University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Slides:



Advertisements
Similar presentations
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
Advertisements

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Lecture # 2 : Process Models
Chapter 19: Network Management Business Data Communications, 4e.
Distributed components
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Chapter 17: Client/Server Computing Business Data Communications, 4e.
SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.
SensIT PI Meeting, April 17-20, Distributed Services for Self-Organizing Sensor Networks Alvin S. Lim Computer Science and Software Engineering.
1 Personal Activity Coordinator (PAC) Xia Hong UC Berkeley ISRG retreat 1/11/2000.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Concurrent Systems Architecture Group University of California, San Diego and University of Illinois at Urbana-Champaign Morph 9/21/98 Morph: Supporting.
Undergraduate Poster Presentation Match 31, 2015 Department of CSE, BUET, Dhaka, Bangladesh Wireless Sensor Network Integretion With Cloud Computing H.M.A.
Software Process and Product Metrics
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
S/W Project Management Software Process Models. Objectives To understand  Software process and process models, including the main characteristics of.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
SensIT PI Meeting, January 15-17, Self-Organizing Sensor Networks: Efficient Distributed Mechanisms Alvin S. Lim Computer Science and Software Engineering.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
1 CS 456 Software Engineering. 2 Contents 3 Chapter 1: Introduction.
1 System Models. 2 Outline Introduction Architectural models Fundamental models Guideline.
Managing Service Metadata as Context The 2005 Istanbul International Computational Science & Engineering Conference (ICCSE2005) Mehmet S. Aktas
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
The MicroGrid: A Scientific Tool for Modeling Grids Andrew A. Chien SAIC Chair Professor Department of Computer Science and Engineering University of California,
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.
Distributed Systems: Concepts and Design Chapter 1 Pages
1 Heterogeneity in Multi-Hop Wireless Networks Nitin H. Vaidya University of Illinois at Urbana-Champaign © 2003 Vaidya.
 CS 5380 Software Engineering Chapter 2 – Software Processes Chapter 2 Software Processes1.
Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.
Model-Driven Analysis Frameworks for Embedded Systems George Edwards USC Center for Systems and Software Engineering
An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.
Salim Hariri HPDC Laboratory Enhanced General Switch Management Protocol Salim Hariri Department of Electrical and Computer.
Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.
Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.
CORBA1 Distributed Software Systems Any software system can be physically distributed By distributed coupling we get the following:  Improved performance.
March 2004 At A Glance NASA’s GSFC GMSEC architecture provides a scalable, extensible ground and flight system approach for future missions. Benefits Simplifies.
Rational Unified Process Fundamentals Module 7: Process for e-Business Development Rational Unified Process Fundamentals Module 7: Process for e-Business.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Programming Sensor Networks Andrew Chien CSE291 Spring 2003 May 6, 2003.
1 Flexible, High-Speed Intrusion Detection Using Bro Vern Paxson Computational Research Division Lawrence Berkeley National Laboratory and ICSI Center.
The CoBFIT Toolkit PODC-2007, Portland, Oregon, USA August 14, 2007 HariGovind Ramasamy IBM Zurich Research Laboratory Mouna Seri and William H. Sanders.
1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.
Chapter 18 Object Database Management Systems. Outline Motivation for object database management Object-oriented principles Architectures for object database.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Tolerating Intrusions Through Secure System Reconfiguration Dennis Heimbigner and Alexander Wolf University of Colorado at Boulder John Knight University.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Dependable Data Management.
March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.
Software Architecture of Sensors. Hardware - Sensor Nodes Sensing: sensor --a transducer that converts a physical, chemical, or biological parameter into.
Towards a High Performance Extensible Grid Architecture Klaus Krauter Muthucumaru Maheswaran {krauter,
Business System Development
MadeCR: Correlation-based Malware Detection for Cognitive Radio
Model-Driven Analysis Frameworks for Embedded Systems
Automated Analysis and Code Generation for Domain-Specific Models
Distributed Systems and Concurrency: Distributed Systems
Presentation transcript:

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability Andrew A. Chien* and Jane W. Liu** *University of California, San Diego **University of Illinois, Urbana-Champaign DARPA ISO Intrusion Tolerant Systems PI Meeting February 22, 2000

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20002 Outline Agile Objects Approach »Location Elusiveness »Interface Elusiveness Detailed Technical Approach »Previously Reported »Progress in past six months Future Plans

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20003 Background/Existing Practice Static Distributed Software Architectures (nearly) »Fixed points of access, deployment, resource dependence System/Firewall/Sandbox/Domain based Security »Resource and containment oriented Security Architecture based on Anticipated Deployment Structures => Flexibility and reconfiguration can enhance survivability Our Focus: Flexible Configuration of Distributed C 3 I Systems (Real- time, High Performance, Mission-Critical Online systems) »E.g. Aegis Battle Cruiser, Theatre Command/Information system, etc.

