Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF OCTOBER 01, 2003 FBO #0673
SOLICITATION NOTICE

A -- Self-Regenerative Systems (SRS)

Notice Date
9/29/2003
 
Notice Type
Solicitation Notice
 
Contracting Office
Other Defense Agencies, Defense Advanced Research Projects Agency, Contracts Management Office, 3701 North Fairfax Drive, Arlington, VA, 22203-1714
 
ZIP Code
22203-1714
 
Solicitation Number
Reference-Number-BAA03-44
 
Response Due
9/24/2004
 
Archive Date
10/9/2004
 
Point of Contact
Lee Badger, Program Manager, IPTO, Phone 000-000-0000, Fax 703-741-1804,
 
E-Mail Address
xxx@xxxxx.xxx
 
Description
PROGRAM OBJECTIVES AND DESCRIPTION. The Defense Advanced Research Projects Agency (DARPA) is soliciting proposals for DARPA?s Information Processing Technology Office to perform research, development, modeling, design, and testing to support the Self-Regenerative Systems (SRS) program. Network-centric warfare demands robust systems that can respond automatically and dynamically to both accidental and deliberate faults. Adaptation of fault-tolerant computing techniques has made computing and information systems intrusion-tolerant and much more survivable during cyber attacks, but even with these advancements, a system will inevitably exhaust all resources in the face of a sustained attack by a determined cyber adversary. Computing systems and information systems also have a tendency to become more fragile and susceptible to accidental faults and errors over time if manually applied maintenance or refresh routines are not administered regularly. The Self-Regenerative Systems (SRS) program seeks to address these deficiencies by creating a new generation of security and survivability technologies. These ?fourth-generation? technologies will bring attributes of human cognition to bear on the problem of reconstituting systems that suffer the accumulated effects of imperfect software, human error, and accidental hardware faults, or the effects of a successful cyber attack. The overarching goals of the SRS program are to implement systems that always provide critical functionality and show a positive trend in reliability, actually exceeding initial operating capability and approaching a theoretical optimal performance level over long time intervals. Desired capabilities include self-optimization, self-diagnosis, and self-healing; it will be important for systems to support self-awareness and reflection in order to achieve these capabilities. The approach of this program to constructing self-regenerative systems that meet the above needs is to create fourth generation survivability and security mechanisms to complement received first-generation security mechanisms (trusted computing bases, encryption, authentication and access control), second-generation security mechanisms (boundary controllers, intrusion detection systems, public key infrastructure, biometrics) and third-generation security and survivability mechanisms (real-time execution monitors, error detection and damage prevention, error compensation and repair). Among other things, new fourth generation technologies will draw on biological metaphors such as natural diversity and immune systems to achieve robustness and adaptability, the structure of organisms and ecosystems to achieve scalability, and human cognitive attributes (reasoning, learning and introspection) to achieve the capacity to predict, diagnose, heal and improve the ability to provide service. The vulnerabilities of computing and information systems addressed by this program include mobile/malicious code, denial-of-service attacks, and misuse and malicious insider threats, as well as accidental faults introduced by human error and the problems associated with software aging. The program will build on the advances made in earlier programs addressing the DoD?s operational needs for information systems, such as the ability to operate through attacks, maintenance of critical functionality, graceful degradation of non-critical functions in the face of intrusions and attacks when full functionality cannot be maintained, and the ability to dynamically trade off security, performance and functionality as a function of threat. Fault-tolerant systems deal with accidental faults and errors while intrusion-tolerant systems cope with malicious, intentional faults caused by an intelligent adversary. Combining fault- and intrusion-tolerance technologies produces very robust and survivable systems, but these techniques depend upon resources that may eventually be depleted beyond the point required to maintain critical system functionality. The fourth generation technologies we seek will reconstitute and reconfigure these resources in such a manner that the systems are better protected in the process, reliability is continually improved as vulnerabilities and software bugs are discovered and fixed autonomously, and the ability to provide critical services is never lost. Assessment and validation of self-regenerative approaches will be carried out to determine their efficacy. The challenge here is that security and survivability requirements have heretofore defied quantification and analytical approaches. Progress made in creating a practical framework for validating intrusion-tolerance techniques will be built upon and extended to validate SRS technologies. The