Defense Advanced Research Projects Agency (DARPA), Contract Management Directorate (CMD), 3701 N. Fairfax Dr., Arlington, VA 22203-1714

A -- INTRUSION TOLERANT SYSTEMS SOL BAA 00-15 DUE 011000 POC Dr. Jaynarayan Lala, Program Manager, DARPA/ISO, e-mail address: jlala@darpa.mil; Ms. Algeria Tate, Contracting Officer, DARPA/CMD, e-mail address: atate@darpa.mil WEB: http://www.darpa.mil/baa, http://www.darpa.mil/baa. E-MAIL: BAA00-15@darpa.mil, BAA00-15@darpa.mil. The Defense Advanced Research Projects Agency (DARPA) is developing Information Assurance & Survivability (IA&S) technologies for next generation information systems that will support operations envisioned in Joint Vision 2010 (JV2010). The Defense Department's Joint Vision 2010 calls for information dominance in a high-tempo, tightly integrated multi-national environment. To gain dominant battlespace awareness, JV2010 stresses the need for information superiority: the capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do the same. JV2010 also stresses the need for integrating and improving interoperability with allied and coalition forces. To achieve this vision, highly effective Information Assurance and Survivability defense strategies, architectures, and mechanisms are needed to protect our own systems. DARPA seeks innovative systems approaches that are measurably effective against practical attacks. Confidence in effectiveness must be achieved through system-level arguments. The approaches should also support advanced functionality of future systems while maintaining a high level of confidence in the protection effectiveness. They should be cost-effective and scalable in three to five years. The IA&S suite is a closely coordinated group of programs consisting of the following: the Strategic Intrusion Assessment (SIA) program, the Intrusion Tolerant Systems (ITS) program, the Fault Tolerant Networks (FTN) program, the Dynamic Coalitions (DC) program, the Information Assurance (IA) program, the Information Assurance Science and Engineering Tools (IASET) program, the Autonomic Information Assurance (AIA) program, and the Cyber Command and Control (CC2) program. The programs will be coordinated by focusing on joint experimentation, sharing of laboratory facilities for experimentation, annual joint Principal Investigator meetings, and joint monthly meetings between DARPA Program Managers and Systems Integrators (for those programs with significant integration roles) to exchange information, enhance innovation, and reduce redundancy. Of the eight programs in the IA&S group, only the Intrusion Tolerant Systems program is of interest in this solicitation. The other seven programs, the SIA, IASET, FTN, AIA, CC2, DC, and IA are not part of this solicitation and will not be discussed further. PROGRAM OBJECTIVES AND SCOPE: Intrusion Tolerant Systems Program OBJECTIVE. The goals of the Intrusion Tolerant Systems Program are to conceive, design, develop, implement, demonstrate, and validate architectures, methods, and techniques that would allow fielding of intrusion resilient and intrusion tolerant systems. An intrusion tolerant system (ITS) is an information system that continues to function correctly and provide the intended user services in a timely manner even in the face of an attack. Such a system will detect information attacks that have successfully penetrated the outer layers of defenses provided by avoidance and preventive measures. The system will respond by taking actions that are necessary to enable continued correct functioning of critical applications. These actions may range from confinement of suspect code and data to reconfiguration of hardware and software resources. Function triage and resource reallocation may be performed to gracefully degrade system capabilities. Intrusion Tolerant Systems Program SCOPE. There are five major security attributes: confidentiality, integrity, availability, authentication, and non-repudiation. The ITS program will focus on maintaining data and program integrity and countering denial of service attacks. The systems of interest to the ITS program are the mission-critical elements of the Defense Information Infrastructure. These may range from small-scale embedded information systems to large, distributed networks of computers. TOPIC AREAS: (1) Tolerance Technologies: To make systems resilient to intrusions/attacks, it is necessary to provide a set of capabilities that are, in general, absent from COTS systems. Research proposals are sought that will identify intrusion tolerance capabilities and functions and propose architectural solutions to provide those capabilities and functions. The solutions must be characterized by a cost / benefit analysis. The cost may be measured in loss of performance, functionality, or affordability. The benefits are measured in increased integrity and availability. To utilize advanced attack warnings effectively, it is desirable to have tolerance mechanisms that can be invoked, perhaps at some additional temporary cost, to make mission-critical systems more resilient to attacks and move the system to a higher "INFOCON" readiness level. Novel architectures that can rapidly transform themselves into a higher level of resilience are, therefore, also of interest in this BAA. (2) Tolerance Triggers: Tolerance mechanisms may be active at all times or they may require a trigger to be invoked. Intrusion detectors being developed by other IA&S programs can certainly be used as a trigger. The state-of-the-art of Intrusion Detection Systems (IDS's) is such that a very high false alarm rate and a very low coverage of intrusions is the norm. This is expected to improve in the future. However, for mission-critical applications, even IDS's with a low false alarm rate, if used to trigger a reconfiguration, for example, may cause a self denial-of-service. Therefore, it is necessary to explore other avenues for invoking tolerance