University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Slides:



Advertisements
Similar presentations
Connected Health Framework
Advertisements

-Grids and the OptIPuter Software Architecture Andrew A. Chien Director, Center for Networked Systems SAIC Chair Professor, Computer Science and Engineering.
All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
CS 795 – Spring  “Software Systems are increasingly Situated in dynamic, mission critical settings ◦ Operational profile is dynamic, and depends.
Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science
Objektorienteret Middleware Presentation 2: Distributed Systems – A brush up, and relations to Middleware, Heterogeneity & Transparency.
ICT 1 “Putting Context in Context: The Role and Design of Context Management in a Mobility and Adaptation Enabling Middleware” Marius Mikalsen Research.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
Azad Madni Professor Director, SAE Program Viterbi School of Engineering Platform-based Engineering: Rapid, Risk-mitigated Development.
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
Software Engineering and Middleware: a Roadmap by Wolfgang Emmerich Ebru Dincel Sahitya Gupta.
Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.
SensIT PI Meeting, April 17-20, Distributed Services for Self-Organizing Sensor Networks Alvin S. Lim Computer Science and Software Engineering.
Wireless Directions University of California, Davis Wireless Technology Team February, 2001.
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
1 Exploring Data Reliability Tradeoffs in Replicated Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh Matei Ripeanu.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Effective Methods for Software and Systems Integration
Ch 1. Mobile Adaptive Computing Myungchul Kim
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
1 System Models. 2 Outline Introduction Architectural models Fundamental models Guideline.
Presenter: Dipesh Gautam.  Introduction  Why Data Grid?  High Level View  Design Considerations  Data Grid Services  Topology  Grids and Cloud.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Scalable Systems Software Center Resource Management and Accounting Working Group Face-to-Face Meeting June 13-14, 2002.
ARGONNE  CHICAGO Ian Foster Discussion Points l Maintaining the right balance between research and development l Maintaining focus vs. accepting broader.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.
Ohio State University Department of Computer Science and Engineering 1 Cyberinfrastructure for Coastal Forecasting and Change Analysis Gagan Agrawal Hakan.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.
Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.
An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.
Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Agile Survivable Store PIs: Mustaque Ahamad, Douglas M. Blough, Wenke Lee and H.Venkateswaran PhD Students: Prahlad Fogla, Lei Kong, Subbu Lakshmanan,
Reconsidering Internet Mobility Alex C. Snoeren, Hari Balakrishnan, M. Frans Kaashoek MIT Laboratory for Computer Science.
1 IA&S IA&S Roadmap and ITS Direction Dr. Jay Lala ITS Program Manager 23 February, 2000.
The Replica Location Service The Globus Project™ And The DataGrid Project Copyright (c) 2002 University of Chicago and The University of Southern California.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
9 Systems Analysis and Design in a Changing World, Fourth Edition.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
Department of Electronic Engineering Challenges & Proposals INFSO Information Day e-Infrastructure Grid Initiatives 26/27 May.
CORBA1 Distributed Software Systems Any software system can be physically distributed By distributed coupling we get the following:  Improved performance.
Randomized Failover Intrusion- Tolerant Systems (RFITS) Ranga Ramanujan, Maher Kaddoura, Carla Marceau, Clint Sanders, Doug Harper, David Baca Architecture.
Shuman Guo CSc 8320 Advanced Operating Systems
Optical Architecture Invisible Nodes, Elements, Hierarchical, Centrally Controlled, Fairly Static Traditional Provider Services: Invisible, Static Resources,
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Programming Sensor Networks Andrew Chien CSE291 Spring 2003 May 6, 2003.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Tolerating Intrusions Through Secure System Reconfiguration Dennis Heimbigner and Alexander Wolf University of Colorado at Boulder John Knight University.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
UCI Large-Scale Collection of Application Usage Data to Inform Software Development David M. Hilbert David F. Redmiles Information and Computer Science.
Juan Alapin Alon Shahaf Traditional WSN “Sensor Clould” Other stuff??!?
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
MicroGrid Update & A Synthetic Grid Resource Generator Xin Liu, Yang-suk Kee, Andrew Chien Department of Computer Science and Engineering Center for Networked.
Software Defined Datacenter – from Vision to Solution
Chapter 1 Characterization of Distributed Systems
Mobile Agents.
Presentation transcript:

