News Release 

Cybersecurity researchers at Sandia Labs take spotlight at national showcase

DOE/Sandia National Laboratories

ALBUQUERQUE, N.M. -- Two Sandia National Laboratories computer scientists are earning national recognition for cybersecurity platforms they conceived. Adrian Chavez and Vince Urias were invited to pitch their software to investors, entrepreneurs and prospective customers at a special virtual event sponsored by the Department of Energy to accelerate the commercialization of federally developed technologies.

Combined, Chavez and Urias led the development of four of the technologies to be showcased.

"We're developing tools to even the playing field between cybersecurity analysts and hackers," Urias said. "Analysts are outnumbered, and hackers only need one vulnerability to get into a system and hide."

Chavez describes some of these tools as "frameworks for automated defenses that respond at machine speed instead of human speed," empowering defenders.

Cyber Capital Partners, a Washington, D.C.-based investment and consulting firm made the final selection of technologies and will host the event in support of the Department of Energy.

The Cybersecurity Technology Virtual Showcase runs July 21-30. People interested in attending can visit www.cybercp.com/doeinl to register.

CAPSec: Containerized Application Security for Realtime Software Upgrade and Patching

In an iconic scene from the movie Raiders of the Lost Ark, treasure hunter Indiana Jones deftly attempts to replace a small statue with a counterfeit without disrupting a sensitive array of booby traps.

Security upgrades for power grids, oil refineries, water pipelines and other critical infrastructure systems can sometimes be just as perilous. Taking software offline for updates can incur costly service disruptions, but putting off updates until scheduled maintenance leaves systems vulnerable to attack.

Chavez and his team have created an ability to continuously update software without any downtime, making these systems more secure without affecting the availability of critical systems.

Called Containerized Application Security for Realtime Software Upgrade and Patching, or CAPSec, the platform runs multiple copies of software simultaneously. One runs while another is updated. Then they seamlessly swap places without dropping any information.

Chavez will present CAPSec on July 30.

ADDSec: Artificial Diversity and Defense Security

Critical infrastructure environments are increasingly connected to the internet, creating new risks for cyberattacks. Yet they continue to use predictable communication paths, static configurations and unpatched software, all of which benefit adversaries.

Sandia has developed Artificial Diversity and Defense Security, or ADDSec, which automatically detects threats within industrial control system computing environments in real time. Machine-learning algorithms recognize anomalous behavior and then classify these anomalies into categories of attacks. The response approach randomizes IP addresses--numbers that identify the system's location on the internet--application port numbers and communication paths between computers, rendering useless any knowledge the hacker might have gained about the network when they return to deploy an attack.

Chavez will present ADDSec on July 23.

CHIRP: Cloud Hypervisor Forensics and Incident Response Platform

Businesses that use cloud-based services lose some degree of control over their cybersecurity because they don't have access to every part of the system.

One method to restore this visibility is the Cloud Hypervisor Forensics and Incident Response Platform, or CHIRP, a cloud-based platform that enables analysts to track and record attacker actions for forensic analysis. The platform may also be used to disrupt malicious copying, deleting, encrypting and relocating of data in a cloud-based environment.

A hypervisor is a link between a cloud service and its users.

The platform collects evidence when adversaries attempt to gain access to unauthorized information through malicious online activity and provides information to incident responders in real time without disturbing the user's work or alerting the intruder.

Urias will present CHIRP on July 28.

HADES: High-fidelity Adaptive Deception & Emulation System

Rather than simply blocking a discovered intruder, Sandia technology can ensnare them in an alternative reality. The High-fidelity Adaptive Deception & Emulation System feeds a hacker not what he needs to know but what he wants to believe.

The discovered hacker is led unobtrusively into HADES, where cloned virtual hard drives, memory and data sets simulate reality. Certain artifacts have been deliberately, but not obviously, altered.

When a hacker discovers the deception, they aren't in any better shape. The value of all their data is thrown into question, as they attempt to unravel how long they've been misled and which assets are real. They expose themselves and their techniques as they try to discern truth from fiction.

Urias will present HADES on July 23.


Sandia National Laboratories is a multimission laboratory operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy's National Nuclear Security Administration. Sandia Labs has major research and development responsibilities in nuclear deterrence, global security, defense, energy technologies and economic competitiveness, with main facilities in Albuquerque, New Mexico, and Livermore, California.

Sandia news media contact: Troy Rummler, trummle@sandia.gov, 505-249-3632

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.