MILCOM 2001 October 30 -- page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,

Slides:

Advertisements

Similar presentations

General introduction to Web services and an implementation example

Advertisements

1 12/16/98DARPA Intrusion Detection PI Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Distributed Systems Architectures Slide 1 1 Chapter 9 Distributed Systems Architectures.

Applications that Participate in their Own Defense (APOD) A BBN Technologies Project Sponsored by DARPA Under the FTN Program (Dr. Douglas Maughan) Monitored.

Common Object Request Broker Architecture (CORBA) By: Sunil Gopinath David Watkins.

CORBA - Common Object Request Broker Architecture.

1 23 March 00 APOD Review Applications that Participate in their Own Defense (APOD) Review Meeting 23 March 00 Presentation by: Franklin Webber, Ron Scott,

© Chinese University, CSE Dept. Distributed Systems / Distributed Systems Topic 1: Characterization and Design Goals Dr. Michael R. Lyu Computer.

Distributed Systems Architectures

1 12/10/03CCM Workshop QoS Engineering and Qoskets George Heineman Praveen Sharma Joe Loyall Richard Schantz BBN Technologies Distributed Systems Department.

1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

1 8/99 IMIC Workshop 6/22/2015 New Network ServicesJohn Zinky BBN Technologies The Need for A Network Resource Status Service IMIC Workshop 1999 Boston.

1 5/4/99ISORC ‘99 BBN Technologies An Object-level Gateway Supporting Integrated Property Quality of Service Rick Schantz John Zinky, David Karr, Dave.

OPX PI Meeting 2002 February page 1 Applications that Participate in their Own Defense (APOD) QuO Franklin Webber BBN Technologies.

TENA Test and Training Enabling Architecture. TENA TENA is used in range environments, often in the L portion of LVC Slightly different emphasis; small.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

1 4/20/98ISORC ‘98 BBN Technologies Specifying and Measuring Quality of Service in Distributed Object Systems Joseph P. Loyall, Richard E. Schantz, John.

1 05/01/02ISORC 2002 BBN Technologies Joe Loyall Rick Schantz, Michael Atighetchi, Partha Pal Packaging Quality of Service Control Behaviors for Reuse.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

DOT’98 Heidelberg 1 A. Hoffmann & M. Born Requirements for Advanced Distribution and Configuration Support GMD FOKUS Andreas Hoffmann & Marc Born

BBN Technologies Craig Rodrigues Gary Duzan QoS Enabled Middleware: Adding QoS Management Capabilities to the CORBA Component Model Real-time CCM Meeting.

1 21 July 00 Joint PI Meeting FTN Applications that Participate in their Own Defense (APOD) BBN Technologies Franklin Webber, Ron Scott, Partha Pal, Michael.

Intrusion Tolerance by Unpredictability and Adaptation Presented by: Partha Pal Ron Watro Franklin Webber Chris Jones William H. Sanders Michel Cukier.

1 2/18/99Quorum PI ‘99 BBN Technologies Quorum Distributed Objects Integration (QuOIN) Quorum PI Meeting Working Group Structure and Prepared Commentary.

1 Using Quality Objects (QuO) Middleware for QoS Control of Video Streams BBN Technologies Cambridge, MA Craig.

1 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Mechanisms and the APOD Red-team Experiments Chris Jones Michael Atighetchi, Partha Pal, Franklin.

1 06/00 Questions 10/6/2015 QoS in DOS ECOOP 2000John Zinky BBN Technologies ECOOP 2000 Workshop on Quality of Service in Distributed Object Systems

Wireless Access and Terminal Mobility in CORBA Dimple Kaul, Arundhati Kogekar, Stoyan Paunov.

CS 390- Unix Programming Environment CS 390 Unix Programming Environment Topics to be covered: Distributed Computing Fundamentals.

DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.

1 10/20/01DOA Application of the QuO Quality-of-Service Framework to a Distributed Video Application Distributed.

1 of of 25 3 of 25 ORBs (Object Request Broker) – A distributed software bus for communication among middleware services and applications – To.

WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

BBN Technologies a part of page 118 January 2001 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting January.

