Cybersecurity through Nimble Task Allocation: Workflow Reasoning for Mission-Centered Network Models

ABSTRACT

Traditional cybersecurity has focused on techniques to analyze and eliminate vulnerabilities in a network, often in response to actual security breaches of previously unknown weaknesses. Recognizing that in practice network operations can never be fully secure, a major focus of recent research is on intrusions that are assumed to be ongoing in the network by one or more malicious parties. In this new view on cybersecurity, a key desired capability is to be able to accomplish a mission even while the network is compromised and subject to deception. However, traditional network models lack a representation of the mission and of how network resources are utilized to accomplish various aspects of the mission. In this project, we will investigate a new approach to develop a general framework for representing models of mission goals and tasks, and to exploit those models to make a mission more robust to deception operations co-occurring in the network. These mission-centered network models (MCNMs) will build on and extend current two-layered (logical/physical) network models by integrating a new layer of task-level representations of the mission into those models. In this new task-oriented layer, a mission can be characterized as a set of goals, each accomplished by a set of interdependent tasks that place requirements on the network resources. The system can then dynamically control the mappings of those tasks onto network resources using a variety of algorithms that take into account which resources are currently compromised. As a result, a mission can be protected from ongoing intrusion and deception activities by dynamically reallocating resources as they become compromised and by examining provenance records of task outcomes to determine their reliance on compromised resources. MCNMs can be used to determine which resources are critical for any given mission, to prioritize the use of uncompromised resources, to accomplish and estimate the trust on mission tasks when resources are compromised, and to determine the practical impact on the mission of deception activities. MCNMs will enable a new approach to cybersecurity in network-based operations.