Presentation is loading. Please wait.

Presentation is loading. Please wait.

MILCOM 2001 October 30 -- page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,

Published byBeryl Bruce Modified over 9 years ago

Similar presentations

Presentation on theme: "MILCOM 2001 October 30 -- page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,"— Presentation transcript:

1 MILCOM 2001 October 30 -- page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi, Joseph Loyall BBN Technologies QuO

2 MILCOM 2001 October 30 -- page 2 Defense-Enabled Software Applications Some software applications can be given increased resistance to malicious attack even though the environment in which they run is untrustworthy. Any such application is “defense-enabled”.

3 MILCOM 2001 October 30 -- page 3 Research On Defense Enabling Sponsored by DARPA/ATO Part of Fault-Tolerant Networking Program

4 MILCOM 2001 October 30 -- page 4 A Distributed Military Application

5 MILCOM 2001 October 30 -- page 5 A Cyber-Attack

6 MILCOM 2001 October 30 -- page 6 An Abstract View Attacker Data Processing (Fusion, Analysis, Storage, Forwarding, etc.) Data User Data Source

7 MILCOM 2001 October 30 -- page 7 Traditional Security Attacker Application Private Resources Private Resources Limited Sharing Trusted OSs and Network

8 MILCOM 2001 October 30 -- page 8 Most OSs and Networks In Common Use Are Untrustworthy Attacker Application Private Resources Private Resources Limited Sharing OSs and Network

9 MILCOM 2001 October 30 -- page 9 Cryptographic Techniques Can Block (Most) Direct Access to Application Attacker Application Private Resources Private Resources Limited Sharing OSs and Network CryptoCrypto

10 MILCOM 2001 October 30 -- page 10 Attacker Raw Resources CPU, bandwidth, files... OSs and NetworkIDSsFirewalls Firewalls Block Some Attacks; Intrusion Detectors Notice Others Application CryptoCrypto

11 MILCOM 2001 October 30 -- page 11 Application Attacker Raw Resources CPU, bandwidth, files... QoS Management CryptoCrypto OSs and NetworkIDSsFirewalls Defense-Enabled Application Competes With Attacker for Control of Resources

12 MILCOM 2001 October 30 -- page 12 QuO Adaptive Middleware Technology QuO is DARPA Quorum developed middleware that provides: interfaces to property managers, each of which monitors and controls an aspect of the Quality of Service (QoS) offered by an application; specifications of the application’s normal and alternate operating conditions and how QoS should depend on these conditions. QuO has integrated managers for several properties: dependability (DARPA’s Quorum AQuA project) communication bandwidth (DARPA’s Quorum DIRM project) real-time processing (using TAO from UC Irvine/WUStL) security (using OODTE access control from NAI) QuO

13 MILCOM 2001 October 30 -- page 13 QuO adds specification, measurement, and adaptation into the distributed object model Application Developer Mechanism Developer CLIENT Network operation() in args out args + return value IDL STUBS IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF CLIENT Delegate Contract SysCond Contract Network MECHANISM/PROPERTY MANAGER operation() in args out args + return value IDL STUBS Delegate SysCond IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF Application Developer QuO Developer Mechanism Developer CORBA DOC MODEL QUO/CORBA DOC MODEL

14 MILCOM 2001 October 30 -- page 14 The QuO Toolkit Supports Building Adaptive Apps or Adding Adaptation to Existing Apps QuO aspect languages –Contract description language and adaptive behavior description language –Code generators that weave QuO code into Java and C++ applications System Condition Objects –Provide interfaces to resources, managers, and mechanisms QuO Runtime Kernel –Contract evaluator –Factory object which instantiates contract and system condition objects Instrumentation library QuO gateway –Insertion of special purpose transport layers and adaptation below the ORB CORBA IDL Code Generators Code Generators Contract Description Language (CDL) Adaptation Specification Language (ASL) QuO Runtime Delegates Contracts

15 MILCOM 2001 October 30 -- page 15 Implementing Defenses in Middleware for simplicity: QoS concerns separated from functionality of application. Better software engineering. for practicality: Requiring secure, reliable OS and network support is not currently cost-effective. Middleware defenses will augment, not replace, defense mechanisms available in lower system layers. for uniformity: Advanced middleware such as QuO provides a systematic way to integrate defense mechanisms. Middleware can hide peculiarities of different platforms. for reuseability Middleware can support a wide variety of applications.

