PROGRAM OBJECTIVES AND DESCRIPTION. The Defense Advanced Research
Projects Agency (DARPA) is soliciting proposals for DARPA?s
Information Processing Technology Office to perform research,
development, modeling, design, and testing to support the
Self-Regenerative Systems (SRS) program. Network-centric warfare
demands robust systems that can respond automatically and dynamically
to both accidental and deliberate faults. Adaptation of
fault-tolerant computing techniques has made computing and information
systems intrusion-tolerant and much more survivable during cyber
attacks, but even with these advancements, a system will inevitably
exhaust all resources in the face of a sustained attack by a
determined cyber adversary. Computing systems and information systems
also have a tendency to become more fragile and susceptible to
accidental faults and errors over time if manually applied maintenance
or refresh routines are not administered regularly. The
Self-Regenerative Systems (SRS) program seeks to address these
deficiencies by creating a new generation of security and
survivability technologies. These ?fourth-generation? technologies
will bring attributes of human cognition to bear on the problem of
reconstituting systems that suffer the accumulated effects of
imperfect software, human error, and accidental hardware faults, or
the effects of a successful cyber attack. The overarching goals of
the SRS program are to implement systems that always provide critical
functionality and show a positive trend in reliability, actually
exceeding initial operating capability and approaching a theoretical
optimal performance level over long time intervals. Desired
capabilities include self-optimization, self-diagnosis, and
self-healing; it will be important for systems to support
self-awareness and reflection in order to achieve these capabilities.
The approach of this program to constructing self-regenerative systems
that meet the above needs is to create fourth generation survivability
and security mechanisms to complement received first-generation
security mechanisms (trusted computing bases, encryption,
authentication and access control), second-generation security
mechanisms (boundary controllers, intrusion detection systems, public
key infrastructure, biometrics) and third-generation security and
survivability mechanisms (real-time execution monitors, error
detection and damage prevention, error compensation and repair).
Among other things, new fourth generation technologies will draw on
biological metaphors such as natural diversity and immune systems to
achieve robustness and adaptability, the structure of organisms and
ecosystems to achieve scalability, and human cognitive attributes
(reasoning, learning and introspection) to achieve the capacity to
predict, diagnose, heal and improve the ability to provide service.
The vulnerabilities of computing and information systems addressed by
this program include mobile/malicious code, denial-of-service attacks,
and misuse and malicious insider threats, as well as accidental faults
introduced by human error and the problems associated with software
aging. The program will build on the advances made in earlier programs
addressing the DoD?s operational needs for information systems, such
as the ability to operate through attacks, maintenance of critical
functionality, graceful degradation of non-critical functions in the
face of intrusions and attacks when full functionality cannot be
maintained, and the ability to dynamically trade off security,
performance and functionality as a function of threat.
Fault-tolerant systems deal with accidental faults and errors while
intrusion-tolerant systems cope with malicious, intentional faults
caused by an intelligent adversary. Combining fault- and
intrusion-tolerance technologies produces very robust and survivable
systems, but these techniques depend upon resources that may
eventually be depleted beyond the point required to maintain critical
system functionality. The fourth generation technologies we seek will
reconstitute and reconfigure these resources in such a manner that the
systems are better protected in the process, reliability is
continually improved as vulnerabilities and software bugs are
discovered and fixed autonomously, and the ability to provide critical
services is never lost.
Assessment and validation of self-regenerative approaches will be
carried out to determine their efficacy. The challenge here is that
security and survivability requirements have heretofore defied
quantification and analytical approaches. Progress made in creating a
practical framework for validating intrusion-tolerance techniques will
be built upon and extended to validate SRS technologies.
The first phase of this effort is planned to be 18 months long. This
is a solicitation for Phase I only. If results are promising, a Phase
II follow-on program is a possibility.
Phase I program goals are to create the core technologies needed to
design and develop systems that provide 100% critical functionality at
all times in spite of attacks; for a system to learn its own
vulnerabilities over time, to ameliorate those vulnerabilities, to
regenerate service after attack, and ultimately, to improve its
survivability over time. The ultimate goal at the end of a Phase II
program would be to achieve sufficient system robustness and
regenerative capacity to provide 100 per cent availability of critical
functionality and system integrity in the face of sustained malicious
attacks and accidental faults.
