Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Similar presentations

Presentation on theme: "University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability."— Presentation transcript:

1 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability Andrew A. Chien, UC San Diego Riccardo Bettati, Texas A&M AFRL F30602-9-1-0534 OASIS PI Meeting, August 19, 2002

2 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20022 Outline Motivation and Goals Agile Objects Project Agile Objects Recent Progress »Naming Services »Application for DDoS Tolerance

3 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20023 Context Static Distributed Software Architectures (nearly) »Fixed points of access, deployment, resource dependence System/Firewall/Sandbox/Domain based Security »Resource and containment oriented Security Architecture based on Anticipated Deployment Structures => Flexibility and reconfiguration to enhance survivability Our Focus: Flexible Configuration of Distributed C 3 I Systems (Real- time, High Performance, Mission-Critical Online systems) »E.g. Aegis Battle Cruiser, Theatre Command/Information system, etc. »High bandwidth networks, rich resource environment

4 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20024 Agile Objects Middleware for survivable component based distributed applications »Large number of distributed components, extensive communication via RPC »Ex: large distributed Java or.NET application Survivability to distributed applications based on »High performance RPC; Configuration independent performance »Agile configuration changes in response to resource loss or compromise

5 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20025 Elusive Applications, Rapid Reconfiguration Resource loss due to compromise, physical damage, or change in security status Rapid Change of Location and Interface, “Elusiveness” »reconfiguration to increase survivability in response to attacks »preserving real-time performance Nasty Virus Attack Elevated Security Barrier Change of Protocol and Change of Interface

6 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20026 Technical Objectives Elusive Distributed Applications Location Elusiveness »Seamless boundary between Component and Distributed Object applications »Real-time framework allows performance transparent distributed reconfiguration »Replication supports fault tolerance, rapid reconfiguration, multi-version assurance and survivability Interface Elusiveness »Integrates security mechanisms with traditional object interface marshalling to achieve high performance –An adaptive security mechanism (there are many) »Adaptive security required with rapidly changing application configuration –=> also rapidly changing surrounding resource and security environment Transparent reconfiguration maintains performance and security properties »Incorporate software components without major effort Respond to critical Assurance and Survivability events fast (<< seconds) Respond to noisy intrusion information without negative impact

7 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20027 Assumptions and Scope What threats/attacks is your project considering? »Any that lead to compromise of nodes, networks, services »esp. object/component interface based attacks What assumptions does your project make? »Applications are component-based »Only some resources are compromised; segregation possible »Some warning (could be noisy) => Low impact techniques to respond What policies can your project enforce? »Application configuration Level of compromise of resources –Reflect Infocon level or resource status fast »Many that drive reconfiguration, decouple reconfiguration from complex analysis and performance

8 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20028 Challenges Location Elusiveness: Support rapid application mobility with »Performance insensitivity »Uniform resource access »Continuous real-time performance »=> make this possible for distributed applications Interface Elusiveness: Integrate data security with RPC »Support very high speed networks »Characterize EI interface configuration spaces and cost of data permutation approaches »High performance RPC on very high speed networks while protecting data

9 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/20029 Previous Results Location Elusiveness »Low-latency RPC system (40 microseconds; as fast as local) »Multi-DCOM Prototype;Transparent replication; high performance Realtor Real-time Allocation Framework »Analytic Grounding »Implements rapid allocation while enforcing Real-time guarantees »Proactive resource allocation Interface Elusiveness »Analysis of interface space for sample distributed applications –Simple systems, 10 6 – 10 16 configurations »Elusive Interfaces prototype and evaluation Tolerating a DDOS attack »Applying Agile Objects technology »Distributed Proxy Network »Back-end Agile Object Application

10 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200210 Recent Progress Completion implementation of Elusive Interfaces Complete implementation of Realtor RT Allocator Analytical Performance Requirements for Naming and Migration Modeling of Distributed Denial of Service Attack and Survivability Demonstration

11 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200211 AO Naming Performance Requirements High Performance RPC and Migration enable rapid application reconfiguration »Major costs: state movement, naming updates How fast do the naming services have to be? »Support “continuous execution” »Support enable acceptable portion of time for “real computation” Range of analysis, synthetic benchmarks »Derive performance requirements, tradeoffs »Determine acceptable naming services performance (dramatically higher) => later combine with application structure Object Migration Naming Update Name Lookup RPC Overhead Application Work Traditional System Agile Objects ? ?