first phase of this effort is planned to be 18 months long. This is a solicitation for Phase I only. If results are promising, a Phase II follow-on program is a possibility. Phase I program goals are to create the core technologies needed to design and develop systems that provide 100% critical functionality at all times in spite of attacks; for a system to learn its own vulnerabilities over time, to ameliorate those vulnerabilities, to regenerate service after attack, and ultimately, to improve its survivability over time. The ultimate goal at the end of a Phase II program would be to achieve sufficient system robustness and regenerative capacity to provide 100 per cent availability of critical functionality and system integrity in the face of sustained malicious attacks and accidental faults. There will be four major research thrusts in the Phase I technology development of the program. These areas, along with their success criteria, are as follows: Biologically-inspired diversity. This research thrust area will create a genetically diverse computing fabric in which diversity limits the impact of any given vulnerability. Coarse-grained diversity (e.g., using several different operating systems or server software packages in an architecture) has been used to achieve intrusion tolerance, but that approach was limited by the relatively small number of manually-created interchangeable operating systems, server packages, and similar software components. The technical approach of the SRS program is to achieve fine-grained diversity at the module level to remove common vulnerabilities and to automatically generate numerous diverse software versions. The success criterion for this thrust is the automatic production of 100 functionally-equivalent versions of a software component with no more than 33 having the same deficiency. Cognitive immunity and self-healing. This research thrust area will show automated cyber immune response and system regeneration. The technical approach will include biologically-inspired response strategies, machine learning, and cognitively-inspired proactive automatic contingency planning. The success criterion for this thrust is the accurate diagnosis of at least 10% of the root causes of system problems and automatic effective corrective action for at least half of those diagnoses. Granular, scalable redundancy. This research thrust area will increase the practicality of redundancy techniques by dramatically reducing the time required to achieve consistency among replicas after an update. This thrust area will attack the consistency problem in two distinct sub-areas?a centralized server setting, and a distributed publish/subscribe setting. Performers who propose to the scalable redundancy thrust area may address either or both sub-areas. Success criteria here include the following: in the centralized server setting, attain a three-fold reduction in latency for achieving consistency of replicated data while tolerating up to five Byzantine failures; in the distributed publish/subscribe setting, attain a fifteen-fold reduction in latency for achieving consistent values of data shared among one hundred to ten thousand participants while using robust epidemic algorithms, where all participants can send and receive events. Reasoning about the insider threat to preempt insider attacks and detect system overrun. The technical approach will include inferring user goals, enabling anomaly detection, and combining and correlating information from system layers, direct user challenges, etc. The success criterion for this thrust is the thwarting or delaying of at least 10% of insider attacks. These research areas will explore techniques that span the spectrum from autonomic/reflexive response through and including introspection and learning. Proposals should address only one research thrust area. A proposer may submit multiple proposals. The success criteria for the four thrust areas constitute the program?s gating evaluation criteria for the possibility of a Phase II follow-on program. They are minimum requirements to gain confidence that self-regenerative systems are feasible. A Phase II program would seek much higher levels of performance. Phase I offerors are strongly encouraged to aim for performance that exceeds these criteria where possible. It is envisioned that a Phase II program would integrate the more promising techniques into an exemplar system prototype to demonstrate the advantages of implementing these technologies in high value critical applications. The system demonstrated would exhibit the fourth generation capabilities of self-optimization, self-awareness, self-diagnosis, self-healing and reflection.. Offerors must state in their proposals a plan for providing deliverables for installation, training, manuals, etc. required for evaluation by the testing facility, as well as travel costs. Offerors should support the technical feasibility of their concept or idea and discuss the future development of their ideas, validation and transition. TEST AND EVALUATION. Performers will test and evaluate their technologies using their own facilities and report results at PI meetings. In addition, performers will provide software distributions and will document all test and evaluation choices and procedures (hardware, software environment, scenario, etc.) with