The Cyber Defense Agency (CDA) has developed a preliminary design for the Automated Testing with Adversarial Knowledge (ATAK) framework. Using the vision of creating an ATAK framework and tools, the CDA proposes to create a virtual 'Red Team' to make CDAs expert knowledge and experience with Red Teaming and approach to applying the adversary perspective, available to a large number of clients and customers. The objective of this Phase 1 SBIR program is to investigate the feasibility of incorporating the notion of the adversary perspective in an automated vulnerability assessment product based on the ATAK framework.
Benefits: The product of this research would give DOD and commercial organizations the ability to conduct automated, customizable, reusable vulnerability analyses that utilize well characterized adversary models tailored to the organizations specific threat model. Using the ATAK approach has many benefits. Organizations that use it will:- Defend against corruption and impairment caused by cyber intrusions, and ensure availability of systems to provide uninterrupted information services.- Identify information system vulnerabilities through adversarial point of view to provide input for determining strategies and courses of action for better security defenses.- Develop processes for ongoing improvement of Cyber Operational Readiness by running ATAK regularly to provide realistic predictions of adversary behaviors and characterize their associated effects on mission critical activities.- Have access to the latest attack tools and exploits through the ongoing CDA product support, beyond the capabilities of any one organization. This keeps the ever changing adversary perspective fresh without maintaining their own staffs of qualified Red Team experts and/or opening their networks to outside consultants who may not be trustworthy and who may not even be qualified to conduct a Red Team exercise..- Safely incorporate organization specific classified or proprietary knowledge of attack tools and exploits.- Use the full set of displayed attack paths to identify root causes of vulnerabilities. Common mitigation points are easily identified.-Improve their security architectures at design time by using ATAK to analyze alternative architectures before they are implemented.
Keywords: Cyber Defense, Virtual Red Team, Adversary Perspective, Cyber Adversary Characterization, Information Security, Risk Model, Automated Vulnerability Analysis, Attack Graph Generator
