System and Security Management Tools

Period of Performance: 09/28/1998 - 11/27/2000

$500K

Phase 2 SBIR

Recipient Firm

Curriculum Corp.
P.O. Box 116
Kings Mills, OH 45034
Principal Investigator

Abstract

Curriculum Corporation proposes to research and develop an innovative platform-independent intrusion detection and response tool. The tool would be based on OSF DCE (but will support every mainstream computer platform. The ability to automatically recover from an information attack will rely on 'on-the-fly' modification of the DCE security service. The tool is innovative in that: a) The response to an attack would be a concerted effort from all of the systems in a DCE cell or NT Domain (potentially thousands of systems) b) No commercial IDS has ever supported all platforms (including mainframe) c) Common Intrusion Detection Framework is fully implemented. The proposed research & development effort would design a product capable of reacting appropriately to a wide range of security anomalies and implementation of these responses. The centralized nature of DCE security will facilitate very fast response to any potential attack. The Phase I work undertaken has proven that it is technically feasible to reach the goals set out here, however, we do not underestimate the effort required. One of the largest hurdles to overcome is the typically high false alarm rates associated with other Intrusion Detection Systems.