1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal,

Slides:



Advertisements
Similar presentations
1 12/16/98DARPA Intrusion Detection PI Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall
Advertisements

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
Common Object Request Broker Architecture (CORBA) By: Sunil Gopinath David Watkins.
1 23 March 00 APOD Review Applications that Participate in their Own Defense (APOD) Review Meeting 23 March 00 Presentation by: Franklin Webber, Ron Scott,
A brief look at CORBA. What is CORBA Common Object Request Broker Architecture developed by OMG Combine benefits of OO and distributed computing Distributed.
CORBA Case Study By Jeffrey Oliver March March 17, 2003CORBA Case Study by J. T. Oliver2 History The CORBA (Common Object Request Broker Architecture)
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
A First Java ORB Application 1  Object Request Broker (ORB)  This is the object manager in CORBA  Mechanisms for specifying interfaces  Interface Definition.
1 8/99 IMIC Workshop 6/22/2015 New Network ServicesJohn Zinky BBN Technologies The Need for A Network Resource Status Service IMIC Workshop 1999 Boston.
A Mobile Agent Infrastructure for QoS Negotiation of Adaptive Distributed Applications Roberto Speicys Cardoso & Fabio Kon University of São Paulo – USP.
1 5/4/99ISORC ‘99 BBN Technologies An Object-level Gateway Supporting Integrated Property Quality of Service Rick Schantz John Zinky, David Karr, Dave.
OPX PI Meeting 2002 February page 1 Applications that Participate in their Own Defense (APOD) QuO Franklin Webber BBN Technologies.
Distributed Systems Architecture Presentation II Presenters Rose Kit & Turgut Tezir.
1 4/20/98ISORC ‘98 BBN Technologies Specifying and Measuring Quality of Service in Distributed Object Systems Joseph P. Loyall, Richard E. Schantz, John.
1 05/01/02ISORC 2002 BBN Technologies Joe Loyall Rick Schantz, Michael Atighetchi, Partha Pal Packaging Quality of Service Control Behaviors for Reuse.
BBN Technologies Craig Rodrigues Gary Duzan QoS Enabled Middleware: Adding QoS Management Capabilities to the CORBA Component Model Real-time CCM Meeting.
1 21 July 00 Joint PI Meeting FTN Applications that Participate in their Own Defense (APOD) BBN Technologies Franklin Webber, Ron Scott, Partha Pal, Michael.
1 Using Quality Objects (QuO) Middleware for QoS Control of Video Streams BBN Technologies Cambridge, MA Craig.
1 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Mechanisms and the APOD Red-team Experiments Chris Jones Michael Atighetchi, Partha Pal, Franklin.
MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,
1 06/00 Questions 10/6/2015 QoS in DOS ECOOP 2000John Zinky BBN Technologies ECOOP 2000 Workshop on Quality of Service in Distributed Object Systems
DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.
1 10/20/01DOA Application of the QuO Quality-of-Service Framework to a Distributed Video Application Distributed.
Information Management NTU Interprocess Communication and Middleware.
1 of of 25 3 of 25 ORBs (Object Request Broker) – A distributed software bus for communication among middleware services and applications – To.
WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.
BBN Technologies a part of page 118 January 2001 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting January.
1 06/ /21/2015 ECOOP 2000 Workshop QoS in DOSJohn Zinky BBN Technologies Quality Objects (QuO) Middleware Framework ECOOP 2000 Workshop QoS in DOS.
Service Oriented Architectures Presentation By: Clifton Sweeney November 3 rd 2008.
2001 July page 1 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting 2001 July 30 Franklin Webber QuO.
Design and run-time bandwidth contracts for pervasive computing middleware Peter Rigole K.U.Leuven – Belgium
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
Abhishek Bachchan Vishal Patangia
Introduction to CORBA University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
1 10/23/98Lunchtime Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall, Rick Schantz, Rodrigo Vanegas, James Megquier,
1 Applying Adaptive Middleware, Modeling, and Real-Time CORBA Capabilities to Ensure End-to- End QoS Capabilities of Video Streams BBN Technologies Cambridge,
Distributed Objects and Middleware. Sockets and Ports Source: G. Coulouris et al., Distributed Systems: Concepts and Design.
CSC 480 Software Engineering Lecture 18 Nov 6, 2002.
1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.
2001 November13 -- page 1 Applications that Participate in their Own Defense (APOD) Project Status Review Presentation to Doug Maughan Presentation by.
Distributed Object Frameworks DCE and CORBA. Distributed Computing Environment (DCE) Architecture proposed by OSF Goal: to standardize an open UNIX envt.
CORBA Common Object Request Broker Architecture. Basic Architecture A distributed objects architecture. Logically, an object client makes method calls.
CS 240, Prof. Sarwar Slide 1 CS 240: Software Project Fall 2003 Sections 1 & 2 Dr. Badrul M. Sarwar San Jose State University Lecture #23.
Presented By:- Sudipta Dhara Roll Table of Content Table of Content 1.Introduction 2.How it evolved 3.Need of Middleware 4.Middleware Basic 5.Categories.
Common Object Request Broker Architecture (CORBA) The Common Object Request Broker Architecture (CORBA) is a specification of a standard architecture for.
CS 501: Software Engineering Fall 1999 Lecture 12 System Architecture III Distributed Objects.
 Common Object Request Broker Architecture  An industry standard developed by OMG to help in distributed programming.
Module 11: Designing Security for Network Perimeters.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
1 BBN Technologies Quality Objects (QuO): Adaptive Management and Control Middleware for End-to-End QoS Craig Rodrigues, Joseph P. Loyall, Richard E. Schantz.
Complementary Methods for QoS Adaptation in Component-based Multi-Agent Systems MASS 2004 August 30, 2004 John Zinky, Richard Shapiro, Sarah Siracuse BBN.
1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting.
Networking Aspects in the DPASA Survivability Architecture: An Experience Report Michael Atighetchi BBN Technologies.
Architectural Mismatch: Why reuse is so hard? Garlan, Allen, Ockerbloom; 1994.
1 09/25/02HPEC Workshop BBN Technologies Cambridge, Ma. Rick Schantz Joe Loyall Meeting the Demands of Changing Operating.
Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally
Data Sharing Service Kiran Devaram Samatha Gangapuram Harish Maringanti Prashant Shanti Kumar Pradeep Tallogu.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
CORBA Antonio Vasquez, John Shelton, Nidia, Ruben.
1 Distributed Systems Architectures Distributed object architectures Reference: ©Ian Sommerville 2000 Software Engineering, 6th edition.
Middleware Policies for Intrusion Tolerance
QoS-Enabled Middleware
Middleware in Context Prof. Dave Bakken Cpt. S 464/564 Lecture
Component-Based Software Engineering: Technologies, Development Frameworks, and Quality Assurance Schemes X. Cai, M. R. Lyu, K.F. Wong, R. Ko.
Middleware in Context Prof. Dave Bakken Cpt. S 464/564 Lecture
Quality-aware Middleware
Copyright 1999 B.Ramamurthy
Architectural Mismatch: Why reuse is so hard?
Presentation transcript:

