Defense Advanced Research Projects Agency (DARPA), Contracts Management Office (CMO), 3701 N. Fairfax Dr., Arlington VA 22203-1714

A -- SURVIVABILITY OF LARGE SCALE INFORMATION SYSTEMS SOL BAA96-40 DUE 011097 POC Dr. Howard Shrobe, DARPA/ITO, FAX: (703) 522-7161. SURVIVABILITY OF LARGE SCALE INFORMATION SYSTEMS SOL BAA96-40 DUE 011097 POC Dr. Howard Shrobe, DARPA/ITO, FAX: (703) 522-7161. The Defense Advanced Research Projects Agency (DARPA) is soliciting proposals for research and new technology development related to the survivability of large-scale information systems whose continuous operation is critical to the defense and well-being of the nation. The focus of this BAA is on the distinct issue of ''survivability.'' Survivability of an information system means that the system as a whole continues to perform its critical functions even when individual elements are compromised. Naturally occurring models of survivable systems are provided by biological organisms, populations, and societies. This research program uses these examples for metaphors and guidance about how to design survivable information systems. Research is sought in the following areas: 1. PUBLIC HEALTH & IMMUNE SYSTEMS: Biological systems have mechanisms for detecting attacks by infectious agents, recognizing the spread of infection, developing means to limit the spread of infection, and to fight off and prevent reinfection. Techniques used range from highly distributed and locally autonomous to hierarchic and centralized. Proposals are sought for research into creating analogous mechanisms for large scale computational ''systems of systems.'' Areas addressed may include any of the following: intrusion detection, diagnosis of the pattern of a coordinated attack, mechanisms for obtaining additional information about an attack, and mechanisms for secure, robust and authenticated coordination and communication between elements of the overall system which participate in the public health function. Proposed mechanisms must address the issue of how to verify the authenticity of the provider of the response to an attack. 2. ADAPTIVE ARCHITECTURES FOR SURVIVABLE SYSTEMS: Survivable systems must continue performing their critical functions after sustaining loss of computational resources and data. Proposals are sought for research into organizing large scale systems of systems so that remaining resources are preferentially allocated to more important tasks. Solutions may be situated within a distributed object environment (for example, CORBA) in which applications are decomposed into service layers and each service is potentially provided by many servers. Each provider of the service also provides a service description including quality of service and characteristics of the results produced. Possible solutions include (but are not limited to): a) Economic mechanisms that regulate the allocation of services to applications by establishing a price for individual computational services and budgets for potential consumers, and b) Locally adaptive mechanisms which achieve overall policy objectives as emergent behavior by guiding the choice to tasks to be performed by each individual computational resource. Since different servers may provide results with varying characteristics, solutions should address the question of how consumers of the services can track the pedigree of results and guarantee that results will not be applied inappropriately. 3. TECHNIQUES FOR CREATING VARIABILITY AND DIVERSITY: In current computational systems, there is a high degree of dependence on a small number of operating systems, networking environments, etc. This means that a single flaw is replicated in virtually all computational elements. Proposals are sought for affordable techniques to engender variability within the computational mix. These might include: a) techniques for creating alternative implementations of the main APIs of a system and for combining these into a large variety of alternative implementations of the overall design, b) techniques for dynamic run time optimization of code to the available computational mix so that different instances of a common system are distinct, c) techniques for providing different implementations of common services in a distributed object model and varying the selection of service providers, and d) techniques for varying the memory layout or compiled code formats of different copies of the same software. PROGRAM SCOPE: Proposals will be considered in each of the above areas as well as across multiple areas. Proposed research should investigate innovative, scalable approaches that lead to or enable revolutionary advances in the state of the art. Specifically excluded is research which primarily results in incremental improvement to the existing state of practice or focuses on a specific system or hardware solution. Topics are not limited to those outlined above. When appropriate, new concepts are to be demonstrated by means of prototypes or reference implementations. Proposals may range from small-scale efforts that are primarily theoretical in nature, to medium-scale