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20004 Focus: Tolerance and Response Resource revocation due to loss »Physical loss, destruction, crash (failure) Resource loss due to compromise »Corruption, compromise, unacceptable risk Resources made undesirable due to changes in security status »Under attack, detected assaults, partially compromised, loss of other security critical information »Proactive reconfiguration in response to partial loss

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20005 Technical Objectives Flexible Configuration of Distributed C 3 I Systems »Performance »Application Architecture »Security Location Elusiveness »Survivability (resource loss or compromise) »Continued Real-time performance Interface Elusiveness »Survivability (automatic, distributed attack) »Adaptive Interfaces/Security Mechanisms over Reconfiguration »Dynamic Responses to Environmental Changes Prototypes and Demonstrations that support commercial API’s

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20006 Technical Approach Increase application capability thru Enhanced Middleware for Distributed Objects and Components »Benefit to Standard API’s Survivability thru Elusiveness »Distributed Applications without fixed resources or configuration »Security structures adapt to configuration/performance constraints »Difficult to locate, target, identify, Difficult to compromise Agile Objects Middleware

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20007 Example Scenario Distributed object/Component applications Online reconfiguration enables a flexible dynamic response to resource or security change Response to critical events achieved in short time scales (seconds) Automatically reconfiguration maintains performance and security properties System#1 System#2 System#3 Evacuate #1 Reconfigure to new Resources

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20008 Challenges Location Elusiveness: Support rapid application mobility with »Performance insensitivity »Uniform resource access »Continuous real-time performance »=> make this real for significant distributed applications Interface Elusiveness: Adapt security mechanisms and configuration »Support *very* high speed networks »Describe system application security requirements »Manage and enforce security requirements, adapting in real time to match rapid changes

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20009 Detailed Technical Approach Location Elusiveness »Theoretical and Analytical Foundations –High Performance Distributed Objects –Migration and Scalable Name Service –Dynamic Open Real-time Systems »Prototypes and Demonstrations –High performance distributed objects –Object Migration and Replication –Open Real Time systems and Distributed Resource Managers –Experiment with existing applications for transparent static redistribution –Performance experiment and demonstrations with cluster/LAN and wide-area environments

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Detailed Technical Approach (cont.) Interface Elusiveness »Theoretical and Analytical Foundations –Mutating Interfaces Space/Complexity/Performance (static) –Mutating Interfaces Dynamic Coordination (dynamic) –Mutating Interfaces Targeted (specific response) »Prototypes and Demonstrations –Interface Mutation Prototypes (range, correct operation) –Dynamic Mutation (consistent operation, reconfiguration, resource adaptation) –Demonstration and evaluation of several approaches for distributed coordination –Demonstration and evaluation of targeted responses based in intrusion detection information Integrated Experiments

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Progress Previously reported results (8/99) »User-level networking performance »Fast Remote RPC (+ improving) »Basic Real-time Framework Recent Results »Multi-DCOM Prototype »Elusive Interfaces Case Study Future Plans »Experimentation with Multi-DCOM Prototype »Elusive Interfaces Prototype

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Multi-DCOM Infrastructure Generic Transparent Interface for Replication »Based on DCOM infrastructure (binary modules of all derivations) “Iterator” based API: compatibility and basis for extension and experimentation »Experimentation framework for flexible replication (Fault and Intrusion Tolerance) »Partial redundancy/threshold cryptography approaches (e.g. Pasis, etc.) Client Server #2 Server #1 Server #3

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Elusive Interfaces Distributed Object and Component Applications: primitive pairwise relationships End-to-end encryption techniques practically incompatible with high speed networks Ideas »Low-cost encryption techniques based on interface structure »Adapt and manage automatically in response to changes »Systematic analysis of opportunities, costs, and capabilities High Speed Net Untrusted Net Specialized Cryptography Hardware Time-varying

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Security Overhead SSL inline overhead (excluding initial exchange protocol) »4x fixed overhead; 17x per byte costs (~2Mbits) »56-bit keys, 500Mhz Pentium II’s, 100Mbit Ethernet »Cleartext protocol stacks barely feed high speed networks