enough clarity for a third party to repeat the evaluations. Regarding test and evaluation, an Independent Evaluation Team (IET) will collaborate with performers to foster out-of-the-box thinking and sharing of results among performers and the larger research community. Because progress in the scalable, granular redundancy research thrust area is relative to a baseline that is very sensitive to the testing environment, performers in that area will construct a testbed environment, establish a test procedure, test the best available techniques to determine baseline performance in that testbed, and report their baseline results at the first PI meeting. Testing and evaluation for granular, scalable redundancy techniques developed in Phase I will be conducted on an identical testbed. PROGRAM SCOPE. Proposed research should investigate innovative approaches and techniques that lead to or enable revolutionary advances in the state-of-the-art. Proposals are not limited to the specific strategies listed above, and alternative visions will be considered. However, proposals should be for research that substantially contributes towards the goals stated. Specifically excluded is research that primarily results in minor evolutionary improvement to the existing state of practice or focuses on special-purpose systems or narrow applications. This solicitation is for Phase I only. A separate full and open solicitation is possible at a later date for a Phase II program. Offerors should not propose a base effort exceeding 18 months. Any such proposal doing so may be disregarded. Options for up to an additional twelve months over the base period will be acceptable. Any offeror may submit a proposal in accordance with the requirements and procedures identified in this BAA. These requirements and procedures include the form and format for proposals. Phase I is planned to be unclassified, but Phase II is likely to be a classified program. Offerors who desire to be able to participate in a possible Phase II program are encouraged to be willing and able to obtain appropriate security clearances. GENERAL INFORMATION This Broad Agency Announcement (BAA) requires completion of a BAA Cover Sheet for each Proposal prior to submission. This cover sheet can be accessed at the following URL: http://www.dyncorp-is.com/BAA/index.asp?BAAid=03-44 After finalizing the BAA Cover Sheet, the proposer must print the BAA Confirmation Sheet that will automatically appear on the web page. Each proposer is responsible for printing the BAA Confirmation Sheet and attaching it to every copy. The Confirmation Sheet should be the first page of the Proposal. If a proposer intends on submitting more than one Proposal, a unique UserId and password must be used in creating each BAA Cover Sheet. Failure to comply with these submission procedures may result in the submission not being evaluated. Security classification guidance on a DD Form 254 (DoD Contract Security Classification Specification) will not be provided at this time since DARPA is soliciting ideas only. After reviewing incoming proposals, if a determination is made that contract award may result in access to classified information, a DD Form 254 will be issued upon contract award. If you choose to submit a classified proposal you must first receive the permission of the Original Classification Authority to use their information in replying to this BAA. NEW REQUIREMENTS/PROCEDURES: The Award Document for each proposal selected and funded will contain a mandatory requirement for submission of DARPA/IPTO Quarterly Status Reports and an Annual Project Summary Report. These reports will be submitted electronically via the DARPA/IPTO Technical-Financial Information Management System (T-FIMS), utilizing the government-furnished Uniform Resource Locator (URL) on the World Wide Web (WWW). Further details may be found in the Proposer Information Pamphlet (PIP). PROPOSAL FORMAT Proposers must submit an original and 3 copies of the full proposal and 2 electronic copies (i.e., 2 separate disks) of the full proposal (in PDF or Microsoft Word 2000 for IBM-compatible format on a 3.5-inch floppy disk, 100 MB Iomega Zip disk or cd). Mac-formatted disks will not be accepted. Each disk must be clearly labeled with BAA 03-44, proposer organization, proposal title (short title recommended) and Copy number of 2. The full proposal (original and designated number of hard and electronic copies) must be submitted in time to reach DARPA by 4:00 PM (ET) Wednesday, November 26, 2003, in order to be considered during the initial evaluation phase. However, BAA 03-44, SRS will remain open until 12:00 NOON (ET) September 24, 2004. Thus, proposals may be submitted at any time from issuance of this BAA through September 24, 2004. While the proposals submitted after the Wednesday, November 26, 2003, deadline will be evaluated by the Government, proposers should keep in mind that the likelihood of funding such proposals is less than for those proposals submitted in connection with the initial evaluation and award schedule. DARPA will acknowledge receipt of submissions and assign control numbers that should be used in all further correspondence regarding proposals. Proposers must obtain the BAA 03-44 Proposer Information Pamphlet (PIP), which provides further information on the areas of