experimental and prototyping efforts of hardware and/or software, to larger-scale integrated systems efforts. Proposals may involve other research groups or industrial cooperation and cost sharing. Collaborative efforts and teaming are encouraged when this provides true synergy. Proposed efforts should not exceed three years in length. Technologies which have a broad impact on military capability will be given highest priority. Some Government Furnished Equipment and Information (GFE) may be available: FORTEZZA cryptographic cards and PCMCIA card readers (up to 5 per contract), the FORTEZZA C Library and device drivers (for selected platforms only), and the FORTEZZA Applications Developers Guide (provided the Offeror signs an agreement not to export any source code found in the Developers Guide.) FORTEZZA information is available at http://www.armadillo.huntsville.al.us. Additional Cryptographic Applications Interface (CAI) software may be available to facilitate the interface of the FORTEZZA card to applications. Source code is also available for NSA's Synergy modular systems framework for constructing secure systems which respond to a configurable security policy and negotiate security services with peers. Proposers may request the use of such GFE, but must describe alternatives they would use in the event this GFE is not available. Projects will be awarded under this BAA for Fiscal Year 1997 & 1998 starts. Proposers are strongly encouraged to include tasks that evaluate the survivability and robustness of their resulting prototypes under realistic scenarios. Proposals should identify opportunities for technology transfer within the commercial marketplace and employ evolutionary concepts to allow their approaches to maintain currency with emerging technology. GENERAL INFORMATION: In order to minimize unnecessary effort in proposal preparation and review, proposers are strongly encouraged to submit brief proposal abstracts in advance of full proposals. An original and six copies of the proposal abstract must be submitted to DARPA/ITO, ATTN: BAA 96-40, 3701 North Fairfax Drive, Arlington, VA 22203-1714, on or before 4:00 PM (ET), Friday, October 18, 1996, to guarantee review. Upon review, DARPA will provide written feedback on the likelihood of a full proposal being selected. Proposers must submit an original and six copies of full proposals to the administrative address for this BAA by 4:00 PM (ET), Friday, January 10, 1997 in order to be considered. Proposers must obtain a pamphlet, BAA 96-40 Proposer Information, which provides further information on the areas of interest, submission, evaluation, funding processes, proposal abstracts, and full proposal formats. This pamphlet may be obtained by fax, electronic mail, or mail request to the administrative contact address given below, as well as at URL address http://www.darpa.mil/Solicitations.html. Proposals not meeting the format described in the pamphlet may not be reviewed. This Commerce Business Daily notice, in conjunction with the pamphlet BAA 96-40 Proposer Information, constitutes the total BAA. No additional information is available, nor will a formal RFP or other solicitation regarding this announcement be issued. Requests for same will be disregarded. The Government reserves the right to select for award all, some, or none of the proposals received. All responsible sources capable of satisfying the Government's needs may submit a proposal which shall be considered by DARPA. Historically Black Colleges and Universities (HBCU) and Minority Institutions (MI) are encouraged to submit proposals and join others in submitting proposals. However, no portion of this BAA will be set aside for HBCU and MI participation due to the impracticality of reserving discrete or severable areas of information security research for exclusive competition among these entities. Evaluation of proposals will be accomplished through a scientific review of each proposal using the following criteria, which are listed in descending order of relative importance: (1) overall scientific and technical merit, (2) potential contribution and relevance to DARPA mission, (3) offeror's capabilities and related experience, (4) plans and capability to accomplish technology transition, and (5) cost realism. All administrative correspondence and questions on this solicitation, including requests for information on how to submit a proposal abstract or proposal to this BAA, must be directed to one of the administrative addresses below by 4:00 PM (ET), January 3, 1997, e-mail or fax is preferred. DARPA intends to use electronic mail and fax for some of the correspondence regarding BAA 96-40. Proposals and proposal abstracts may not be submitted by fax, any so sent will be disregarded. The administrative addresses for this BAA are: Fax: 703-522-7161 Addressed to: DARPA/ITO, BAA 96-40, Electronic Mail: baa9640@darpa.mil, Electronic File Retrieval: http://www.ito.darpa.mil/Solicitations.html, Mail: DARPA/ITO, ATTN: BAA 96-40, 3701 N. Fairfax Drive, Arlington, VA 22203-1714 (0239)

Loren Data Corp. http://www.ld.com (SYN# 0001 19960827\A-0001.SOL)