TY - JOUR T1 - Peer-to-Peer Enclaves for Improving Network Defence JF - Technology Innovation Management Review Y1 - 2013 A1 - David W. Archer A1 - Adam Wick KW - cyber countermeasures KW - cybersecurity KW - dynamic cyberdefence KW - enclave computing KW - network defence KW - peer-to-peer AB - Information about cyberthreats within networks spreads slowly relative to the speed at which those threats spread. Typical "threat feeds" that are commercially available also disseminate information slowly relative to the propagation speed of attacks, and they often convey irrelevant information about imminent threats. As a result, hosts sharing a network may miss opportunities to improve their defence postures against imminent attack because needed information arrives too late or is lost in irrelevant noise. We envision timely, relevant peer-to-peer sharing of threat information – based on current technologies – as a solution to these problems and as a useful design pattern for defensive cyberwarfare. In our setting, network nodes form communities that we call enclaves, where each node defends itself while sharing information on imminent threats with peers that have similar threat exposure. In this article, we present our vision for this solution. We sketch the architecture of a typical node in such a network and how it might interact with a framework for sharing threat information; we explain why certain defensive countermeasures may work better in our setting; we discuss current tools that could be used as components in our vision; and we describe opportunities for future research and development. PB - Talent First Network CY - Ottawa VL - 3 UR - http://timreview.ca/article/701 IS - 7 U1 - Galois, Inc. David Archer is a Research Program Lead at Galois, Inc., where he directs research into high-assurance methods for large-scale cyberconflict. He holds a PhD in Computer Science from Portland State University in the United States as well as an MS in Electrical Engineering from the University of Illinois at Urbana-Champaign. Dr. Archer’s research interests also include efficient methods for computing on encrypted data, and information integration, assurance, and provenance. At Intel Corporation, Dr. Archer was instrumental in the development of the communication network for the ASCI Red TeraFLOPS system at Sandia, and in the development of multiple generations of high-performance server and workstation memory and I/O systems. U2 - Galois, Inc. Adam Wick directs the Systems and Networking Group at Galois, Inc., where he has worked with DARPA to create advanced network-defence techniques, including CyberChaff and Ditto. He holds a PhD in Computer Science from the University of Utah in the United States, as well as a BS in Computer Science from Indiana University Bloomington. Dr. Wick also has been collaborating with SRI, LG, and others to build secure mobile devices for the United States Marine Corps. Prior to this work, he developed the HaLVM, a lightweight machine for running custom, single-purpose applications in the cloud. In all of this work, he maintains a focus on using next-generation operating system and networking technology to create practical tools for critical systems. ER -