There will be four major research thrusts in the Phase I technology
development of the program. These areas, along with their success
criteria, are as follows:
Biologically-inspired diversity. This research thrust area will
create a genetically diverse computing fabric in which diversity
limits the impact of any given vulnerability. Coarse-grained
diversity (e.g., using several different operating systems or server
software packages in an architecture) has been used to achieve
intrusion tolerance, but that approach was limited by the relatively
small number of manually-created interchangeable operating systems,
server packages, and similar software components. The technical
approach of the SRS program is to achieve fine-grained diversity at
the module level to remove common vulnerabilities and to automatically
generate numerous diverse software versions. The success criterion
for this thrust is the automatic production of 100
functionally-equivalent versions of a software component with no more
than 33 having the same deficiency.
Cognitive immunity and self-healing. This research thrust area will
show automated cyber immune response and system regeneration. The
technical approach will include biologically-inspired response
strategies, machine learning, and cognitively-inspired proactive
automatic contingency planning. The success criterion for this thrust
is the accurate diagnosis of at least 10% of the root causes of system
problems and automatic effective corrective action for at least half
of those diagnoses.
Granular, scalable redundancy. This research thrust area will
increase the practicality of redundancy techniques by dramatically
reducing the time required to achieve consistency among replicas after
an update. This thrust area will attack the consistency problem in
two distinct sub-areas?a centralized server setting, and a distributed
publish/subscribe setting. Performers who propose to the scalable
redundancy thrust area may address either or both sub-areas. Success
criteria here include the following: in the centralized server
setting, attain a three-fold reduction in latency for achieving
consistency of replicated data while tolerating up to five Byzantine
failures; in the distributed publish/subscribe setting, attain a
fifteen-fold reduction in latency for achieving consistent values of
data shared among one hundred to ten thousand participants while using
robust epidemic algorithms, where all participants can send and
receive events.
Reasoning about the insider threat to preempt insider attacks and
detect system overrun. The technical approach will include inferring
user goals, enabling anomaly detection, and combining and correlating
information from system layers, direct user challenges, etc. The
success criterion for this thrust is the thwarting or delaying of at
least 10% of insider attacks.
These research areas will explore techniques that span the spectrum
from autonomic/reflexive response through and including introspection
and learning. Proposals should address only one research thrust area.
A proposer may submit multiple proposals. The success criteria for
the four thrust areas constitute the program?s gating evaluation
criteria for the possibility of a Phase II follow-on program. They
are minimum requirements to gain confidence that self-regenerative
systems are feasible. A Phase II program would seek much higher
levels of performance. Phase I offerors are strongly encouraged to
aim for performance that exceeds these criteria where possible.
It is envisioned that a Phase II program would integrate the more
promising techniques into an exemplar system prototype to demonstrate
the advantages of implementing these technologies in high value
critical applications. The system demonstrated would exhibit the
fourth generation capabilities of self-optimization, self-awareness,
self-diagnosis, self-healing and reflection..
Offerors must state in their proposals a plan for providing
deliverables for installation, training, manuals, etc. required for
evaluation by the testing facility, as well as travel costs. Offerors
should support the technical feasibility of their concept or idea and
discuss the future development of their ideas, validation and
transition.
TEST AND EVALUATION. Performers will test and evaluate their
technologies using their own facilities and report results at PI
meetings. In addition, performers will provide software distributions
and will document all test and evaluation choices and procedures
(hardware, software environment, scenario, etc.) with enough clarity
for a third party to repeat the evaluations. Regarding test and
evaluation, an Independent Evaluation Team (IET) will collaborate with
performers to foster out-of-the-box thinking and sharing of results
among performers and the larger research community. Because progress
in the scalable, granular redundancy research thrust area is relative
to a baseline that is very sensitive to the testing environment,
performers in that area will construct a testbed environment,
establish a test procedure, test the best available techniques to
determine baseline performance in that testbed, and report their
baseline results at the first PI meeting. Testing and evaluation for
granular, scalable redundancy techniques developed in Phase I will be
conducted on an identical testbed.
