Abstract: A computer-implemented method for quantitatively assessing a defense technique. The method includes executing a reasoning engine that receives as an input to the reasoning engine a query that includes an indicia of a defense technique to a computer security threat. The method further includes translating the defense technique into a propositional logic constraint on a queryable representation of a Boolean formula representing a model complied from a set of computer security threats and a set of defense techniques. The method also includes performing an assessment of the defense technique based on the propositional logic constraint on the queryable representation, to quantify the defense technique relative to a member of the set of computer security threats. The method further includes displaying a result of the assessment to indicate a level of security provided by the defense technique to the member.

Abstract: System and methods for communicating across a network comprise: a database containing high level security rules for the network; computing devices communicating on the network; a security rule translation module; event sensors configured to monitor and detect one or more events occurring on or relating to the network, and in response thereto, provide to the security rule translation module an indication of occurrence for each of the one or more security events. The security rule translation module may associate the security rules with the security events corresponding to the received indication, and produce a low-level security rule based on data from the high-level security rule and the received indication of occurrence of the security events. The system may also include switches coupled to receive the low-level security rules from the security rule translation module and enforce the low-level security rules on the network.

Abstract: A computer-implemented method for quantitatively assessing a defense technique. The method includes executing a reasoning engine that receives as an input to the reasoning engine a query that includes an indicia of a defense technique to a computer security threat. The method further includes translating the defense technique into a propositional logic constraint on a queryable representation of a Boolean formula representing a model complied from a set of computer security threats and a set of defense techniques. The method also includes performing an assessment of the defense technique based on the propositional logic constraint on the queryable representation, to quantify the defense technique relative to a member of the set of computer security threats. The method further includes displaying a result of the assessment to indicate a level of security provided by the defense technique to the member.

Abstract: System and methods for communicating across a network comprise: a database containing high level security rules for the network; computing devices communicating on the network; a security rule translation module; event sensors configured to monitor and detect one or more events occurring on or relating to the network, and in response thereto, provide to the security rule translation module an indication of occurrence for each of the one or more security events. The security rule translation module may associate the security rules with the security events corresponding to the received indication, and produce a low-level security rule based on data from the high-level security rule and the received indication of occurrence of the security events. The system may also include switches coupled to receive the low-level security rules from the security rule translation module and enforce the low-level security rules on the network.

Abstract: A system and method for the randomization of packet headers is disclosed. A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header. The controller also provides routing rules to the switches and routers in the network that allow these devices to properly route packets, even though the source and destination addresses are not present. In some embodiments, network devices that support software-defined networking (SDN) are employed. The number of times that a particular nonce is used may be variable. In some embodiments, a nonce is used for exactly one packet header. In this way, packets may traverse a network using nonces in place of actual source and destination addresses. Because the nonces are changed periodically, detection of traffic patterns is made significantly more difficult.

Abstract: A system and method for the randomization of packet headers is disclosed. A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header. The controller also provides routing rules to the switches and routers in the network that allow these devices to properly route packets, even though the source and destination addresses are not present. In some embodiments, network devices that support software-defined networking (SDN) are employed. The number of times that a particular nonce is used may be variable. In some embodiments, a nonce is used for exactly one packet header. In this way, packets may traverse a network using nonces in place of actual source and destination addresses. Because the nonces are changed periodically, detection of traffic patterns is made significantly more difficult.