mechanisms that can augment intrusion detectors as triggers. Research proposals are sought that will result in innovative tolerance triggers. Ideally, such triggers would have a very high coverage, that is, a very high probability of detecting errors caused by intrusions/attacks and a zero false alarm rate. The errors should be detected at the earliest possible stages before they propagate throughout the system. For example, if the architecture relies on redundant elements for survival, then it is especially important that the error is detected before all replicas have been corrupted. It is also important to detect the errors before they affect the tolerance mechanisms. The proposals should also identify a methodology for evaluating the efficacy of the proposed tolerance triggers. Multidisciplinary approaches that combine the disciplines of security and fault tolerance are sought. By combining security and fault tolerance expertise, we expect to leverage the knowledge brought by both disciplines, extend the results and capabilities already developed in both areas, and avoid solving old problems with already-known solutions. (3) Alternative Innovative Intrusion Tolerance Technologies: Proposers are also encouraged to think beyond the above two topic areas and approaches and submit alternative innovative ideas that would meet the objectives of the ITS program, and are within the ITS program scope and time-frame. ADDITIONAL CONSIDERATIONS: Offerors should identify the specific area(s) they are addressing. In their proposals, they should describe the requirements of the area from their perspective, describe the key technical challenges and identify why they are a challenge. They should describe their approach and indicate why they will be successful, particularly if other approaches have not been. Proposals that address greater parts of the problem space, through innovative integration of component technologies, are highly desired. Technologies with broad application, e.g., apply in Unix and NT environments, are also of great interest. The following is the anticipated funding level ($ in millions) FY00 (4.5), FY01 (9.0), FY02 (14.0), FY03 (14.0). GENERAL INFORMATION: DARPA will not accept classified proposals to BAA 00-15. Abstracts in advance of actual proposals are not required, and will not be reviewed. Proposers must submit an original and two hard copies of full proposals as well as five disk copies in time to reach DARPA by 4:00 PM (local time), Monday, January 10, 2000, to be considered for the initial evaluation. Proposers must obtain a pamphlet, BAA 00-15 Proposer Information Pamphlet (PIP), which provides further information on the areas of interest, submission, evaluation, funding processes, and full proposal formats. This pamphlet will be available November 18, 1999, and may be obtained by electronic mail, or mail request to the administrative contact address given below, as well as at URL address http://www.darpa.mil/baa. Proposals not meeting the format described in the pamphlet may not be reviewed. This Commerce Business Daily notice, in conjunction with the pamphlet BAA 00-15, Proposer Information Pamphlet, constitutes the total BAA. No additional information is available, nor will a formal RFP or other solicitation regarding this announcement be issued. Requests for same will be disregarded. The Government reserves the right to select for award all, some, or none of the proposals received. All responsible sources capable of satisfying the Government's needs may submit a proposal that shall be considered by DARPA. Historically Black Colleges and Universities (HBCU) and Minority Institutions (MI) are encouraged to submit proposals and join others in submitting proposals. While no portion of this BAA can be set aside for HBCU and MI participation due to the impracticality of reserving discrete or severable areas of this research for exclusive competition among these entities, DARPA strongly advocates the involvement of the entire academic community to explore innovative solutions to this important technical problem. EVALUATION CRITERIA: Evaluation of proposals will be accomplished through a scientific review of each proposal using the following criteria, which are listed in descending order of relative importance: (1) Overall scientific and technical merit; (2) Innovative technical solution to the problem; (3) Potential contribution and relevance to DARPA mission; (4) Offeror's capabilities and related experience; (5) Plans and capability to accomplish technology transition; (6) Best value. ORGANIZATIONAL CONFLICT OF INTEREST: Awards made under this BAA are subject to the provisions of the Federal Acquisition Regulation (FAR) Subpart 9.5, Organizational Conflict of Interest. All offerors and proposed subcontractors must affirmatively state whether they are supporting any DARPA technical office(s) through an active contract or subcontract. All affirmations must state which office(s) the offeror supports and identify the prime contract number. Affirmations shall be furnished at the time of proposal submission to the Contracting Officer. All facts relevant to the existence or potential existence of organizational conflicts of interest, as that term is defined in FAR 9.501, must be disclosed. This disclosure shall include a description of the action the Contractor has taken, or proposes to take, to avoid, neutralize or mitigate such conflict. If the offeror believes that no such conflict exists, then it shall so state in this section. Restrictive notices notwithstanding, proposals may be handled, for administrative purposes only, by a support contractor. This support contractor is prohibited from competition in DARPA technical research and is bound by appropriate non-disclosure requirements. Only Government officials will evaluate. Posted 11/12/99 (W-SN400270). (0316)

Loren Data Corp. http://www.ld.com (SYN# 0008 19991116\A-0008.SOL)