PROGRAM SCOPE. Proposed research should investigate innovative
approaches and techniques that lead to or enable revolutionary
advances in the state-of-the-art. Proposals are not limited to the
specific strategies listed above, and alternative visions will be
considered. However, proposals should be for research that
substantially contributes towards the goals stated. Specifically
excluded is research that primarily results in minor evolutionary
improvement to the existing state of practice or focuses on
special-purpose systems or narrow applications.
This solicitation is for Phase I only. A separate full and open
solicitation is possible at a later date for a Phase II program.
Offerors should not propose a base effort exceeding 18 months. Any
such proposal doing so may be disregarded. Options for up to an
additional twelve months over the base period will be acceptable. Any
offeror may submit a proposal in accordance with the requirements and
procedures identified in this BAA. These requirements and procedures
include the form and format for proposals. Phase I is planned to be
unclassified, but Phase II is likely to be a classified program.
Offerors who desire to be able to participate in a possible Phase II
program are encouraged to be willing and able to obtain appropriate
security clearances.
GENERAL INFORMATION
This Broad Agency Announcement (BAA) requires completion of a BAA
Cover Sheet for each Proposal prior to submission. This cover sheet
can be accessed at the following URL:
http://www.dyncorp-is.com/BAA/index.asp?BAAid=03-44
After finalizing the BAA Cover Sheet, the proposer must print the BAA
Confirmation Sheet that will automatically appear on the web page.
Each proposer is responsible for printing the BAA Confirmation Sheet
and attaching it to every copy. The Confirmation Sheet should be the
first page of the Proposal. If a proposer intends on submitting more
than one Proposal, a unique UserId and password must be used in
creating each BAA Cover Sheet. Failure to comply with these
submission procedures may result in the submission not being
evaluated.
Security classification guidance on a DD Form 254 (DoD Contract
Security Classification Specification) will not be provided at this
time since DARPA is soliciting ideas only. After reviewing incoming
proposals, if a determination is made that contract award may result
in access to classified information, a DD Form 254 will be issued upon
contract award. If you choose to submit a classified proposal you
must first receive the permission of the Original Classification
Authority to use their information in replying to this BAA.
NEW REQUIREMENTS/PROCEDURES: The Award Document for each proposal
selected and funded will contain a mandatory requirement for
submission of DARPA/IPTO Quarterly Status Reports and an Annual
Project Summary Report. These reports will be submitted
electronically via the DARPA/IPTO Technical-Financial Information
Management System (T-FIMS), utilizing the government-furnished Uniform
Resource Locator (URL) on the World Wide Web (WWW). Further details
may be found in the Proposer Information Pamphlet (PIP).
PROPOSAL FORMAT
Proposers must submit an original and 3 copies of the full proposal
and 2 electronic copies (i.e., 2 separate disks) of the full proposal
(in PDF or Microsoft Word 2000 for IBM-compatible format on a 3.5-inch
floppy disk, 100 MB Iomega Zip disk or cd). Mac-formatted disks will
not be accepted. Each disk must be clearly labeled with BAA 03-44,
proposer organization, proposal title (short title recommended) and
Copy number of 2. The full proposal (original and designated number
of hard and electronic copies) must be submitted in time to reach
DARPA by 4:00 PM (ET) Wednesday, November 26, 2003, in order to be
considered during the initial evaluation phase. However, BAA 03-44,
SRS will remain open until 12:00 NOON (ET) September 24, 2004. Thus,
proposals may be submitted at any time from issuance of this BAA
through September 24, 2004. While the proposals submitted after the
Wednesday, November 26, 2003, deadline will be evaluated by the
Government, proposers should keep in mind that the likelihood of
funding such proposals is less than for those proposals submitted in
connection with the initial evaluation and award schedule. DARPA will
acknowledge receipt of submissions and assign control numbers that
should be used in all further correspondence regarding proposals.
Proposers must obtain the BAA 03-44 Proposer Information Pamphlet
(PIP), which provides further information on the areas of interest,
submission, evaluation, funding processes, and proposal formats. This
pamphlet will be posted directly to FedBizOpps.gov and may also be
obtained at URL address
http://www.darpa.mil/ipto/Solicitations/solicitations.htm. Proposals
not meeting the format described in the pamphlet may not be reviewed.