1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal, Franklin Webber BBN Technologies QuO & APOD

2 APOD 10/19/2015 DOCSEC 2002Christopher Jones APOD Overview APOD is toolkit of mechanism wrappers and adaptation strategies that allows an application to use security mechanisms to dynamically adapt to a changing environment We believe that adaptation increases an application’s resiliency to certain kinds of attacks APOD uses QuO, which provides an application with adaptation.

3 APOD 10/19/2015 DOCSEC 2002Christopher Jones Quo Overview QuO is a middleware system that offers an application the ability to adapt to the changing environment in which it is running. –Host resources (CPU and memory) usage –Network resource availability –Intrusion status The adaptive code is separated into a QuO “qosket” for reuse. –A qosket is a set of specifications and implementations that define a quality of service module. It can be added into a distributed object application with minimum impact on the application

4 APOD 10/19/2015 DOCSEC 2002Christopher Jones QuO Overview (cont.) Quality Description Languages (QDL) –Contract description language, adaptive behavior description language –Code generators that generate Java and C++ code for contracts, delegates, creation, and initialization System Condition Objects –Provide interfaces to resources, managers, and mechanisms QuO Runtime Kernel –Contract evaluator –Factory object which instantiates contract and system condition objects

5 APOD 10/19/2015 DOCSEC 2002Christopher Jones QuO Architecture Application Developer Mechanism Developer CLIENT Network operation() in args out args + return value IDL STUBS IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF CLIENT Delegate Contract SysCond Contract Network MECHANISM/PROPERTY MANAGER operation() in args out args + return value IDL STUBS Delegate SysCond IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF Application Developer QuO Developer Mechanism Developer CORBA DOC MODEL QUO/CORBA DOC MODEL

