University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Slides:



Advertisements
Similar presentations
-Grids and the OptIPuter Software Architecture Andrew A. Chien Director, Center for Networked Systems SAIC Chair Professor, Computer Science and Engineering.
Advertisements

Technology Drivers Traditional HPC application drivers – OS noise, resource monitoring and management, memory footprint – Complexity of resources to be.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
Priority Research Direction (I/O Models, Abstractions and Software) Key challenges What will you do to address the challenges? – Develop newer I/O models.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.
Objektorienteret Middleware Presentation 2: Distributed Systems – A brush up, and relations to Middleware, Heterogeneity & Transparency.
Distributed components
Technical Architectures
SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
Software Engineering and Middleware: a Roadmap by Wolfgang Emmerich Ebru Dincel Sahitya Gupta.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
A Mobile Agent Infrastructure for QoS Negotiation of Adaptive Distributed Applications Roberto Speicys Cardoso & Fabio Kon University of São Paulo – USP.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
Software Engineering and Middleware A Roadmap Author: Wolfgang Emmerich Presented by: Sam Malek.
The Bio-Networking Architecture: An Infrastructure of Autonomic Agents in Pervasive Networks Jun Suzuki netresearch.ics.uci.edu/bionet/
SensIT PI Meeting, April 17-20, Distributed Services for Self-Organizing Sensor Networks Alvin S. Lim Computer Science and Software Engineering.
Chapter 9: Moving to Design
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
23 September 2004 Evaluating Adaptive Middleware Load Balancing Strategies for Middleware Systems Department of Electrical Engineering & Computer Science.
Chapter 9 Elements of Systems Design
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
SensIT PI Meeting, January 15-17, Self-Organizing Sensor Networks: Efficient Distributed Mechanisms Alvin S. Lim Computer Science and Software Engineering.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
26 Sep 2003 Transparent Adaptive Resource Management for Distributed Systems Department of Electrical Engineering and Computer Science Vanderbilt University,
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
1 System Models. 2 Outline Introduction Architectural models Fundamental models Guideline.
Presenter: Dipesh Gautam.  Introduction  Why Data Grid?  High Level View  Design Considerations  Data Grid Services  Topology  Grids and Cloud.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
ARGONNE  CHICAGO Ian Foster Discussion Points l Maintaining the right balance between research and development l Maintaining focus vs. accepting broader.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona
Distributed Systems: Concepts and Design Chapter 1 Pages
DCOM (Overview) by- Jeevan Varma Anga.
Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.
Copyright © George Coulouris, Jean Dollimore, Tim Kindberg This material is made available for private study and for direct.
Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Issues Autonomic operation (fault tolerance) Minimize interference to applications Hardware support for new operating systems Resource management (global.
The Replica Location Service The Globus Project™ And The DataGrid Project Copyright (c) 2002 University of Chicago and The University of Southern California.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
CORBA1 Distributed Software Systems Any software system can be physically distributed By distributed coupling we get the following:  Improved performance.
© Chinese University, CSE Dept. Distributed Systems / Distributed Systems Topic 1: Characterization of Distributed & Mobile Systems Dr. Michael R.
Programming Sensor Networks Andrew Chien CSE291 Spring 2003 May 6, 2003.
Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.
1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
RobuSTore: Performance Isolation for Distributed Storage and Parallel Disk Arrays Justin Burke, Huaxia Xia, and Andrew A. Chien Department of Computer.
TRUST Self-Organizing Systems Emin G ü n Sirer, Cornell University.
MicroGrid Update & A Synthetic Grid Resource Generator Xin Liu, Yang-suk Kee, Andrew Chien Department of Computer Science and Engineering Center for Networked.
ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
9 Systems Analysis and Design in a Changing World, Fifth Edition.
Towards a High Performance Extensible Grid Architecture Klaus Krauter Muthucumaru Maheswaran {krauter,
Chapter 1 Characterization of Distributed Systems
Supporting Fault-Tolerance in Streaming Grid Applications
Mobile Agents.
Distributed Systems Bina Ramamurthy 11/30/2018 B.Ramamurthy.
Presentation transcript:

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability Andrew A. Chien UCSD Riccardo Bettati Texas A&M AFRL F OASIS PI Meeting, March 12, 2002

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20022 Outline Motivation and Goals Agile Objects Project Highlights Agile Objects Recent Progress

