Mission and Information Assurance through Cyber Atomics

Cyber Risk Assessments for Threatened Environments (CRATE) is a system that produces actionable, mission-level alerts when anomalous behaviors indicative of cyber-attack are discovered within deployed mission-critical cyber-systems. CRATE is particularly relevant to deployment scenarios involving third-party infrastructure, such as deployment to a Platform as a Service (PaaS) provider or other cloud-like ecosystems. These systems may include components provisioned across many geographically disjoint physical and virtual hosts that possibly operate within contested environments such as the Internet (and are therefore subject to cyber-attack). The Phase I CRATE prototype specifically targeted SELinux-compliant platforms but its techniques are well-suited to other Mandatory Access Control (MAC) implementations such as AppArmor, an enhancement that will be explored in the Phase II. The Phase II CRATE system provides real-time visibility and mission-level impact analysis as countermeasures against attacks launched by sophisticated adversaries whose actions would otherwise be detected only after damaging mission readiness. CRATE also detects non-malicious but problematic conditions such as misuse or misconfiguration of cyber-systems. CRATE is a noninvasive technology that operates orthogonally to existing security and monitoring techniques.