1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal,

1 06/ /21/2015 ECOOP 2000 Workshop QoS in DOSJohn Zinky BBN Technologies Quality Objects (QuO) Middleware Framework ECOOP 2000 Workshop QoS in DOS.

2001 July page 1 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting 2001 July 30 Franklin Webber QuO.

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Abhishek Bachchan Vishal Patangia

Introduction to CORBA University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January

1 10/23/98Lunchtime Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall, Rick Schantz, Rodrigo Vanegas, James Megquier,

Refining middleware functions for verification purpose Jérôme Hugues Laurent Pautet Fabrice Kordon

1 Applying Adaptive Middleware, Modeling, and Real-Time CORBA Capabilities to Ensure End-to- End QoS Capabilities of Video Streams BBN Technologies Cambridge,

Distributed Objects and Middleware. Sockets and Ports Source: G. Coulouris et al., Distributed Systems: Concepts and Design.

1 5/30/98LCR ‘98 BBN Technologies QoS Aspect Languages and their Runtime Integration Joseph P. Loyall, David E. Bakken, Richard E. Schantz, John A. Zinky,

OPERATING SYSTEM SUPPORT DISTRIBUTED SYSTEMS CHAPTER 6 Lawrence Heyman July 8, 2002.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

2001 November13 -- page 1 Applications that Participate in their Own Defense (APOD) Project Status Review Presentation to Doug Maughan Presentation by.

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

Distributed Object Frameworks DCE and CORBA. Distributed Computing Environment (DCE) Architecture proposed by OSF Goal: to standardize an open UNIX envt.

 Common Object Request Broker Architecture  An industry standard developed by OMG to help in distributed programming.

Integration of QoS-enabled Distributed Object Computing Middleware for Developing Next- Generation Distributed Applications By Krishnamurthy et Al. Presented.

© Chinese University, CSE Dept. Distributed Systems / Distributed Systems Topic 1: Characterization of Distributed & Mobile Systems Dr. Michael R.

1 BBN Technologies Quality Objects (QuO): Adaptive Management and Control Middleware for End-to-End QoS Craig Rodrigues, Joseph P. Loyall, Richard E. Schantz.

Complementary Methods for QoS Adaptation in Component-based Multi-Agent Systems MASS 2004 August 30, 2004 John Zinky, Richard Shapiro, Sarah Siracuse BBN.

1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting.

Networking Aspects in the DPASA Survivability Architecture: An Experience Report Michael Atighetchi BBN Technologies.

©Ian Sommerville 2000, Tom Dietterich 2001 Slide 1 Distributed Systems Architectures l Architectural design for software that executes on more than one.

1 09/25/02HPEC Workshop BBN Technologies Cambridge, Ma. Rick Schantz Joe Loyall Meeting the Demands of Changing Operating.

Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

CORBA Antonio Vasquez, John Shelton, Nidia, Ruben.

Middleware Policies for Intrusion Tolerance

Middleware in Context Prof. Dave Bakken Cpt. S 464/564 Lecture

Component-Based Software Engineering: Technologies, Development Frameworks, and Quality Assurance Schemes X. Cai, M. R. Lyu, K.F. Wong, R. Ko.

Middleware in Context Prof. Dave Bakken Cpt. S 464/564 Lecture

Quality-aware Middleware

Presentation transcript:

MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi, Joseph Loyall BBN Technologies QuO

MILCOM 2001 October page 2 Defense-Enabled Software Applications Some software applications can be given increased resistance to malicious attack even though the environment in which they run is untrustworthy. Any such application is “defense-enabled”.

