue Pittsburgh PA 15260 Phone: 412-624-5144, Fax 412-624-2788, e-mail prashant@tele.pitt.edu

The increasing reliance on wireless networks makes it extremely important to maintain reliable and secure communications in the wake of failures or security breaches. Wireless access networks have several aspects that make survivability and security particularly challenging. For example, the broadcast nature of wireless communication links makes them unique in their vulnerability to security attacks and their susceptibility to intentional threats. Additionally, in wireless networks, mobile devices continuously change locations and the resulting mobility impacts the degree of survivability, security and communications reliability as users of the network dynamically enter and leave the network. Such unique features of wireless access networks result in limited applicability of standard survivability and security techniques developed for wired networks. Wireless access networks have been usually homogeneous with limited or no interoperability between various technologies. However, no single wireless technology is capable of supporting all the various application requirements such as coverage, bit rates, error rates, mobility, etc. and the evolutionary trend is towards a mixture of various technologies and networks that must co-exist and interoperate to provide the required services. As an example a wireless LAN (WLAN) may be employed for local coverage, low mobility and high data rates while an overlaying cellular network is used for wide area coverage, high mobility, but low data rates. Protocols required to manage seamless mobility and interaction between hybrid networks will be more susceptible to failures and security attacks if they are not designed properly. The project has three main thrusts - survivable network and protocol design, development and evaluation of a security architecture for wireless access networks, and the interaction between survivability and security. In the first part, techniques for analyzing the survivability of hybrid wireless access networks will be developed and we will examine the effects of wireless access network failures on the wired backbone and signaling networks and how to minimize the impact. In the second part, we will address the design of a security architecture for wireless access networks and we will develop algorithms and security protocols for preventing, overcoming (quick detection) and ameliorating (providing alternative secure communications) these effects. Finally we address the issue of the interaction between survivability and security. Component failures will result in security breaches and impact network performance simultaneously. A survivability strategy for restoring the performance could very likely be inconsistent with the security requirements or vice versa. We will examine the interaction between survivability and security and create design strategies consistent with both sets of requirements.

Rether Networks, Inc., Centereach, NY, Compiler-Assisted Intrusion Detection/Prevention and Automated Damage Repair, $448,146 (1 of 2 year)
Contact:  Tzi-cker Chiueh, Chief Executive Officer, phone:  631-467-4381

This is an intrusion prevention proposal, aimed at generating secure software and at monitoring any changes to that software. Certain Trojan horse or intrusion techniques may be detected and even repaired, hence the self-healing aspect of the proposal. However, the main thrust of the research is to design software that avoids those problems in the first place. Their effort would exploit the segmentation hardware feature to perform highly efficient array bound checking. It builds a return address intact check into each procedure call (and return) in the application, and it supports an innovative compiler-driven system-call and flow checker that guarantees that only those system calls present in the protected application’s source code are allowed to be invoked at run time. The combination of design and run-time features offers potent security possibilities.

Decision Science Associates, Vienna, VA, and Lockheed Martin, Gaithersburg, MD. Metrics and Tools for Evaluating Intrusion Detectors, $99,999 (1 of 1 year)
Contact:  Jacob W. Ulvila, Principal Investigator, 703-319-0580

Decision Science Associates, Inc. (DSA) and Lockheed Martin (LM) will develop metrics and a proof-of-concept software tool for evaluating intrusion detection systems using decision analysis methods.

We will develop a method for evaluating intrusion detection systems. In the course of this development, we will develop appropriate metrics for that evaluation. We will implement the method in a proof-of-concept software tool. Through these activities, we will advance information assurance as an engineering discipline. Although we will not develop an intrusion detection system, our method, metrics, and tool will be useful for evaluating and designing such systems.

The continued ability of hackers to cause problems in commercial computer systems has caused a heightened interest in detecting intrusions as a part of a comprehensive protection plan. Not only have intrusions become more numerous, but they have become more serious as well. While recent attention has focused on developing better intrusion detection systems, the current state-of-the-art in evaluating such systems remains primitive.

The proposed development offers substantial improvements over currently available methods. Our approach is based on the decision analysis method. The method comprehensively accounts for the costs of mistakes (failure to respond to intrusions and failure to ignore non-intrusions) when the detector is operating at its optimal performance point (in terms of detection and false alarm probabilities) for the operating environment (as characterized by the probability of intrusion). The method also shows how to specify this optimum point for different costs and operating environments. Our tool will be the first to offer a decision analysis method for evaluating intrusion detection systems in an easy-to-use tool for system designers and assessors.

Our proposed research and development will be conducted over a one-year period and will consist of four tasks. In Task 1, we will develop the specifications needed to adapt the decision analysis method for evaluating intrusion detection systems as required to produce a software tool. In Task 2, we will develop extensions to the basic method to address: costs of other than mistakes; additional categories of cost; multiple possible reports, responses, or intrusions; attitude toward risk; multiple attributes of value or cost; or multiple detectors. In Task 3, we will develop a proof-of-concept prototype. In Task 4, we will illustrate the method and tool with an example.

CygnaCom Solutions, Inc., McLean, VA, Engineered Composition for Infrastructure Design, $84,054 (1 of 1 year)
Contact:  J. David Thompson, Manager, CygnaCom Security Evaluation Lab, phone: 703-270-3566

CygnaCom Solutions has developed a concept called Engineered Composition (EC), which is a method of specifying an infrastructure security criteria in such a way that it can be decomposed into components, the components can be individually tested, and when properly assembled will implement a system which meets the original infrastructure security criteria. EC uses a top-down approach to composability instead of the more traditional and problematic bottom up approach. Its development was motivated by difficulties encountered while addressing difficulties in the specification of security criteria for large and complex systems designed to be built in pieces by multiple competing vendors. It has been vetted successfully in the security community. The next step to making it a practical tool for large system security design and integration is to provide implementation mechanisms. We have chosen the Common Criteria as the ideal vehicle and propose to determine what changes need to be made to the CC and its interpretations and tools to support EC. Many of the CC mechanisms are in place, but some are obscure and others are incomplete. Some mechanisms are missing. We will test the proposed changes to the CC using a PKI Directory infrastructure Protection Profile we have been developing for NSA.

Total $5,001,558

Last updated: March 27, 2014
Page created: February 23, 2001

Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to grants-security@nist.gov
NIST is an Agency of the Department of Commerce