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20023 Context Static Distributed Software Architectures (nearly) »Fixed points of access, deployment, resource dependence System/Firewall/Sandbox/Domain based Security »Resource and containment oriented Security Architecture based on Anticipated Deployment Structures => Flexibility and reconfiguration to enhance survivability Our Focus: Flexible Configuration of Distributed C 3 I Systems (Real- time, High Performance, Mission-Critical Online systems) »E.g. Aegis Battle Cruiser, Theatre Command/Information system, etc. »High bandwidth networks, rich resource environment

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20024 AO Focus: Tolerance and Response Resource loss due to compromise »Detected security breach, autonomic response network partition Resources made undesirable due to changes in security status »Under attack, detected assaults, partially compromised, loss of other security critical information »Information about attack methods and systems targeted »Proactive reconfiguration in response to partial loss

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20025 Distribution Independent Design High performance RPC enables… Identical Application Design can be Deployed in Multiple Configurations »Identical design effort (same performance abstractions ensured by the middleware layer) – rate-based real-time performance at component level »Identical performance experienced by users of the applications »Configurations can be chosen based on many criteria: survivability, load balance, hardware reliability, etc. Deployment #2 Deployment #3 Deployment #4 Deployment #1

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20026 Location Elusive Applications => Online Migration and Flexible Replication… Extends distribution flexibility to runtime »Transparent online reconfiguration; functionality and performance invisible to distributed application and its users (Location Elusiveness) Response to runtime changes to environment (failures, attack, security) »Without major additional design effort »Useful for commodity and legacy software

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20027 Flexible Security Reconfiguration Integrated security mechanisms with high performance RPC/distributed objects (Elusive Interfaces) »Exploit computer manipulable interfaces and data reorganization Adaptive security management for Agile, highly decentralized applications »Rapidly and continuously changing environment and configurations Nasty Virus Attack Elevated Security Barrier Change of Protocol and Change of Interface

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20028 Technical Objectives Elusive Distributed Applications Location Elusiveness »Seamless boundary between Component and Distributed Object applications »Real-time framework allows performance transparent distributed reconfiguration »Replication supports fault tolerance, rapid reconfiguration, multi-version assurance and survivability Interface Elusiveness »Integrates security mechanisms with traditional object interface marshalling to achieve high performance –An adaptive security mechanism (there are many) »Adaptive security required with rapidly changing application configuration –=> also rapidly changing surrounding resource and security environment Transparent reconfiguration maintains performance and security properties »Incorporate software components without major effort Respond to critical Assurance and Survivability events fast (<< seconds) Respond to noisy intrusion information without negative impact

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/20029 Assumptions and Scope What threats/attacks is your project considering? »Any that lead to compromise of nodes, networks, services »esp. object/component interface based attacks What assumptions does your project make? »Applications are component-based »Only some resources are compromised; segregation possible »Some warning (could be noisy) => Low impact techniques to respond What policies can your project enforce? »Application configuration Level of compromise of resources –Reflect Infocon level or resource status fast »Many that drive reconfiguration, decouple reconfiguration from complex analysis and performance

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Challenges Location Elusiveness: Support rapid application mobility with »Performance insensitivity »Uniform resource access »Continuous real-time performance »=> make this real for significant distributed applications Interface Elusiveness: Integrate data security with RPC »Support very high speed networks »Characterize EI interface configuration spaces and cost of data permutation approaches »High performance RPC on very high speed networks while protecting data

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Previous Results Location Elusiveness »Low-latency RPC system (40 microseconds; as fast as local) »Multi-DCOM Prototype –Transparent replication; high performance »Analytic Real-time Framework Interface Elusiveness »Analysis of interface space for sample distributed applications –Simple systems, 10 6 – configurations »Elusive Interfaces prototype and evaluation

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Multi-DCOM Highlight Generic Transparent Interface for Replication »Based on DCOM infrastructure (binary modules of all derivations) Experimentation framework for flexible replication (Fault and Intrusion Tolerance) »“Iterator” based API: translucent compatibility »Execution of legacy COM/DCOM applications without change »Construction of replication aware applications (source, binary wrappers) High performance (modest addl overhead per replica) Client Proxy Stub 1 Stub 2 MSRPCMSRPC InterceptorInterceptor Proxy 1 Proxy 2