interest, submission, evaluation, funding processes, and proposal formats. This pamphlet will be posted directly to FedBizOpps.gov and may also be obtained at URL address http://www.darpa.mil/ipto/Solicitations/solicitations.htm. Proposals not meeting the format described in the pamphlet may not be reviewed. This notice, in conjunction with the BAA 03-44 PIP and all references, constitutes the total BAA. No additional information is available, nor will a formal RFP or other solicitation regarding this announcement be issued. Requests for same will be disregarded. The Government reserves the right to select for award all, some, or none of the proposals received. All responsible sources capable of satisfying the Government's needs may submit a proposal that shall be considered by DARPA. Historically Black Colleges and Universities (HBCUs) and Minority Institutions (MIs) are encouraged to submit proposals and join others in submitting proposals. However, no portion of this BAA will be set aside for HBCU and MI participation due to the impracticality of reserving discrete or severable areas of this research for exclusive competition among these entities. Evaluation of proposals will be accomplished through a scientific review of each proposal, using the following criteria, which are listed in descending order of relative importance: (1) Overall Scientific and Technical Merit: The overall scientific and technical merit must be clearly identifiable and compelling. The technical concept should be clearly defined, developed and defensibly innovative. Emphasis should be placed on the technical excellence of the development and experimentation approach. (2) Innovative Technical Solution to the Problem: Proposed efforts should apply new or existing technology in an innovative way such as is advantageous to the objectives. The plan on how the offeror intends to get developed technology artifacts and information to the user community should be considered. The offeror shall specify quantitative experimental methods and metrics by which the proposed technical effort?s progress shall be measured. (3) Potential Contribution and Relevance to DARPA/IPTO Mission: The offeror must clearly address how the proposed effort will meet the goals of the undertaking and how the proposed effort contributes to significant advances to the DARPA/IPTO mission. (4) Offeror's Capabilities and Related Experience: The qualifications, capabilities, and demonstrated achievements of the proposed principals and other key personnel for the primary and subcontractor organizations must be clearly shown. (5) Plans and Capability to Accomplish Technology Transition: The offeror should provide a clear explanation of how the technologies to be developed will be transitioned to capabilities for military forces. Technology transition should be a major consideration in the design of experiments, particularly considering the potential for involving potential transition organizations in the experimentation process. (6) Cost Realism: The overall estimated cost to accomplish the effort should be clearly shown as well as the substantiation of the costs for the technical complexity described. Evaluation will consider the value to Government of the research and the extent to which the proposed management plan will effectively allocate resources to achieve the capabilities proposed. Cost is considered a substantial evaluation criterion but secondary to technical excellence. All administrative correspondence and questions on this solicitation, including requests for information on how to submit a proposal to this BAA, must be received at one of the administrative addresses below by 12:00 NOON (ET) September 10, 2004; e-mail or fax is preferred. DARPA intends to use electronic mail and fax for some of the correspondence regarding BAA 03-44. Proposals MUST NOT be submitted by fax or e-mail; any so sent will be disregarded. All proposals, administrative correspondence, and questions submitted in response to this solicitation must be in the English language. Submissions received in other than English shall be rejected. Restrictive notices notwithstanding, proposals may be handled, for administrative purposes only, by a support contractor. This support contractor is prohibited from competition in DARPA technical research and is bound by appropriate non-disclosure requirements. Input on technical aspects of the proposals may be solicited by DARPA from non-Government consultants/experts who are bound by appropriate non-disclosure requirements. Non-Government technical consultants/experts will not have access to proposals that are labeled by their offerors as ?Government Only.? While non-government personnel may review proposals, contractors will not be used to conduct evaluations or analyses of any aspect of a proposal submitted under this BAA, unless one of the three conditions identified in FAR 37.203(d) applies. The administrative addresses for this BAA are: Fax: (703) 741-7804 Addressed to: DARPA/IPTO, BAA 03-44 Electronic Mail: BAA03-44@darpa.mil Electronic File Retrieval: http://www.darpa.mil/ipto/Solicitations/solicitations.htm Mail to: DARPA/IPTO ATTN: BAA 03-44 3701 N. Fairfax Drive Arlington, VA 22203-1714
 
Record
SN00444135-W 20031001/030929213234 (fbodaily.com)
 
Source
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.