16 MILCOM 2001 October 30 -- page 16 Security Domains Limit the Damage From A Single Intrusion hacked domain host router domain host router domain host

17 MILCOM 2001 October 30 -- page 17 Replication Management Can Replace Killed Processes hacked domain host router domain host router domain host application component replicas QuO replica management

18 MILCOM 2001 October 30 -- page 18 Bandwidth Management Can Counter Flooding Between Routers hacked domain host router domain host router domain host QuO bandwidth management RSVP reservation

19 MILCOM 2001 October 30 -- page 19 Other Defense Mechanisms Dynamically change communication ports Dynamically change communication protocols

20 MILCOM 2001 October 30 -- page 20 A Defense Strategy Coordinates Defense Mechanisms “if several IDS alarms on host H, tighten firewall on H” “if multiple crashes on host H, move application process replicas elsewhere” For example: Applications we have defense-enabled use a variety of such rules, implemented in QuO.

21 MILCOM 2001 October 30 -- page 21 Validation Effectiveness of individual defense mechanisms has been tested in-house. Effectiveness of combined defense strategies will be measured by Red Team experiments.

22 MILCOM 2001 October 30 -- page 22 Conclusion The technique of defense enabling is likely to increase the survivability of military applications and, because defenses are implemented in middleware, can be applied with relatively little effort.

Download ppt "MILCOM 2001 October 30 -- page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,"

Similar presentations

General introduction to Web services and an implementation example

General introduction to Web services and an implementation example
1 12/16/98DARPA Intrusion Detection PI Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall www.dist-systems.bbn.com/projects/OIT.

1 12/16/98DARPA Intrusion Detection PI Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Distributed Systems Architectures Slide 1 1 Chapter 9 Distributed Systems Architectures.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Distributed Systems Architectures Slide 1 1 Chapter 9 Distributed Systems Architectures.
Applications that Participate in their Own Defense (APOD) A BBN Technologies Project Sponsored by DARPA Under the FTN Program (Dr. Douglas Maughan) Monitored.

Applications that Participate in their Own Defense (APOD) A BBN Technologies Project Sponsored by DARPA Under the FTN Program (Dr. Douglas Maughan) Monitored.
Common Object Request Broker Architecture (CORBA) By: Sunil Gopinath David Watkins.

Common Object Request Broker Architecture (CORBA) By: Sunil Gopinath David Watkins.
CORBA - Common Object Request Broker Architecture.

CORBA - Common Object Request Broker Architecture.
1 23 March 00 APOD Review Applications that Participate in their Own Defense (APOD) Review Meeting 23 March 00 Presentation by: Franklin Webber, Ron Scott,

1 23 March 00 APOD Review Applications that Participate in their Own Defense (APOD) Review Meeting 23 March 00 Presentation by: Franklin Webber, Ron Scott,
© Chinese University, CSE Dept. Distributed Systems / 1 - 1 Distributed Systems Topic 1: Characterization and Design Goals Dr. Michael R. Lyu Computer.

© Chinese University, CSE Dept. Distributed Systems / Distributed Systems Topic 1: Characterization and Design Goals Dr. Michael R. Lyu Computer.
Distributed Systems Architectures

Distributed Systems Architectures
1 12/10/03CCM Workshop QoS Engineering and Qoskets George Heineman Praveen Sharma Joe Loyall Richard Schantz BBN Technologies Distributed Systems Department.

1 12/10/03CCM Workshop QoS Engineering and Qoskets George Heineman Praveen Sharma Joe Loyall Richard Schantz BBN Technologies Distributed Systems Department.
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.

1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
1 8/99 IMIC Workshop 6/22/2015 New Network ServicesJohn Zinky BBN Technologies The Need for A Network Resource Status Service IMIC Workshop 1999 Boston.

1 8/99 IMIC Workshop 6/22/2015 New Network ServicesJohn Zinky BBN Technologies The Need for A Network Resource Status Service IMIC Workshop 1999 Boston.
1 5/4/99ISORC ‘99 BBN Technologies An Object-level Gateway Supporting Integrated Property Quality of Service Rick Schantz John Zinky, David Karr, Dave.

1 5/4/99ISORC ‘99 BBN Technologies An Object-level Gateway Supporting Integrated Property Quality of Service Rick Schantz John Zinky, David Karr, Dave.
OPX PI Meeting 2002 February 21 -- page 1 Applications that Participate in their Own Defense (APOD) QuO Franklin Webber BBN Technologies.

OPX PI Meeting 2002 February page 1 Applications that Participate in their Own Defense (APOD) QuO Franklin Webber BBN Technologies.
TENA Test and Training Enabling Architecture. TENA TENA is used in range environments, often in the L portion of LVC Slightly different emphasis; small.

TENA Test and Training Enabling Architecture. TENA TENA is used in range environments, often in the L portion of LVC Slightly different emphasis; small.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
1 4/20/98ISORC ‘98 BBN Technologies Specifying and Measuring Quality of Service in Distributed Object Systems Joseph P. Loyall, Richard E. Schantz, John.

1 4/20/98ISORC ‘98 BBN Technologies Specifying and Measuring Quality of Service in Distributed Object Systems Joseph P. Loyall, Richard E. Schantz, John.

Similar presentations

Ads by Google