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Case Study: Elusive Interfaces European Molecular Biology Laboratory’s Nucleotide Sequence Database (NSDB) 41 methods, 4 distinct interfaces, various numbers of arguments Wide range of data access mechanisms (standard queries) and attribute information Application at simple end of the spectrum EmblSeq Embl.getEmblSeq (string) ULONG EmblSeq.getCountA () ULONG EmblSeq.getCountC () ULONG EmblSeq.getCountG () ULONG EmblSeq.getCountT () ULONG EmblSeq.getEntryVersion () ULONG EmblSeq.getCheckSum () ULONG EmblSeq.getBioSeqVersion () ULONG EmblSeq.getLength () String EmblSeq.getEntryName () String EmblSeq.getEntryStatus () String EmblSeq.getDescription () String EmblSeq.getMoleculeType () String EmblSeq.getSeq () String EmblSeq.getTopology () String EmblSeq.getBioSeqId () RevisionList EmblSeq.getRevisions ()String EmblSeq.getSubSeqByFeature (NucFeature) tk_array EmblSeq.getAnySeq ()String EmblSeq.getSubSeq (ULONG, ULONG) StringList EmblSeq.getSecondaryIds () StringList EmblSeq.getComments () StringList EmblSeq.getKeyWords () DbXrefList EmblSeq.getDbXrefs () DbXrefList EmblSeq.getReferences () DbXrefList EmblSeq.getOrganisms () NucFeatureList EmblSeq.getNucFeaturesByKey (string) Location EmblSeq.getLocalLocation (NucFeature) NucFeatureList EmblSeq.getNucFeatures () Location EmblSeq.geReferenceLocation (string) String NucFeature.getFeatureId () String NucFeature.getKey () FeatureLocation NucFeature.getLocation () ULONG NucFeature.getFeatureVersion () Qualifier NucFeature.getQualifier (string) DbXrefList NucFeature.getNucSeqs ()QualifierList NucFeature.getQualifiers () String FeatureLocation.getLocationString () String FeatureLocation.getSeq () NucFeature FeatureLocation.getNucFeature () LocationNodeList FeatureLocation.getNodes ()

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Dimensions of Interface Manipulation Method offset value Method offset spacing Method offset location (in message) Parameter location Parameter organization* Parameter encryption Parameter buffering Flexible packetization Temporal variation...

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Practical Encoding Space How large a space can we generate for an attacker? »Analyze all possible configurations of the parameters »Potential for obscuring application information (published interfaces) »Incorrect probes all detected »(details available in a forthcoming report) Encoding Space (NSDB) No increase in Communication Traffic 10 6 – 10 8 Increasing Communication Traffic by adding Parameters 10 8 – (most benefits with a few parameters)

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Initial Observations Space is large and proportional to interface complexity (increasing?) Interface encoding to be performed a line speed using custom- generated code sequences Relationship to classical cryptography approaches needs to be developed (cost, difficulty of attack) Current: manual experiments, Building a general prototype for broader experimentation

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Agile Objects Project Plan Location ElusivenessInterface Elusiveness Integrated Demonstration Interface Elusiveness Demonstration Dynamic Mutation Prototype (online, reactive) Mutation Prototype Analytical Foundations & Case Studies Location Elusiveness Demonstration Location Elusiveness Demonstration Object Migration integrated with Distribution Insensitivity Distribution Insensitivity (RPC & Real-time Scheduling) High Performance RPC 2/00 Status

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Quantitative Metrics Location Elusiveness »Speed of remote RPC, ratio of local/remote »Time of application reconfiguration (physical network parameters, applications) »Granularity/precision of real-time guarantees Interface elusiveness »Size of reconfiguration space, range of techniques »Reconfiguration Cost »Reconfiguration Delay Scale of Demonstrations

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/ Expected Major Achievements Location Elusiveness: Distribution insensitive distributed applications »High Performance RPC which enables flexible configuration »Online Migration and Replication »Real-time applications which reconfigure while maintaining performance guarantees Interface Elusiveness: Characterize space of interface mutation and dynamic coordination mechanisms »Crystallize a framework for adaptive interface mutation management (reconfiguration, cost, space) »Configuration independent application security specifications Develop a range of targeted responses based on Intrusion Detection & System status information Integrate techniques for a unified Agile Objects approach and demonstration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.