Advanced Research Projects Agency (ARPA), Contracts Management Office (CMO), 3701 North Fairfax Drive, Arlington, VA 22203-1714

A -- SURVIVABILITY OF INFORMATION SYSTEMS SOL BAA96-03 DUE 030196 POC Teresa F. Lunt, ARPA/ITO, FAX: (703)522-2668. The Advanced Research Projects Agency (ARPA) is soliciting proposals for research and new technology development related to security, robustness, and survivability of very large scale systems. ARPA is seeking research and development of prototype technology that can be used to design and evolve greater survivability for critical infrastructure systems. Critical infrastructure systems may be regional, national, or global in scale and are those whose continuous operation is critical to the defense and well-being of the nation. Technologies to improve the survivability of such systems will allow them to be designed and deployed to afford continued correct operation despite intentional penetration and attempts to disrupt, manipulate, or deny service. Proposals are sought that address one or more of the following three technical areas: (1) composition of survivable systems from non-robust components, including COTS and legacy components, (2) survival with correlated and malicious faults, and (3) intrusion detection. 1) Composition Of Survivable Systems: Very large scale critical information systems are complex and often poorly structured. Practical technology is sought that will allow such systems to be selectively hardened for security and robustness. Approaches should: allow selected system components to be ''wrapped'' to realize security and robustness properties, provide a means to specify assumptions, guarantees, constraints, and properties (in addition to functionality) of components, and allow system-wide security and robustness properties to be inferred from the locally-specified properties of components and wrappers. Component ''wrappers'' may perform functions such as filtering and access control, authentication, integrity checking, encryption, behavior checking, negotiation of security association, redundancy or replication for fault tolerance, transactional infrastructure for correctness, or secure reliable group communications protocols. 2) Survival With Correlated And Malicious Faults: Proposals are sought for technologies to allow systems to survive correlated and malicious faults as can be expected to occur from n information warfare threat. These technologies should be insertable into wrapper frameworks developed in (1) above so as to allow migration of existing system architectures to include defensive capabilities (e.g., threat containment and fault tolerance). Proposals are sought for innovative techniques and algorithms to address a variety of fault/threat models and for their implementation and evaluation in experimental systems. 3) Intrusion Detection: The threat of information warfare raises the need for the ability to detect and appropriately respond to an adversary's penetration or manipulation of critical elements of the national or defense information infrastructure. Analytical, heuristic, or knowledge based detection methods are needed that scale to regional and national infrastructure systems, can be applied to current, emerging networking and computing technologies, do not require massive amounts of data collection, can provide usable results from analysis of incomplete information, are highly believable in terms of error rates, allow estimation of the source of penetration, and allow appropriate automated response. Detection methods should have a very high success rate against known patterns of attack and have reasonably high success rates against unanticipated methods of attack. These methods should also permit estimation of the degree of suspicion to be accorded to observed sequences of events. The types of attacks which are of concern range from the individual hacker to coordinated information warfare attacks by adversary nations or nonnational groups. PROGRAM SCOPE: Proposals will be considered in each of the above areas as well as across multiple areas. Proposed research should investigate innovative, scalable approaches that lead to or enable revolutionary advances in the state of the art. Specifically excluded is research which primarily results in incremental improvement to the existing state of practice or focuses on a specific system or hardware solution. Topics are not limited to those outlined above. When appropriate, new concepts are to be demonstrated by means of prototypes or reference implementations. Proposals may range from small-scale efforts that are primarily theoretical in nature, to medium-scale experimental and prototyping efforts of hardware and/or software, to larger-scale integrated systems efforts. Proposals may involve other research groups or industrialcooperation and cost sharing. Collaborative efforts and teaming are encouraged. Proposals for individual efforts should not exceed three years in length. Technologies which have a broad impact on military capability will be given highest priority. Some Government Furnished Equipment and Information (GFE) is available: (1) FORTEZZA cryptographic cards and PCMCIA card readers (up to 5 per contract), the FORTEZZA C library and device drivers (for selected platforms only), and the FORTEZZA Applications Developers Guide, and (2) source code and documentation for NSAs Synergy modular system framework for constructing secure systems. Projects will be awarded under this BAA for Fiscal Year 1996 and Fiscal Year 1997 starts. Proposers are strongly encouraged to include tasks that evaluate the security and robustness of their resulting prototypes under realistic scenarios. Remaining vulnerabilities of proposed approaches should be identified, and proposers are encouraged to include techniques for the detection of attacks that exploit those weaknesses. Proposals should identify opportunities for technology transfer within the commercial marketplace and employ evolutionary concepts to allow their approaches to maintain currency with emerging technology. Scalable, efficient, and interoperable approaches are encouraged. GENERAL INFORMATION: In order to minimize unnecessary effort in proposal preparation and review, proposers are strongly encouraged to submit brief proposal abstracts in advance of full proposals. An original and four (4) copies of the proposal abstract must be submitted to ARPA/ITO, ATTN: BAA 96-03, 3701 North Fairfax Drive, Arlington, VA 22203-1714, on or before 4:00 PM (EST), Monday, December 18, 1995. Proposal abstracts received after this date may not be reviewed. Upon review, ARPA will provide written feedback on the likelihood of a full proposal being selected. Proposers must submit an original and six (6) copies of full proposals to the administrative address for this BAA by 4:00 PM (EST), Friday, March 1, 1996, in order to be considered. Proposers must obtain a pamphlet, BAA 96-03 Proposer Information, which provides further information on the areas of interest, submission, evaluation, funding processes, proposal abstracts, and full proposal formats. This pamphlet may be obtained by fax, electronic mail, or mail request to the administrative contact address given below, as well as atURL address http://www.arpa.mil/Solicitations.html. Proposals not meeting the format described in the pamphlet may not be reviewed. This Commerce Business Daily notice, in conjunction with the pamphlet BAA 96-03 Proposer Information, constitutes the total BAA. No additional information is available, nor will a formal RFP or other solicitation regarding this announcement be issued. Requests for same will be disregarded. The Government reserves the right to select for award all, some, or none of the proposals received. All responsible sources capable of satisfying the Government's needs may submit a proposal which shall be considered by ARPA. Historically Black Colleges and Universities (HBCU) and Minority Institutions (MI) are encouraged to submit proposals and join others in submitting proposals. However, no portion of this BAA will be set aside for HBCU and MI participation due to the impracticality of reserving discrete or severable areas of information security research for exclusive competition among these entities. Evaluation of proposals will be accomplished through a scientific review of each proposal using the following criteria, which are listed in descending order of relative importance: (1) overall scientific and technical merit, (2) potential contribution and relevance to ARPA mission, (3) offeror's capabilities and related experience, (4) plans and capability to accomplish technology transition, and (5) cost realism. All administrative correspondence and questions on this solicitation, including requests for information on how to submit a proposal abstract or proposal to this BAA, must be directed to one of the administrative addresses below by 4:00 PM, February 23, 1996, e-mail or fax is preferred. ARPA intends to use electronic mail and fax for some of the correspondence regarding BAA 96-03. Proposals and proposal abstracts may not be submitted by fax, any so sent will be disregarded. The administrative addresses for this BAA are: Fax: 703-522-2668 Addressed to: ARPA/ITO, BAA 96-03, Electronic Mail: baa9603@arpa.mil, Electronic File Retrieval: http://www.ito.arpa.mil/Solicitations.html, Mail: ARPA/ITO, ATTN: BAA 96-03, 3701 N. Fairfax Drive, Arlington, VA 22203-1714 (0305)

Loren Data Corp. http://www.ld.com (SYN# 0001 19951102\A-0001.SOL)