This notice, in conjunction with the BAA 03-44 PIP and all references,
constitutes the total BAA. No additional information is available,
nor will a formal RFP or other solicitation regarding this
announcement be issued. Requests for same will be disregarded.
The Government reserves the right to select for award all, some, or
none of the proposals received.
All responsible sources capable of satisfying the Government's needs
may submit a proposal that shall be considered by DARPA. Historically
Black Colleges and Universities (HBCUs) and Minority Institutions
(MIs) are encouraged to submit proposals and join others in submitting
proposals. However, no portion of this BAA will be set aside for HBCU
and MI participation due to the impracticality of reserving discrete
or severable areas of this research for exclusive competition among
these entities.
Evaluation of proposals will be accomplished through a scientific
review of each proposal, using the following criteria, which are
listed in descending order of relative importance:
(1) Overall Scientific and Technical Merit: The overall scientific and
technical merit must be clearly identifiable and compelling. The
technical concept should be clearly defined, developed and defensibly
innovative. Emphasis should be placed on the technical excellence of
the development and experimentation approach.
(2) Innovative Technical Solution to the Problem: Proposed efforts
should apply new or existing technology in an innovative way such as
is advantageous to the objectives. The plan on how the offeror
intends to get developed technology artifacts and information to the
user community should be considered. The offeror shall specify
quantitative experimental methods and metrics by which the proposed
technical effort?s progress shall be measured.
(3) Potential Contribution and Relevance to DARPA/IPTO Mission: The
offeror must clearly address how the proposed effort will meet the
goals of the undertaking and how the proposed effort contributes to
significant advances to the DARPA/IPTO mission.
(4) Offeror's Capabilities and Related Experience: The qualifications,
capabilities, and demonstrated achievements of the proposed principals
and other key personnel for the primary and subcontractor
organizations must be clearly shown.
(5) Plans and Capability to Accomplish Technology Transition: The
offeror should provide a clear explanation of how the technologies to
be developed will be transitioned to capabilities for military forces.
Technology transition should be a major consideration in the design of
experiments, particularly considering the potential for involving
potential transition organizations in the experimentation process.
(6) Cost Realism: The overall estimated cost to accomplish the effort
should be clearly shown as well as the substantiation of the costs for
the technical complexity described. Evaluation will consider the
value to Government of the research and the extent to which the
proposed management plan will effectively allocate resources to
achieve the capabilities proposed. Cost is considered a substantial
evaluation criterion but secondary to technical excellence.
All administrative correspondence and questions on this solicitation,
including requests for information on how to submit a proposal to this
BAA, must be received at one of the administrative addresses below by
12:00 NOON (ET) September 10, 2004; e-mail or fax is preferred. DARPA
intends to use electronic mail and fax for some of the correspondence
regarding BAA 03-44. Proposals MUST NOT be submitted by fax or
e-mail; any so sent will be disregarded. All proposals,
administrative correspondence, and questions submitted in response to
this solicitation must be in the English language. Submissions
received in other than English shall be rejected.
Restrictive notices notwithstanding, proposals may be handled, for
administrative purposes only, by a support contractor. This support
contractor is prohibited from competition in DARPA technical research
and is bound by appropriate non-disclosure requirements. Input on
technical aspects of the proposals may be solicited by DARPA from
non-Government consultants/experts who are bound by appropriate
non-disclosure requirements. Non-Government technical
consultants/experts will not have access to proposals that are labeled
by their offerors as ?Government Only.? While non-government
personnel may review proposals, contractors will not be used to
conduct evaluations or analyses of any aspect of a proposal submitted
under this BAA, unless one of the three conditions identified in FAR
37.203(d) applies.
The administrative addresses for this BAA are:
Fax: (703) 741-7804 Addressed to: DARPA/IPTO, BAA 03-44
Electronic Mail: BAA03-44@darpa.mil
Electronic File Retrieval: http://www.darpa.mil/ipto/Solicitations/solicitations.htm
Mail to: DARPA/IPTO
ATTN: BAA 03-44
3701 N. Fairfax Drive
Arlington, VA 22203-1714
