Air Force Test Center

Transcription

1 Air Force Test Center Avionics Cyber Range (ACR) DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. Bill L'Hommedieu ACR Chief Engineer 96 th Cyber Test Group 7 May

2 ACR Overview Mission: An AFTC test range providing a mission based infrastructure, interfacing with other facilities ranging from controlled, secure offensive cyberspace systems to emulations of uncontrolled, non-secure, and adversary networks ACR will support Cyberspace testing for: Aircraft, Logistics systems, C2 Systems, Space and Nuclear platforms 2

3 ACR Concept of Operations Vulnerabilities validated and TTP exercised on Operational platforms Anechoic Chamber Testing Flight line testing Mobile test Kits Mission - Validated Vulnerabilities Operational Test Susceptibilities found though Binary Analysis Fuzz testing across trust boundaries Fuzz testing of code processes and output Binary Hardening Residual Susceptibilities Known Susceptibilities Zero-Day Hacks Susceptibilities exercised in System of Systems testing for evaluation of mission effects in an operationally representative, multiple platform environment SIL/HWIL Test Validated Susceptibilities Component Test Susceptibilities exercised on individual components Functional Security testing Penetration testing Subsystem Fuzzing ACR will consist of three strategic capability areas: Avionics Cyber Test Lab, Cyber Threat Development, and National Cyber Range Complex

4 Avionics Cyber Lab Connects avionics hardware to a test capability with the necessary elements to cover the end-to-end communications associated with a typical weapon system Avionics Test Bench - well-defined hardware interfaces and software API s Allows new technology to be validated/demonstrated in flight representative environment Enable connection with remote elements for example with ground based related testbeds Weapon systems Racks/Pylons Maintenance equipment (for example CMBRE/CAPRE) LRU Virtualization - High-fidelity emulations of an LRU s architecture, native processor, memory layout, etc. providing representative hardware/software environment Reverse Engineering Laboratory - hardware and software reverse engineering of embedded systems including avionics and weapon systems 4

5 Cyber Threat Development Provides representation of the actions of adversaries whose ability and intent is to adversely affect an automated system, facility, or operation Threat Environment - threat representations that are intelligence-informed cyber threat TTPs, equipment, or adversarial command and control networks Representative Threats - threats across the spectrum from hacker to nation state-sponsored cyber attackers, provided through threat scripts and recognized threat vectors Cyber Effects Emulation - capability to inject hostile activity (malformed messages, malware, etc.) into embedded system data buses and cyber-attack surfaces Threat Modeling - Automated modeling tools to assist the test engineer quickly defining a set of possible attacks RF threat injection and tools - injection of cyber effects though RF channels within the mission kill chain 5

6 National Cyber Range, Eglin AFB A secure hosting workspace with the capability to emulate systems under test in a real world, operational environment, in order to perform live fire cyber-attacks Common Cyber Testing Ontology, Taxonomy, and Lexicon How we communicate Common Concept of Operations How the cyber ranges operate Common Cyber Test Data Model How to describe a cyber test Common Cyber Descriptions (Object Definition and Transforms) How components of the cyber test are defined Common Cyber Universe Description How the environment that surrounds the components of the cyber test are defined Common Instrumentation and Control How data is collected and assessed How cyber tests are controlled TECHNICAL CHARACTERISTICS Realistic: Large-scale, high-fidelity virtualized cyber environments operating actual software integrated with hardware-in-the-loop capabilities Repeatable: Archived, reusable environments, procedures, parameters, and event restoration checkpoints to facilitate test-fix-test verification Rapid: Standard tools and processes to automatically create, re-create, and modify mission-specific environments Isolation: Cryptographic segregation of multiple, concurrent cyber environments at varying security classifications Sanitization: Restore all assets to a known, clean state not just range infrastructure, but also mission system equipment E n a b l e d b y a C y b e r - S a v v y W o r k f o r c e

7 ACR OV-1 Hardware In the Loop Facilities Anechoic Chamber Open Air Ranges National Cyber Range Complex Cyber Threat Development JMETC Multi Level Network (JMN) Avionics Cyber Range Multi-level Network (ACRMN) Avionics Cyber Test Lab National Cyber Range, Eglin RF Threat Injection & Tools Threat Models & Simulation Threat Environment LRU Virtualization Reverse Engineering Lab Avionics Test Bed Test Instrumentation Avionics Buss Fuzzing Tools Test Instrumentation Traffic Generation Test Test Virtual Machines Sanitization Server 7

