C2 and SOA Issues

From AFCEAWiki

Jump to: navigation, search

Contents

[edit] C2 and SOA Issues

JOIN THE ONGOING SOLUTIONS DIALOGUE ON THE GOOGLE GROUP SITE

[edit] Abstract

Establishing Presence within the Service-Oriented Environment; Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs; The Case for an Adaptive Integration Framework for Data Aggregation/Dissemination in Service-Oriented Architectures

[edit] Session Chair

  • MG (Ret) Conrad Ponder, Booz Allen Hamilton

[edit] Authors

  • Eric Konieczny, Ryan Ashcraft, David Cunningham and Sandeep Maripuri, Booz Allen Hamilton
  • Steven Noel and Sushil Jajodia, George Mason Univ Center for Secure Information Systems
  • Dr. Dennis Moen and Lynn Meredith, Lockheed-Martin

Three presentations are 1. A service pressence 2. Security and being predictive 3. Dynamic Resource Management


=====Presentations

Eric Konieczny "Establishing Presence within the Service-Oriented Environment" http://c4i.gmu.edu/events/reviews/2009/slides/Konieczny-slides.pdf Addresses Defines Service Oriented Architecture SOA "Publish Find Bind Model" Need to rethink the way we do dynamic search and discovery Need further research in bandwidth restrained environments. But what of a intermitent network. A: there is a use case that is looking at UAV intermitent connectivity and using redundant services.

Seeking new ideas to work in the challenging environments.

Presented by Sushil Jajodia "Combinatorial Analysis Utilizing Logical Dependencies Residing On Networks (CAULDRON)" http://c4i.gmu.edu/events/reviews/2009/slides/Noel-slides.pdf.

This presentation addresses a real capability that provides automated method of assessing vulnerability of the network through Attack graphs and assessments. Potential to reduce demand on red teams. Interesting brief and already being used in several government orgs.

Q: Seems the quality of the tool is subject the quality of the sources. Which sources are you monitoring? A: Go to the sources and there are a number

Q: what about a new open source application... ? A: we are relying on the tool that is available for the scanner .. this is a good question and we need to do better

Q: mentioned using lots of scanner tools A: most are XML based , we can take firewall rules as well, provide the ability for users to add own rules, or even to add own exploits


Lynn Merideth " The Case for an Adaptive Integrated Network" http://c4i.gmu.edu/events/reviews/2009/slides/Meredith-slides.pdf

Motivation is the tactical battlespace dis distributed, limited bandwidth andthe user is overwhelmed with data.

Q: Overlay- did you build that yourself? A: Yes we did.

Demonstrated in Trident Warrior 2008.

Retrieved from "http://www.afcea.org/wiki/index.php?title=C2_and_SOA_Issues"
Personal tools