Federated Model for Cyber Security
Project Background

The Federated Model for Cyber Security project began as a discussion of what type of intrusion information different sites retained for their own purposes and what could be obtained by sharing this information. Could there be value in knowing what bad actors attacked other sites? Could that be a precursor to those same attackers hitting other sites with similar missions (government, research, educational)? How can trusted sites utilized the knowledge of intrusion information from other sites?

The project grew from simple exchange of intrusion information to the idea that a command and response application of intrusion related information could be developed between trusted sites. A common question asked of trusted sites is: we see suspicious activity from an IP within your network space, are you actively routing this IP? For cases of spoofed traffic, this answer could be an automated response.

More details about this project are show in the project presentation.

The Federated Model for Cyber Security was presented at:

• DOE Network Security Monitoring Techical Summit on May 8-9, 2008. Copy of the paper for this conference.
• BOF at FloCon08 on January 7-10, 2008. Copy of the paper for this conference.
• The Cyberspace Research Workshop sponsored by the Center for Secure Cyberspace in Shreveport, LA, on November 27,2007. Copy of the paper for this conference.
• BOF at SC07 on November 14, 2007.
• The 29th DOE Cyber Security Training Conference in Ananheim, CA, on April 29, 2007. The presentation for the conference.