12 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200212 How much work can a migrating application get done? Vary Call Frequency »# calls/migration Vary name server performance Vary Migration cost => both are critical to getting reasonable efficiencies Ex: 100 null calls/migration Lookup 10 mics, migration cost 100 mics »~25% efficiency => Need very fast name servers and significant work for AO to work well

13 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200213 How does migration cost affect efficiency? Fast migration directly enables distribution at a finer object granularity

14 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200214 How does naming lookup cost affect efficiency? Low lookup overhead is critical for achieving high efficiency High name lookup overhead prohibits flexible application distribution (and more components/application)

15 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200215 Naming Services Summary Low migration and RPC cost enable flexible deployment and application reconfiguration Use of migration for Location Elusiveness imposes stresses on the system »Naming lookup »Naming update => these services must be low-cost, scalable with ~10-100 microsecond overheads to support rapid reconfiguration => we are evaluating approaches to achieve these performance requirements

16 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200216 Proxy User Location Elusive Application AO Tolerating DDoS Attack Location Elusiveness uses reconfiguration to tolerate infrastructure-level attacks Proxies know application location Users do not know application location

17 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200217 Modeling DDoS Attack Tolerance Detailed Approach (Location Elusiveness): »Applications live in Proxy Network name space »Users (including attackers) live in the IP name space »Proxies secure the mapping between name spaces –Indirection prevents direct infrastructure level attacks on applications »Dynamically reconfigure (proactively or reactively) – proxy network, migrate applications User Proxy Network Name Space Edge Proxy User App1 App2 App3 IP Name Space Sensor

18 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200218 Multi-level Proxy Networks Location: mapping from IP to Proxy Name Spaces (Location Elusiveness) »Application can change its location due to security threat Location hiding in multiple levels »Distance to the edge corresponds to the chance of exposure (# of levels) »Distance can be changed dynamically (overhead vs. security) »Reconfiguration to contain the impact of attack Dynamic location – mapping from IP to Proxy namespace is dynamic => Model Analysis determines the key factors/issues proxy App Distance to edge Attackers Proxy Name Space IP Name Space Clients

19 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200219 Modeling and Analysis Formalize DoS attack and delivered Application service Models for: »System –Proxy network (topology, scale, reconfiguration) –Application (migration) –Sensor (accuracy, performance) »Simple Attack model (scale, rate/prob. compromise, cost) »Cost model (cost of damage, reconfiguration) A cost-oriented analysis for DoS tolerance »Investment vs. attackers capabilities, likely attacks »Develop a system analysis, based on a set of models »Open to allow others to use different assumptions

20 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200220 Key Factors Application Agility (cost of reconfig) Proxy network Complexity/Overhead Proxy network reconfiguration cost Application Performance Damage to Applications by attackers Attackers’ Capability/cost to compromise X Investment & Expected tolerance

21 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200221 Summary Recent Progress »Location Elusiveness: High Performance RPC and Migration –Naming: Analytical performance requirements, initial implementations »Interface Elusiveness: framework and empirical evaluation, full implementation »Real-time Resource Framework: proactive, fast, implemented »Exploration of capabilities: Tolerating DDoS using AO, analytical modelling of attacker/defender tradeoffs Next Steps »Evaluation of multiple Naming/migration implementations »Continue to explore Elusive Interfaces tradeoffs/capabilities »System Experiments »Continue to explore AO capabilities to tolerate DDOS attacks

22 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200222 Agile Objects Demo: Location Elusiveness Back-end Agile Objects application Migrates in AO resource pool Provides continuous service Front End Agile Objects Client, accesses Agile File Server Agile Object Applications Migrating AO Resource Pool Agile Object Clients

23 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group OASIS PI Meeting – 8/19/200223

Download ppt "University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability."

Similar presentations

Ads by Google