Presentation is loading. Please wait.

Presentation is loading. Please wait.

SRS Common Architecture Bob Balzer Neil Goldman Dave Wile Teknowledge Corp.

Published byHelen Martin Modified over 9 years ago

Similar presentations

Presentation on theme: "SRS Common Architecture Bob Balzer Neil Goldman Dave Wile Teknowledge Corp."— Presentation transcript:

1 SRS Common Architecture Bob Balzer Neil Goldman Dave Wile Teknowledge Corp.

2 Defense In Depth –Outer Prevention Layer: Block most attacks Prevention SRS Integration Architecture Proactive Prevention Reactive Prevention –Inner Regenerative Layer: Repair (and prevent) unblocked attacks Self-Regeneration Recovery Health Monitoring Diagnosis Memory Layout Diversity, Network Filter, Scalable Redundant Storage, Robust Scalable Comm. Software Dynamic Translation, Generated Network Filter, Dynamic Method Dispatch Component Diagnosis, Attack Recognition, Malicious Intent Determiner Corruption Extent Determiner, Reconstitution Planner Architecture Diffferencer, Harm Detector Sensor Repair

3 Technical Goals Include as many SRS program elements as possible Minimal intrusion into existing tools, primarily –by announcing system status incrementally –And dynamically responding to other tools’ results Integrate capabilities for seamless interoperation Stimulate the production of new capabilities to further integration goals

4 Project Abbreviations AWDRAT: MIT: Shrobe and Teknowledge:Balzer Cortex: Honeywell: Musliner Daikon: MIT: Ernst and Rinard Dawson: Global Infotek: Just JHU: Johns Hopkins U.: Amir and Purdue U.: Nita-Rotaru MBE (model-based executive): MIT: Williams and Sullivan PMOP: Teknowledge: Balzer and MIT: Shrobe SensorNet: Telcordia: Van Den Berg and Rutgers: Rajagopalan Strata (Genesis): UVA: Knight, Davidson, Evans, Nguyen-Tuong and CMU: Wang

5 SRS Component Shared System Architecture Announce and analyze system status Dawson PMOP JHU DaikonSensorNet Strata MBE Cortex AWDRAT Choose response Effect response

6 Technical Approach Parallel monitoring and analysis by SRS components of a single target system Components communicate via a global blackboard Blackboard organized by a shared ontology for describing system and heartbeat states Subscriptions provide access to others’ sensors, analysis, and response choice

7 SRS Organizational Architecture Cortex Pervasive Self-Regeneration Learning&Repair AWDRAT PMOPSensorNet GenesysDawson

8 Overview of Potential Scenarios Setup Install Learning Harness (Cortex, Daikon, MBE, PMOP) Determine Method / Class Equivalents (PMOP, Strata) Install Wrappers and Obfuscate DLLs (AWDRAT, Dawson, PMOP) Data Error (Daikon) Program Error (AWDRAT, Cortex, Dawson, JHU, MBE, Strata) Operator Induced Error (PMOP, SensorNet) Detect Heartbeat (Cortex) Attack Indicator (Dawson) Collateral Damage Assessment (AWDRAT, Daikon, JHU, MBE) Trust and Risk (AWDRAT, Cortex, MBE, PMOP, SensorNet) Analyze Assess Learning Data (Cortex, Daikon, MBE, PMOP) Data Error: Data Repair (Daikon) Restore Data / DB (Cortex) Operator Induced Error: Automated surrogate or backup operator Omit the affected component Propose Repair Program Error: Execute a component in the virtual machine (Strata) Select from method alternatives & regenerate from scratch (AWDRAT, Dawson, MBE) Select from method alternatives & backtrack (JHU)

9 Scenarios Continued Choose Repair (New Work to choose among additional proposed repairs) Data Error: Data Repair (Daikon) Restore Compromised DB (Cortex) Program Error: Execute a component in the virtual machine (Strata) Select from method alternatives & regenerate from scratch (AWDRAT, Dawson, MBE) Select from method alternatives & backtrack (JHU) Make Repair Operator Induced Error: Prevent bad effects (PMOP, SensorNet) Ignore or encapsulate the error (New Work)

10 Blackboard Organization Blackboard layers correspond to scenario layers S (setup) D (detect) A (analyze) PR (propose repair) CR (choose repair) MR (make repair