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability Andrew A. Chien UC San Diego Riccardo Bettati Texas A&M AFRL F OASIS PI Meeting, August 19, 2002

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20022 Outline Motivation and Goals Agile Objects Project Agile Objects Recent Progress »Naming Services »Application for DDoS Tolerance

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20023 Context Static Distributed Software Architectures (nearly) »Fixed points of access, deployment, resource dependence System/Firewall/Sandbox/Domain based Security »Resource and containment oriented Security Architecture based on Anticipated Deployment Structures => Flexibility and reconfiguration to enhance survivability Our Focus: Flexible Configuration of Distributed C 3 I Systems (Real- time, High Performance, Mission-Critical Online systems) »E.g. Aegis Battle Cruiser, Theatre Command/Information system, etc. »High bandwidth networks, rich resource environment

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20024 Agile Objects Middleware for survivable component based distributed applications »Large number of distributed components, extensive communication via RPC »Ex: large distributed Java or.NET application Survivability to distributed applications based on »High performance RPC; Configuration independent performance »Agile configuration changes in response to resource loss or compromise

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20025 Elusive Applications, Rapid Reconfiguration Resource loss due to compromise, physical damage, or change in security status Rapid Change of Location and Interface, “Elusiveness” »reconfiguration to increase survivability in response to attacks »preserving real-time performance Nasty Virus Attack Elevated Security Barrier Change of Protocol and Change of Interface

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20026 Technical Objectives Elusive Distributed Applications Location Elusiveness »Seamless boundary between Component and Distributed Object applications »Real-time framework allows performance transparent distributed reconfiguration »Replication supports fault tolerance, rapid reconfiguration, multi-version assurance and survivability Interface Elusiveness »Integrates security mechanisms with traditional object interface marshalling to achieve high performance –An adaptive security mechanism (there are many) »Adaptive security required with rapidly changing application configuration –=> also rapidly changing surrounding resource and security environment Transparent reconfiguration maintains performance and security properties »Incorporate software components without major effort Respond to critical Assurance and Survivability events fast (<< seconds) Respond to noisy intrusion information without negative impact

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20027 Assumptions and Scope What threats/attacks is your project considering? »Any that lead to compromise of nodes, networks, services »esp. object/component interface based attacks What assumptions does your project make? »Applications are component-based »Only some resources are compromised; segregation possible »Some warning (could be noisy) => Low impact techniques to respond What policies can your project enforce? »Application configuration Level of compromise of resources –Reflect Infocon level or resource status fast »Many that drive reconfiguration, decouple reconfiguration from complex analysis and performance

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20028 Challenges Location Elusiveness: Support rapid application mobility with »Performance insensitivity »Uniform resource access »Continuous real-time performance »=> make this possible for distributed applications Interface Elusiveness: Integrate data security with RPC »Support very high speed networks »Characterize EI interface configuration spaces and cost of data permutation approaches »High performance RPC on very high speed networks while protecting data

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20029 Previous Results Location Elusiveness »Low-latency RPC system (40 microseconds; as fast as local) »Multi-DCOM Prototype;Transparent replication; high performance Realtor Real-time Allocation Framework »Analytic Grounding »Implements rapid allocation while enforcing Real-time guarantees »Proactive resource allocation Interface Elusiveness »Analysis of interface space for sample distributed applications –Simple systems, 10 6 – configurations »Elusive Interfaces prototype and evaluation Tolerating a DDOS attack »Applying Agile Objects technology »Distributed Proxy Network »Back-end Agile Object Application

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Recent Progress Completion implementation of Elusive Interfaces Complete implementation of Realtor RT Allocator Analytical Performance Requirements for Naming and Migration Modeling of Distributed Denial of Service Attack and Survivability Demonstration

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ AO Naming Performance Requirements High Performance RPC and Migration enable rapid application reconfiguration »Major costs: state movement, naming updates How fast do the naming services have to be? »Support “continuous execution” »Support enable acceptable portion of time for “real computation” Range of analysis, synthetic benchmarks »Derive performance requirements, tradeoffs »Determine acceptable naming services performance (dramatically higher) => later combine with application structure Object Migration Naming Update Name Lookup RPC Overhead Application Work Traditional System Agile Objects ? ?