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Migration and Naming Highlight Location Elusiveness: flexible application reorganization in time scale of an RPC »Fast Migration (~1 RPC time) »Naming – track fast migrating objects for continuous operation Developed migration architecture »Notification interfaces, system actuators/controllers »Implementations on experimental testbed Defined scalable, low-latency naming architecture(s) »Performance Requirements: ~ 1 RPC latency, location tracking, update of references, scale to large numbers of objects and resources »Defined interfaces, working reference implementation (doesn’t meet performance requirements) »Evaluating alternatives – analytically and empirically Proof of concept in Experimental testbed

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Elusive Interfaces Highlight Distributed Object and Component Applications: elusiveness at the RPC interfaces Broaden Performance-Security Space »Low-cost encryption techniques based on interface structure »Adapt and manage automatically in response to changes »Very high speed networks (10Gbit+), no cryptography hardware Example: shuffle+pad, various pseudo-random shuffling Case Study: European Molecular Biology Laboratory Nucleotide databases »Realistic interface complexity, feasible # configurations Analytic models »Range of “elusiveness” alternatives »Characterize in performance-security space Empirical study in progress (based on Manta Java RMI)

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Recent Progress Definition of Real-time Framework and Resource Allocator »Identify migration destination candidates, effect migration Integration of Technologies in Experimental Testbed »Naming, Migration, Monitoring, Logging, etc. Tolerating a Distributed Denial of Service Attack »Applying Agile Objects technology

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Real-time Framework Local: Timing isolation for real-time applications. Pro-active Distributed Resource Management for fast migration. »Distributed resource discovery and allocation –Identifies available resources and supports real-time properties Resilient to changes in resource availability »Network changes (failures, partitions, attacks) »Application re-configuration (migration) Soft state: nodes periodically publish possible future resource requirements. Other nodes pick up requests and respond with resource availability (willingness to accept objects). »Nodes build their “communities” of candidate nodes. Object migration happens without resource negotiation. »No overcommitment – guaranteed success »Overcommitment – explore rapid searches (e.g. “hot potato” forwarding)

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Experimental Testbed Compute Memory... Fast RPC Compute Memory Compute Memory Local Services (Linux,JVM,RTSJ) Agile Objects Distributed Application RT Resource Management RT Resource Management RT Resource Management Low Latency Naming Global Monitoring Fast Migration Real-time Resource Allocator Interface Elusiveness Location Elusiveness Network Services In Progress Complete High Performance Networking and Compute Infrastructure

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Using Agile Objects to Tolerate DDoS Attack Distributed Denial of Service Attack »How to build a resilient service based on Agile Objects? Assumptions »Agile Objects technology »Open Applications (e.g. internet access) »Attackers can compromise a large number of machines Efforts »Analytical studies for what’s possible –Quantitative model of a DOS attack –Analysis of rate control (QoS approaches) benefits »Apply AO technology to tolerate DDoS Attack

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Distributed DoS Attack Attackers compromise hosts in the Internet and install “zombies” (for example, “Code Red” worm) Attackers control those zombies to DoS attack the victim »Infrastructure level attack (UDP floods) »Application level attack (floods of requests) Attacker compromise hosts in the Internet Application Legitimate Users DDoS Attack!!

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Proxy User Location Elusive Application AO Tolerating DDoS Attack Location Elusiveness uses reconfiguration to tolerate infrastructure-level attacks Proxies translate to Location Elusive Names provide access to application

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Tolerate DDoS Location Elusiveness to tolerate Infrastructure Attacks »Can’t locate the right infrastructure to attack »If located, migration negates effectiveness of attack Proxy network can be extended with proportional-share scheduling to tolerate Application-level Attacks »Attack effects limited to subset of the users »Attacker must compromise large fraction of network to achieve effective attack Real-time framework preserves Object’s Real-time Performance through migration => Approach can provide tolerance of DDoS attack

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/ Summary Progress »Location Elusiveness: High Performance RPC and Migration »Interface Elusiveness: framework and empirical evaluation »Real-time Resource Framework: proactive, fast »Exploration of capabilities: Tolerating DDoS using AO Next Steps »Location Elusiveness: Naming implementations »Interface Elusiveness Empirical studies »Real-time Resource Framework: Implementation and Experiments »Integration and System Experiments »Further Study of what AO capabilities enable

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 3/12/200223

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.