Need Document description for Secure and confidential rule matching

Problem statement : system that would evaluate the pattern matching signatures in insecure environments without revealing either the signatures themselves or the portions of the corpus matched by those signatures. [ONLY SCRIPT DESCRIPTION ]

In the case of cyber-security, the classified information could describe the behaviours, methods and techniques used by actors whose identity is sensitive. It is possible for this information, or a portion thereof, to be encoded with enough precision to detect and monitor threat actors presence in network traffic and system telemetry, and thereby identify them via their cyber modus-operandi. [ONLY SCRIPT DESCRIPTION]

This work is to evaluate those rules in insecure environments without revealing either the signatures themselves or the network traffic matching those signatures.

Desired and considerations:
----------------------------------
Proposed solutions must:

1. Have the capability of matching a collection of simple rules on a corpus of unencrypted text.
2. Have rules as simple character strings.
3. Keep the rules confidential (encrypted) during the matching process.
4. Keep it impossible to deduce the rules by analyzing the execution of the instructions of the matching system during run time.
5. Keep the matching objects (objects that indicates which rule matched where in the corpus) confidential (encrypted). In other words, there is no way, for an unauthorized observer, to figure out what rule matched where in the corpus.
6. Provide mechanisms to encrypt/decrypt the signatures and the corresponding matching objects with a key that will only be available to individuals with the appropriate security clearance.
7. Provide a rule matching system that is running with integrity. The rules are matched without errors, exactly as the system would run without encryption.
8. Fit in a reduced form factor equivalent to 4 unit spaces in a standard data center rack.
9. Scale to support a higher number of signatures (target is 20 000)
10. Allow for more complex rule specification. The objective is to be able to replicate the Suricata (open-source IDS) rule specification language
11. Increasingly demonstrate the ability to support more complex signatures. For example, string matching with wild-cards, simple multi-criteria Boolean rules and regular expressions.
12. Be able to match signatures on unencrypted packetized network traffic (as opposed to a simple unencrypted text corpus)
13. Have the performance, given the reduced form factor, to match 20 000 signatures at a rate of 1 Gbits/s of packetized network traffic.
14. Have an algorithmic scalability relative to the number of strings, their length and the number of matches in the corpus has to match the complexity of the best multiple string matching algorithms that run without encryption. O(size_of_text + number_of_match_occurences_in_corpus)
.jpg are example (sorry for the french language).
About the recuiter
Member since May 20, 2018
James Stan
from Tlaxcala, Mexico

---

---

Looking for help? Checkout our video tutorial
How to search and apply for jobs

How to apply? Do you have more questions about the Job?
See frequently asked questions