6 APOD 10/19/2015 DOCSEC 2002Christopher Jones APOD Description We believe that by adapting to and trying to control its environment, an application can increase its chances of survival under attack –Use QuO to integrate multiple security mechanisms into a coherent strategy for adaptation –Use mechanisms where they exist to harden or protect an application, a resource, or a service Tie security information to the adaptation of an application through the QuO system condition objects

7 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense-Enabled Application Competes With Attacker for Control of Resources Application Attacker Raw Resources CPU, bandwidth, files... QoS Management CryptoCrypto OSs and NetworkIDSsFirewalls

8 APOD 10/19/2015 DOCSEC 2002Christopher Jones APOD Mechanisms Network and Host Sensors –Snort is a lightweight network intrusion detection system –Tripwire for detecting file systems integrity violations Actuators –Network traffic filters - Iptables –File systems recovery – secure backup Dependability management using replication –Aqua – replication system from University of Illinois, Urbana- Champaign –APOD Bus – mechanism for publishing data about application’s status and for maintaining replicas of application processes Bandwidth Management –Intserv (RSVP, SecureRSVP) and Diffserv Access Control –NAI’s OO-DTE at the interceptor layer

9 APOD 10/19/2015 DOCSEC 2002Christopher Jones APOD Strategies QuO’s contract language is used to define defensive strategies Example strategies include –containment, which uses snort and iptables to detect and limits the extent of attacks –outrun, uses dependability with replication to move away from attacks.

10 APOD 10/19/2015 DOCSEC 2002Christopher Jones APOD Red-teaming Experimentation Sandia labs redteam attacks an APOD enabled application Test the added value of APOD to an application –Also, analyzing the overhead of APOD Application has three pieces; client, image server, and broker. The broker is responsible for hooking clients requesting images to the server that can provide those images Two broker components are maintained by the APOD bus on a set of hosts. Each of these hosts is running a qosket implementing a containment strategy –Using snort and tripwire as sensors and iptables and the bus to react to attack detections.

11 APOD 10/19/2015 DOCSEC 2002Christopher Jones APOD Redteam Example Server 3 Server 1 Client 1 Client 2 Server 2 APOD bus Broker 2 Broker 1 Subscribe/ Unsubscribe Publish/ Unpublish Server ready/ Server gone Subscribe/ Unsubscribe Publish/ Unpublish Publish/ Unpublish Server ready/ Server gone

12 APOD 10/19/2015 DOCSEC 2002Christopher Jones Experimentation Configuration Testing environment of 14 hosts on 4 subnets. broker4_1broker4_2server (IPNET4) BBS Experiment Control, external waypoint VPN/ Interne t (IPNET1) BBS broker1_1broker1_2server (IPNET2).21 autobot BCB broker2_1broker2_2client (IPNET3) CBBS broker3_1broker3_2server3client3 router_ipnet_2 router_ipnet_4 router_ipnet_1 router_ipnet_3 badguy1.101

13 APOD 10/19/2015 DOCSEC 2002Christopher Jones Red-teaming Attack and Preliminary Results With APOD and the configuration, the redteam was forced to combine three different attacks to cause a denial of service of the broker –The three attack are: ARP cache poisoning, Spoofing scan, connection flooding –The combined attacks took 5 minutes and we have implemented counter defenses APOD has added value and the method call latency overhead of QuO and APOD to application is very small (~.3 msec.) –note: encryption at interceptor layer not included, but measured by APOD team as roughly 500 msec per method call »using symmetric encryption can improve this number. –Ipsec overhead compared to interceptor layer is very small

14 APOD 10/19/2015 DOCSEC 2002Christopher Jones What APOD would like from DOC security Better elimination of software flaws in ORB implementations Standardized support across CORBA implementations for –pluggable transports –interceptors “Knobs and Dials” at ORB and service level to adjust security –Easy configuration of ORB’s port selection dynamically under middleware control. »Specific ports or range of ports »How to select the next port to use Configuration of timeouts and how to deal with them.

15 APOD 10/19/2015 DOCSEC 2002Christopher Jones Conclusion The red teaming has been extremely useful for APOD –Validated our work and “stress test” our defenses CORBA support needs to be as secure and uniform as possible –Found lack of uniformity in implementations –Trusting the ORB is secure Websites: –QuO: –APOD:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.