MILCOM 2001 October page 3 Research On Defense Enabling Sponsored by DARPA/ATO Part of Fault-Tolerant Networking Program

MILCOM 2001 October page 4 A Distributed Military Application

MILCOM 2001 October page 5 A Cyber-Attack

MILCOM 2001 October page 6 An Abstract View Attacker Data Processing (Fusion, Analysis, Storage, Forwarding, etc.) Data User Data Source

MILCOM 2001 October page 7 Traditional Security Attacker Application Private Resources Private Resources Limited Sharing Trusted OSs and Network

MILCOM 2001 October page 8 Most OSs and Networks In Common Use Are Untrustworthy Attacker Application Private Resources Private Resources Limited Sharing OSs and Network

MILCOM 2001 October page 9 Cryptographic Techniques Can Block (Most) Direct Access to Application Attacker Application Private Resources Private Resources Limited Sharing OSs and Network CryptoCrypto

MILCOM 2001 October page 10 Attacker Raw Resources CPU, bandwidth, files... OSs and NetworkIDSsFirewalls Firewalls Block Some Attacks; Intrusion Detectors Notice Others Application CryptoCrypto

MILCOM 2001 October page 11 Application Attacker Raw Resources CPU, bandwidth, files... QoS Management CryptoCrypto OSs and NetworkIDSsFirewalls Defense-Enabled Application Competes With Attacker for Control of Resources

MILCOM 2001 October page 12 QuO Adaptive Middleware Technology QuO is DARPA Quorum developed middleware that provides: interfaces to property managers, each of which monitors and controls an aspect of the Quality of Service (QoS) offered by an application; specifications of the application’s normal and alternate operating conditions and how QoS should depend on these conditions. QuO has integrated managers for several properties: dependability (DARPA’s Quorum AQuA project) communication bandwidth (DARPA’s Quorum DIRM project) real-time processing (using TAO from UC Irvine/WUStL) security (using OODTE access control from NAI) QuO

MILCOM 2001 October page 13 QuO adds specification, measurement, and adaptation into the distributed object model Application Developer Mechanism Developer CLIENT Network operation() in args out args + return value IDL STUBS IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF CLIENT Delegate Contract SysCond Contract Network MECHANISM/PROPERTY MANAGER operation() in args out args + return value IDL STUBS Delegate SysCond IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF Application Developer QuO Developer Mechanism Developer CORBA DOC MODEL QUO/CORBA DOC MODEL

MILCOM 2001 October page 14 The QuO Toolkit Supports Building Adaptive Apps or Adding Adaptation to Existing Apps QuO aspect languages –Contract description language and adaptive behavior description language –Code generators that weave QuO code into Java and C++ applications System Condition Objects –Provide interfaces to resources, managers, and mechanisms QuO Runtime Kernel –Contract evaluator –Factory object which instantiates contract and system condition objects Instrumentation library QuO gateway –Insertion of special purpose transport layers and adaptation below the ORB CORBA IDL Code Generators Code Generators Contract Description Language (CDL) Adaptation Specification Language (ASL) QuO Runtime Delegates Contracts

MILCOM 2001 October page 15 Implementing Defenses in Middleware for simplicity: QoS concerns separated from functionality of application. Better software engineering. for practicality: Requiring secure, reliable OS and network support is not currently cost-effective. Middleware defenses will augment, not replace, defense mechanisms available in lower system layers. for uniformity: Advanced middleware such as QuO provides a systematic way to integrate defense mechanisms. Middleware can hide peculiarities of different platforms. for reuseability Middleware can support a wide variety of applications.

MILCOM 2001 October page 16 Security Domains Limit the Damage From A Single Intrusion hacked domain host router domain host router domain host

MILCOM 2001 October page 17 Replication Management Can Replace Killed Processes hacked domain host router domain host router domain host application component replicas QuO replica management

MILCOM 2001 October page 18 Bandwidth Management Can Counter Flooding Between Routers hacked domain host router domain host router domain host QuO bandwidth management RSVP reservation

MILCOM 2001 October page 19 Other Defense Mechanisms Dynamically change communication ports Dynamically change communication protocols

MILCOM 2001 October page 20 A Defense Strategy Coordinates Defense Mechanisms “if several IDS alarms on host H, tighten firewall on H” “if multiple crashes on host H, move application process replicas elsewhere” For example: Applications we have defense-enabled use a variety of such rules, implemented in QuO.

MILCOM 2001 October page 21 Validation Effectiveness of individual defense mechanisms has been tested in-house. Effectiveness of combined defense strategies will be measured by Red Team experiments.

MILCOM 2001 October page 22 Conclusion The technique of defense enabling is likely to increase the survivability of military applications and, because defenses are implemented in middleware, can be applied with relatively little effort.