Peraton Labs
  • About
    • Our Story
    • Markets we serve
    • Leadership
    • Contact us
    • Visit peraton.com →
  • Research
    • 5G
    • Cybersecurity
    • Electronic warfare
    • Machine learning and data analytics
    • Mobility
    • Optical, photonics and quantum
    • Wireless systems and networks
  • Services
    • Critical infrastructure
    • Networking and cloud
    • Service and data assurance
    • Other services
  • Products
    • Critical infrastructure
    • Cybersecurity
    • Network defense
    • Spectrum solutions
    • Wireless solutions
    • Other products
  • News and media
    • Events
    • Highlights >
      • CLOSURE Toolchain for Cross-Domain Solutions
      • Peraton Labs Supports Cyber Exercise for Nebraska Army National Guard
      • Conceptual Simulation for Designing High Performance Computers
      • FLEET: Reconfigurable Optical NICs for Fast Data Transfer
      • Turbocharge Simulation
      • Analytics and AI for Predictive Maintenance
      • Minimizing the Cyberattack Surface
    • Press releases
    • Media hits
  • Careers
    • Life at the Labs
    • Tackling Tomorrow's Challenges
  • Search

​Configuring Systems to Minimize the Cyberattack Surface

Picture
Configuration vulnerabilities are a major cause of system downtime and cyberattacks. Hackers successfully exploit configuration vulnerabilities and errors – such as incorrect enablement of privileges or erroneous file access – in many of the most disruptive, extensive, and costly internet outages. What if we could reduce the risk by configuring systems not only for high performance, but also to minimize the cyberattack surface? 

Complex systems, including computer and communications networks, robots and autonomous vehicles, industrial control systems, military platforms, and critical infrastructure, are comprised of large numbers of components. These components have many configuration variables whose settings define logical interconnections and determine system behavior. Setting values for thousands of configuration variables to simultaneously meet hundreds of functional and performance requirements is a daunting computational task. Even modest-sized systems will have more possible configurations than stars in the universe! This configuration space offers an immense attack surface, which is vulnerable to intrusion, malware, and other cyberthreats.

Peraton Labs has developed a novel solution that not only configures systems for correct operation and high performance, but also minimizes the configuration attack surface. Our solution, Optimized Context-Specific Configuration for Attack-Surface Minimization (OCCAM), applies simulation, machine learning, and our innovative constrained optimization engine to produce compliant, secure configurations. It solves the daunting computational task automatically and quickly, resolving in minutes problems for which the number of possible configurations is 10 raised to the 105th power. OCCAM also provides what-if analyses and helpful explanations to aid users in understanding the design space and its trade-offs.
 
Here’s how OCCAM works:
  • Input to OCCAM consists of system requirements, functional models, configuration parameters, and standard operating procedures (SOPs) for system operators. 
  • No input on threats or adversary behavior is required; instead, OCCAM models the attack surface as an objective function of vulnerability scores (e.g., enabled privileges and permissive file accesses.)
  • OCCAM formulates the problem of attack surface minimization while preserving functionality as a constrained optimization problem, utilizing an accessible, mainstream programming language.
  • In minutes, OCCAM can determine thousands of configuration settings to minimize the objective function (vulnerability score) while satisfying hundreds of constraints (system requirements).
  • OCCAM also provides explanatory information, which helps operators gain understanding to manage the system, and suggestions for modifications to SOPs to reduce configuration vulnerability. 
  • OCCAM has been successfully applied to computer systems, satellite networks, robotics, and the power grid.
 
OCCAM can be used on any complex system, including industrial process control systems, positive train control, and shipboard and small business networks. It can also be used to repair faulty configurations and to help systems, such as robots and autonomous systems, recover from attacks.
 
To learn more about OCCAM and our other research on ensuring security-by-design, contact us at info@peratonlabs.com.
Contact us
​About
​Research
​Services
Products
​Careers
​
News and media

peraton.com
Markets we serve:
Defense
Energy
​
Financial
Government 
Life sciences 
Telecommunications
Transportation
​
Picture
© 2022 Peraton Labs.  Site map | Terms of use | Privacy policy
  • About
    • Our Story
    • Markets we serve
    • Leadership
    • Contact us
    • Visit peraton.com →
  • Research
    • 5G
    • Cybersecurity
    • Electronic warfare
    • Machine learning and data analytics
    • Mobility
    • Optical, photonics and quantum
    • Wireless systems and networks
  • Services
    • Critical infrastructure
    • Networking and cloud
    • Service and data assurance
    • Other services
  • Products
    • Critical infrastructure
    • Cybersecurity
    • Network defense
    • Spectrum solutions
    • Wireless solutions
    • Other products
  • News and media
    • Events
    • Highlights >
      • CLOSURE Toolchain for Cross-Domain Solutions
      • Peraton Labs Supports Cyber Exercise for Nebraska Army National Guard
      • Conceptual Simulation for Designing High Performance Computers
      • FLEET: Reconfigurable Optical NICs for Fast Data Transfer
      • Turbocharge Simulation
      • Analytics and AI for Predictive Maintenance
      • Minimizing the Cyberattack Surface
    • Press releases
    • Media hits
  • Careers
    • Life at the Labs
    • Tackling Tomorrow's Challenges
  • Search