8 Proposed Test FOC RF threat injection LRU Emulation Threat Development Automatic Exploit Generation System Under Test (SUT) Instrumentation & Debugging Avionics Bus Sniffer/Analyzer Avionics Subsystem Fuzzing National Cyber Range Complex SILs/HWIL Integration Avionics Cyber Test Bench 8

9 Planned ACR Connectivity JMETC MILS Network (JMN) will provide connections to remote sites ACR will be integrated with the Nation Cyber Range Complex Any test site requiring ACR resources can connect though JMN Aberdeen Proving Grounds NAS PAX River Edwards AFB 47th OL-B IFAST BAF Redstone Arsenal RTC SPAWAR Charleston Joint Base San Antonio 47 th Test Squadron Eglin AFB 96 th Cyber Test Group Avionics Cyber Range JPRIMES NCRC Orlando 9

10 Avionics Test Bed Capability to emulate avionics architectures including the necessary elements to cover the end-to-end communications associated with a typical weapon system Project Objectives: - Capabilities for rapid integration of avionics subsystems - Capabilities for rapid reconfiguration to support different air platforms and any number of real/emulated/simulated avionics systems - Repeatable processes to monitor, stimulate and perform test and evaluation - Capabilities to monitor or record inputs from real weapon systems, replay the data back to a weapon system, or fuzz the inputs to a weapon system - Capabilities for integration of modern Aircraft Avionics Focus Areas: - A modular architecture with a standardized set of interfaces that allows rapid reconfiguration and expansion using a combination of real, emulated and simulated avionics subsystems technology - Platform Agnostic - Emulated Hardware with operational software - AFRL Avionics Vulnerability Assessment System (AVAS) - allows for rapid integration of simulation models and avionics - Protocol Development for avionics systems - Aircraft LRU Integration 10

11 DIUX VOLTRON Project Defense Innovation Unit Experimental (DIUX) VOLTRON Project Automated vulnerability detection and remediation would result in a revolution in securing mission-critical systems and in the development of offensive capabilities against targets of interest This capability was first demonstrated in August 2016 at the DARPA Cyber Grand Challenge Project Objectives: - Demonstrate the efficacy of autonomous tools in performing vulnerability assessments of DoD weapon systems without the use of external threat/vulnerability information - Identify and remediate vulnerabilities in production software, including the generation of working exploits to prevent false positives - Build autonomous capabilities into tools already used by government vulnerability researchers to meet both offensive and defensive mission needs - With a successful prototype, deliver a system that works against a variety of architectures of interest to the DoD Participating Contractors Contractor Product Architectures ForAllSecure MAYHEM x86 Linux, ARM Linux, x64 Windows GrammaTech Proteus x64 Windows Trail of Bits PowerPC on VxWorks 5.5 Kudu Dynamics PASSED PAWN ArduPilot and Pixhawk (open source autopilot software) Focus Areas: Autonomous vulnerability detection and code hardening of x86 and ARM Linux based avionics and sensor fusion software. Autonomous vulnerability detection and code hardening x64 Windows based mission planning and support systems. (Joint Mission Planning Software)(JMPS) Autonomous vulnerability detection and code hardening of PowerPC VxWorks. Autonomous vulnerability detection and offensive weaponization on software of interest to the offensive cyber community. 11

12 Cyber Threat Automation & Monitoring (CTAM) Florida International University-ARC Miami FL Project Objectives: Developing technologies to detect, monitor, and analyze malware behavior during cyber attacks in a virtualized T&E environment Enables: Fine-grain introspection/data collection/monitoring Machine Learning and Advanced Cyber Analytics Analysis and threat assessment to understand impacts to systems under test Project Completion May 2020 Focus Areas: Capability to create System Under Test (SUT) virtual machines on XEN and KVM platforms and perform Introspection Optimize traditional machine learning algorithms and implementation of deep learning algorithm for accurate prediction to identify the impact of test vectors on defined mission Implementation of deep learning algorithms using CNTK and TensorFlow framework Implementation of Stream processing /Distributed computing using SPARK and Kafka T&E/S&T Program FY2016 End-of-Year Program Execution Review

13 Questions/Discussion? 13