11 Messages Passed Setup and Status SRS Agents –S:Environment attribute or input A has value V –S:Program mode for Sys is M –S:System components for Sys are { c i } –S:Variants for CID are { c i } S:Variant generator for CID is SRSAgent [ mode, CID] –S:Checkpoint Sys in D –S:GUI checkpoint E in D Detection SRS Agents –D:Program Sys had fault F at L in c i [where L is contained in Sys] (Fault is supertype of DataError, OperatorInducedError, ProgramError) –D:Missed heartbeat Sys at time T fault F –D:Attack of Sys indicator I for CID at L in c i Analysis SRS Agents –A:Program Sys has vulnerability V at L { to risk R } –A:Program Sys has collateral damage V at L –A:Component c i would incur risk R with certainty P –A:End of Positive {or Negative} learning example trial for Sys

12 Propose Repair, Choose Repair & Make Repair SRS Agents – Same messages used in each layer for different purposes: –Detectors and analyzers populate PR layer with these assertions (see following Messages). –Choose Repair agent asserts these same facts into CR, triggering repair. –Effectors assert these facts into MR to indicate repair completion. Messages –[layer] :Replay component c i from checkpoint D in history H –[layer] :Substitute c i in Sys at L [used for Data repair, database substitution, and program regeneration] –[layer] :Remove component c i in Sys at L –[layer] :Revert Sys to checkpoint D in history H Messages Passed

13 Ontology for Blackboard All blackboard objects part of ontologically described database Historical and Metadata – facts as objects –May need special assertions –And special queries

14 Ontology Demo

15

16 Blackboard Design Issues System representation –Identity –Versions (especially with learning) –Historical data –Specific types Programs GUI actions States Environment Control Modes Conflict resolution Control resolution –Metadata –Layered blackboard –Agent relationships Activities and Results to be communicated among SRS agents

17 Traditional Conflict Resolution Solutions “First” rule by some criterion Highest “priority” rule Most “specific” rule Rule that refers to the element most “recently” added New rule Arbitrary All rules in parallel Compartmentalized knowledge

18 Race Conditions Blackboards lose their elegance when agents cannot freely access them, e.g. when agents don’t know whether to wait for more information to arrive. –E.g. Good: agents A and B both analyze message M and report their results independently –E.g. Bad: agents A, B, and C all analyze message M but B and C need A to have “passed” message M before they can work –Bad solution: B waits for A to “bless” M or “fail M” before proceeding Good solution: when A can respond to M in a blackboard layer not examined by B and C, subsequently asserting M into a blackboard layer that both B and C look at. If they’re all in the same layer, a possible solution is lattice-based access within a layer: –Register B and C as higher in the layer’s lattice relating all agents’ access –When a message M arrives that A is interested in, it is sent to A first. –If A reasserts M, both B and C can act on it. Otherwise, it has been “consumed” and must be removed from the blackboard. –Multiple, simultaneous messages: prefer complex message groups to simpler ones. Use to introduce fault analyzers and repair choice between layers. BC A

Download ppt "SRS Common Architecture Bob Balzer Neil Goldman Dave Wile Teknowledge Corp."

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech

Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
Telecommunications Management 273-436/635 Network Management.

Telecommunications Management /635 Network Management.
Prentice Hall, 2003 1 Database Systems Week 1 Introduction By Zekrullah Popal.

Prentice Hall, Database Systems Week 1 Introduction By Zekrullah Popal.
Iron Mountain’s Email Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.

Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The.

Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
EXPERT SYSTEMS Part I.

EXPERT SYSTEMS Part I.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.

Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.
Agent-Based Acceptability-Oriented Computing International Symposium on Software Reliability Engineering Fast Abstract by Shana Hyvat.

Agent-Based Acceptability-Oriented Computing International Symposium on Software Reliability Engineering Fast Abstract by Shana Hyvat.
Design of an Intrusion Response System using Evolutionary Computation Rohit Parti.

Design of an Intrusion Response System using Evolutionary Computation Rohit Parti.
Or, Providing High Availability and Adaptability in a Decentralized System Tapestry: Fault-resilient Wide-area Location and Routing Issues Facing Wide-area.

Or, Providing High Availability and Adaptability in a Decentralized System Tapestry: Fault-resilient Wide-area Location and Routing Issues Facing Wide-area.
SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.

SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.
March 24, 2003Upadhyaya – IWIA 20031 A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.

March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Problem Management Overview

Problem Management Overview

Similar presentations

Ads by Google