Cyber Security and Information Assurance 

Southwest Research Institute® (SwRI®) is working to improve the security of the global information infrastructure. Through active research in information assurance and memberships in national cyber security working groups, SwRI is extending the state of the art in:

• Internet-scale cyber security and traceback
• Network attack and defense modeling and simulation
• Application security and secure middleware
• High-speed security sensors and monitoring hardware
• Embedded systems security and intellectual property protection

High-Speed IP Traceback Research

SwRI has developed a novel, cost-effective approach for Internet Protocol (IP) Traceback that locates the source of Internet attacks at data rates greater than 1Gbps. IP Traceback leverages the autonomous system (AS) architecture of the Internet to combat denial-of-service attacks and improve attribution of malicious activity.

Intelligent Agents for Network Defense

New network threats and attacks require revolutionary new protection concepts. SwRI is conducting research into semi-autonomous network agents that perform network health and status checking, security monitoring and management, integrated information protection, and reporting functions for information assurance. This new approach promises to improve the flexibility and response speed of network protection architectures.

 Advanced Botnet Detection

To combat the increasing use of networks of compromised computers for large-scale denial of service attacks, SwRI has pioneered new techniques for detecting the command and control communications for these botnets, and is developing designs for automated botnet sensors for enterprise network protection.

IP Traceback architecture is being developed at SwRI for determining the source of an Internet attack.

Application Security Analysis

Applications are often the target of malicious attacks that compromise the confidentiality, integrity and availability of information and systems. To address this challenge, SwRI enforces a configurable high-level security policy by automatically enhancing software applications through a complementary combination of static and dynamic data flow analysis. This approach enables precise, relevant and scalable tracking of information flow in applications at a level previously impossible.

Insider Threats

Insider attacks exhibit different characteristics than external threats and generally go unnoticed by standard intrusion detection systems. SwRI is cooperating with government, industry and university researchers to investigate early indication and warning methods for insider threats involving the following methods:

• Building threat models of malicious insider behavior
• Integrating data from multiple network and application-level sensors
• Determining the most appropriate sensors
• Constructing appropriate sensors without compromising user privacy or system performance

Custom Communication Monitoring Devices

Security solutions in some environments require custom monitoring beyond the capabilities of network firewalls and intrusion detection systems (IDS). SwRI designs custom portable analog and digital telecommunications monitoring tools with remote network control, with expertise in the following disciplines:

• Multiple signal types
• Encoding
• Communication protocols
• Encryption methods

SwRI researchers design custom-built hardware for monitoring telecommunications transmissions.

SCADA Network Security

Control systems in industrial facilities are now being connected to Internet-accessible IP networks. SwRI is involved in assessing and improving the security of these SCADA (supervisory control and data acquisition) systems to protect against cyber attacks on:

• Chemical refineries
• Water treatment plants
• Electrical transmission systems
• Telecommunications
• Natural gas distribution

For additional information about Cyber Security and Information Assurance, please visit www.cybersecurity.swri.org.

This flyer was published in November 2007. For more information about Cyber Security and Information Assurance, contact Dr. Sandra Dykes, Principal Scientist, Phone (210) 522-3329, or
Dr. Gary Ragsdale, Staff Engineer, Phone (210) 522-3743, Automation and Data Systems Division, Southwest Research Institute, P.O. Drawer 28510, San Antonio, Texas 78228-0510.

Automation and Data Systems Brochures
SwRI Brochures SwRI Publications
SwRI Technical Divisions SwRI Home