16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Layering Boundary Protections: An Experiment in Information Assurance

Dale M. Johnson
The MITRE Corporation

Lee Benzinger
NAI Labs

The DARPA Information Assurance Program has the aim of developing and executing experiments that test specific hypotheses about defense in depth and dynamic defense capabilities. This paper describes the development and execution of an experiment in layering. The basic hypothesis was that layers of defense, when added in a careful and systematic way to a base system, lead to increased protection against attacks on the system. For the particular experiment, a mission and broad policy were defined and a base system was developed to support the mission and the policy. The boundary controller for the system was designed and developed as a series of layers; these elements became the main focus of experimentation on layering. The results tended to confirm the experimental hypothesis that layers have a cumulative effect on protection against outside attacks. However, there are often other opportunities for attackers to go around the layers or avoid them altogether. A broader methodological result was that the entire process of developing experiments needs to be carefully thought through. In addition, the experimental data resulting from this experiment provide only a limited corroboration for the given experimental hypothesis.

Read Paper Read Paper (in PDF)