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ How much work can a migrating application get done? Vary Call Frequency »# calls/migration Vary name server performance Vary Migration cost => both are critical to getting reasonable efficiencies Ex: 100 null calls/migration Lookup 10 mics, migration cost 100 mics »~25% efficiency => Need very fast name servers and significant work for AO to work well

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ How does migration cost affect efficiency? Fast migration directly enables distribution at a finer object granularity

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ How does naming lookup cost affect efficiency? Low lookup overhead is critical for achieving high efficiency High name lookup overhead prohibits flexible application distribution (and more components/application)

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Naming Services Summary Low migration and RPC cost enable flexible deployment and application reconfiguration Use of migration for Location Elusiveness imposes stresses on the system »Naming lookup »Naming update => these services must be low-cost, scalable with ~ microsecond overheads to support rapid reconfiguration => we are evaluating approaches to achieve these performance requirements

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Proxy User Location Elusive Application AO Tolerating DDoS Attack Location Elusiveness uses reconfiguration to tolerate infrastructure-level attacks Proxies know application location Users do not know application location

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Modeling DDoS Attack Tolerance Detailed Approach (Location Elusiveness): »Applications live in Proxy Network name space »Users (including attackers) live in the IP name space »Proxies secure the mapping between name spaces –Indirection prevents direct infrastructure level attacks on applications »Dynamically reconfigure (proactively or reactively) – proxy network, migrate applications User Proxy Network Name Space Edge Proxy User App1 App2 App3 IP Name Space Sensor

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Multi-level Proxy Networks Location: mapping from IP to Proxy Name Spaces (Location Elusiveness) »Application can change its location due to security threat Location hiding in multiple levels »Distance to the edge corresponds to the chance of exposure (# of levels) »Distance can be changed dynamically (overhead vs. security) »Reconfiguration to contain the impact of attack Dynamic location – mapping from IP to Proxy namespace is dynamic => Model Analysis determines the key factors/issues proxy App Distance to edge Attackers Proxy Name Space IP Name Space Clients

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Modeling and Analysis Formalize DoS attack and delivered Application service Models for: »System –Proxy network (topology, scale, reconfiguration) –Application (migration) –Sensor (accuracy, performance) »Simple Attack model (scale, rate/prob. compromise, cost) »Cost model (cost of damage, reconfiguration) A cost-oriented analysis for DoS tolerance »Investment vs. attackers capabilities, likely attacks »Develop a system analysis, based on a set of models »Open to allow others to use different assumptions

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Key Factors Application Agility (cost of reconfig) Proxy network Complexity/Overhead Proxy network reconfiguration cost Application Performance Damage to Applications by attackers Attackers’ Capability/cost to compromise X Investment & Expected tolerance

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Summary Recent Progress »Location Elusiveness: High Performance RPC and Migration –Naming: Analytical performance requirements, initial implementations »Interface Elusiveness: framework and empirical evaluation, full implementation »Real-time Resource Framework: proactive, fast, implemented »Exploration of capabilities: Tolerating DDoS using AO, analytical modelling of attacker/defender tradeoffs Next Steps »Evaluation of multiple Naming/migration implementations »Continue to explore Elusive Interfaces tradeoffs/capabilities »System Experiments »Continue to explore AO capabilities to tolerate DDOS attacks

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/ Agile Objects Demo: Location Elusiveness Back-end Agile Objects application Migrates in AO resource pool Provides continuous service Front End Agile Objects Client, accesses Agile File Server Agile Object Applications Migrating AO Resource Pool Agile Object Clients

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200223

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.