SOUTHWEST RESEARCH INSTITUTE

Cyber Security and Information Assurance

Search SwRI

The security of the global information infrastructure is a concern of Southwest Research Institute (SwRI) and SwRI engineers are continually working to improve it. Through active research in information assurance and memberships in national working groups in cyber security, SwRI is extending the state of the art in:

Internet-scale cyber security and traceback
Network attack and defense modeling and simulation
Application security and secure middleware
High-speed security sensors and monitoring hardware
Embedded systems security and intellectual property protection

High-Speed IP Traceback Research

image of IP Traceback architecture that is being developed at SwRI for determining the source of an Internet attack

IP Traceback architecture is being developed at SwRI for determining the source of an Internet attack.

SwRI has developed a novel, cost-effective approach for Internet Protocol (IP) Traceback that locates the source of Internet attacks at data rates greater than 1Gbps. IP Traceback leverages the autonomous system (AS) architecture of the Internet to combat denial-of-service attacks and improve attribution of malicious activity.


	New network threats and attacks require revolutionary new protection concepts.

Intelligent Agents for Network Defense

New network threats and attacks require revolutionary new protection concepts. SwRI is conducting research into semi-autonomous network agents that perform network health and status checking, security monitoring and management, integrated information protection, and reporting functions for information assurance. This new approach promises to improve the flexibility and response speed of network protection architectures.

Network Security Modeling and Simulation


	The NetVADAR™ modeling and simulation tool allows network administrators to view normal and malicious network activities. Click image to enlarge.

Understanding the security relationships and interactions of computers and networked systems through the use of modeling and simulation is essential. The SwRI Network Visualization, Attack, Defense, and Analysis Resource (NetVADAR™), is a prototype simulation system that visualizes a networking environment operating under normal, attacked, or defensive conditions.

NetVADAR™ functionalities and interfaces were developed based on interviews with experts in network security operations. NetVADAR™ is designed as a basic framework upon which extensions can be constructed as new network and attack technologies emerge. The software consists of several main elements:

Simulation engine
Network entities
Simulation scenarios
Graphical user interfaces

Advanced Botnet Detection

To combat the increasing use of networks of compromised computers for large-scale denial of service attacks, SwRI has pioneered new techniques for detecting the command and control communications for these botnets, and is developing designs for automated botnet sensors for enterprise network protection.

Application Security Analysis

Applications are often the target of malicious attacks that compromise the confidentiality, integrity, and availability of information and systems. To address this challenge, SwRI enforces a configurable high-level security policy by automatically enhancing software applications through a complementary combination of static and dynamic data flow analysis. This approach enables precise, relevant, and scalable tracking of information flow in applications at a level previously impossible.

Insider Threats

Insider attacks exhibit different characteristics than external threats and generally go unnoticed by standard intrusion detection systems. SwRI is cooperating with government, industry, and university researchers to investigate early indication and warning methods for insider threats involving the following methods:

Building threat models of malicious insider behavior
Integrating data from multiple network and application-level sensors
Determining the most appropriate sensors
Constructing appropriate sensors without compromising user privacy or system performance

Independent Technology Analysis and Policy Recommendations


	SwRI provides clients with independent analysis and recommendations of computer and networking technologies, as demonstrated by these reports prepared for the U.S. National Communications System.

National, state, and local government agencies as well as private industry rely on independent assessments and recommendations to formulate security and technology policy. SwRI has prepared a number of Technology Information Bulletins (TIBs) for the National Communications System (NCS), an office that assists the President and the Executive Office of the President in executing their national security/emergency preparedness communications functions. These reports analyze current and future technology trends and their impact on national security policy and strategies. For example, in TIB00-8, SwRI reports on the national security and emergency preparedness ramifications of the impending convergence of the voice and data networks.

SCADA Network Security


SCADA systems are used to control operations in facilities such as chemical refineries, water treatment plants, and electrical transmission systems. Once isolated systems, SCADA networks are now being connected to IP networks. SwRI is involved in assessing and improving the security of SCADA systems to protect against cyber attacks on the national infrastructure.

Control systems in industrial facilities are now being connected to Internet-accessible IP networks. SwRI is involved in assessing and improving the security of these SCADA (supervisory control and data acquisition) systems to protect against cyber attacks on:

Chemical refineries
Water treatment plants
Electrical transmission systems
Telecommunications
Natural gas distribution

Embedded Systems Security

Embedded systems face special security challenges, due to the limited processing power, storage, and communications capabilities many embedded systems must contend with. In addition, embedded systems can be susceptible to physical alteration. SwRI is working with government and commercial clients to develop security solutions for communications and processing functions in embedded systems for mechanical and aerospace applications.


	SwRI researchers design custom-built hardware for monitoring telecommunications transmissions.

Custom Communication Monitoring Devices

Security solutions in some environments require custom monitoring beyond the capabilities of network firewalls and intrusion detection systems (IDS). SwRI designs custom portable analog and digital telecommunications monitoring tools with remote network control, with expertise in the following disciplines:

Multiple signal types
Encoding
Communication protocols
Encryption methods

For more information about cyber security and information assurance capabilities at SwRI or how you can contract with SwRI, please contact Corey King at cking@swri.org or (210) 522-3011.

Contact Information

Corey King

Cyber Security and Information Assurance

(210) 522-3011

cking@swri.org

Related Terminology

attack attribution

communication monitoring

cyber security

denial of service

information assurance

insider threat

internet security

ip traceback

network infrastructure security

network modeling and simulation

network monitoring

security policy

vulnerability assessment

Related Information

Cyber Security and Information Assurance flyer

| Communications and Embedded Systems Department | Automation and Data Systems Division | SwRI Home |

Southwest Research Institute® (SwRI®), headquartered in San Antonio, Texas, is a multidisciplinary, independent, nonprofit, applied engineering and physical sciences research and development organization with 11 technical divisions.

June 18, 2009