CSD-TTS | Homeland Security

Cyberspace—and the computer networks and critical cyber infrastructure that comprise it—have been unable to establish and maintain secure conditions with a consistent, high degree of confidence. Consequently, the security of environments used for exchanging data and to store information or applications needs to be verified constantly. CSD’s Tailored Trustworthy Spaces (TTS) project comprises five separate efforts that investigate different approaches toward ensuring the trustworthiness of networks, rather than their security. These five efforts are grouped into two complementary areas: Digital Provenance and Nature-inspired Cyber Health—technical topic areas that were called out for research in the 2009 White House-led Comprehensive National Cybersecurity Initiative.

The term "Digital Provenance" signifies the authenticity or source of an object or, as in the cyber realm, a digital object. Provenance means that the object has not been altered or manipulated and that the user or recipient of the data or code is certain about its origin and previous users. In other words, the user knows whether or not the data or code can be “trusted.” The efforts below are being funded in the area of Digital Provenance.

Evidentiary integrity – a response tool for cyber incidents that ensures evidence collection and management are controlled and that a chain of custody (analogous to that used for crime-scene evidence) can be established for digital data associated with a cyberattack.
Controlled access to medical records – a method for tracking, logging and blocking access by authorized or unauthorized persons to digital information on disks, in memory or across a network.
Auditing of cell phone locations – an application that protects the integrity and confidentiality – and preserves the privacy - of location data collected by mobile devices.

Nature Inspired Cyber Health:

The two efforts in the nature-inspired cyberhealth area are more complex. They both attempt to use protective behaviors adopted by biological systems as analogues for detecting anomalous (or “unknown”) software code or network intrusions. The draft Cybersecurity Framework being developed by the National Institute of Standards and Technology in response to Executive Order 13636, Improving Critical Infrastructure Cybersecurity, has specifically identified “detection” of anomalous code or network behavior as one of the five essential approaches to mitigating cyber threats.

Program Highlights and Successes

Demonstrated an evidence integrity prototype to three law enforcement agencies in New York and established agreements to begin piloting the beta version of the prototype by the end of 2014.
Demonstrated a capability to track the chain of custody for digital records and log any and all accesses to those records across a network. The system will be piloted at the Carolina Data Warehouse for Health as part of North Carolina’s Secure Medical Research Workspace project.
Successfully demonstrated a smartphone application and location-proof server as part of a secure location provenance effort.