Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Published byReynold Dorsey Modified over 8 years ago

Similar presentations

Presentation on theme: "University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability."— Presentation transcript:

1

2 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability Andrew A. Chien* and Jane W. Liu** *University of California, San Diego **University of Illinois, Urbana-Champaign http://www-csag.ucsd.edu/projects/agileO.html DARPA ISO Intrusion Tolerant Systems PI Meeting February 22, 2000

3 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20002 Outline Agile Objects Approach »Location Elusiveness »Interface Elusiveness Detailed Technical Approach »Previously Reported »Progress in past six months Future Plans

4 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20003 Background/Existing Practice Static Distributed Software Architectures (nearly) »Fixed points of access, deployment, resource dependence System/Firewall/Sandbox/Domain based Security »Resource and containment oriented Security Architecture based on Anticipated Deployment Structures => Flexibility and reconfiguration can enhance survivability Our Focus: Flexible Configuration of Distributed C 3 I Systems (Real- time, High Performance, Mission-Critical Online systems) »E.g. Aegis Battle Cruiser, Theatre Command/Information system, etc.

5 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20004 Focus: Tolerance and Response Resource revocation due to loss »Physical loss, destruction, crash (failure) Resource loss due to compromise »Corruption, compromise, unacceptable risk Resources made undesirable due to changes in security status »Under attack, detected assaults, partially compromised, loss of other security critical information »Proactive reconfiguration in response to partial loss

6 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20005 Technical Objectives Flexible Configuration of Distributed C 3 I Systems »Performance »Application Architecture »Security Location Elusiveness »Survivability (resource loss or compromise) »Continued Real-time performance Interface Elusiveness »Survivability (automatic, distributed attack) »Adaptive Interfaces/Security Mechanisms over Reconfiguration »Dynamic Responses to Environmental Changes Prototypes and Demonstrations that support commercial API’s

7 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20006 Technical Approach Increase application capability thru Enhanced Middleware for Distributed Objects and Components »Benefit to Standard API’s Survivability thru Elusiveness »Distributed Applications without fixed resources or configuration »Security structures adapt to configuration/performance constraints »Difficult to locate, target, identify, Difficult to compromise Agile Objects Middleware

8 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20007 Example Scenario Distributed object/Component applications Online reconfiguration enables a flexible dynamic response to resource or security change Response to critical events achieved in short time scales (seconds) Automatically reconfiguration maintains performance and security properties System#1 System#2 System#3 Evacuate #1 Reconfigure to new Resources

9 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20008 Challenges Location Elusiveness: Support rapid application mobility with »Performance insensitivity »Uniform resource access »Continuous real-time performance »=> make this real for significant distributed applications Interface Elusiveness: Adapt security mechanisms and configuration »Support *very* high speed networks »Describe system application security requirements »Manage and enforce security requirements, adapting in real time to match rapid changes

10 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/20009 Detailed Technical Approach Location Elusiveness »Theoretical and Analytical Foundations –High Performance Distributed Objects –Migration and Scalable Name Service –Dynamic Open Real-time Systems »Prototypes and Demonstrations –High performance distributed objects –Object Migration and Replication –Open Real Time systems and Distributed Resource Managers –Experiment with existing applications for transparent static redistribution –Performance experiment and demonstrations with cluster/LAN and wide-area environments

11 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200010 Detailed Technical Approach (cont.) Interface Elusiveness »Theoretical and Analytical Foundations –Mutating Interfaces Space/Complexity/Performance (static) –Mutating Interfaces Dynamic Coordination (dynamic) –Mutating Interfaces Targeted (specific response) »Prototypes and Demonstrations –Interface Mutation Prototypes (range, correct operation) –Dynamic Mutation (consistent operation, reconfiguration, resource adaptation) –Demonstration and evaluation of several approaches for distributed coordination –Demonstration and evaluation of targeted responses based in intrusion detection information Integrated Experiments

12 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200011 Progress Previously reported results (8/99) »User-level networking performance »Fast Remote RPC (+ improving) »Basic Real-time Framework Recent Results »Multi-DCOM Prototype »Elusive Interfaces Case Study Future Plans »Experimentation with Multi-DCOM Prototype »Elusive Interfaces Prototype

13 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200012 Multi-DCOM Infrastructure Generic Transparent Interface for Replication »Based on DCOM infrastructure (binary modules of all derivations) “Iterator” based API: compatibility and basis for extension and experimentation »Experimentation framework for flexible replication (Fault and Intrusion Tolerance) »Partial redundancy/threshold cryptography approaches (e.g. Pasis, etc.) Client Server #2 Server #1 Server #3

14 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200013 Elusive Interfaces Distributed Object and Component Applications: primitive pairwise relationships End-to-end encryption techniques practically incompatible with high speed networks Ideas »Low-cost encryption techniques based on interface structure »Adapt and manage automatically in response to changes »Systematic analysis of opportunities, costs, and capabilities High Speed Net Untrusted Net Specialized Cryptography Hardware Time-varying

15 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200014 Security Overhead SSL inline overhead (excluding initial exchange protocol) »4x fixed overhead; 17x per byte costs (~2Mbits) »56-bit keys, 500Mhz Pentium II’s, 100Mbit Ethernet »Cleartext protocol stacks barely feed high speed networks

16 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200015 Case Study: Elusive Interfaces European Molecular Biology Laboratory’s Nucleotide Sequence Database (NSDB) 41 methods, 4 distinct interfaces, various numbers of arguments Wide range of data access mechanisms (standard queries) and attribute information Application at simple end of the spectrum EmblSeq Embl.getEmblSeq (string) ULONG EmblSeq.getCountA () ULONG EmblSeq.getCountC () ULONG EmblSeq.getCountG () ULONG EmblSeq.getCountT () ULONG EmblSeq.getEntryVersion () ULONG EmblSeq.getCheckSum () ULONG EmblSeq.getBioSeqVersion () ULONG EmblSeq.getLength () String EmblSeq.getEntryName () String EmblSeq.getEntryStatus () String EmblSeq.getDescription () String EmblSeq.getMoleculeType () String EmblSeq.getSeq () String EmblSeq.getTopology () String EmblSeq.getBioSeqId () RevisionList EmblSeq.getRevisions ()String EmblSeq.getSubSeqByFeature (NucFeature) tk_array EmblSeq.getAnySeq ()String EmblSeq.getSubSeq (ULONG, ULONG) StringList EmblSeq.getSecondaryIds () StringList EmblSeq.getComments () StringList EmblSeq.getKeyWords () DbXrefList EmblSeq.getDbXrefs () DbXrefList EmblSeq.getReferences () DbXrefList EmblSeq.getOrganisms () NucFeatureList EmblSeq.getNucFeaturesByKey (string) Location EmblSeq.getLocalLocation (NucFeature) NucFeatureList EmblSeq.getNucFeatures () Location EmblSeq.geReferenceLocation (string) String NucFeature.getFeatureId () String NucFeature.getKey () FeatureLocation NucFeature.getLocation () ULONG NucFeature.getFeatureVersion () Qualifier NucFeature.getQualifier (string) DbXrefList NucFeature.getNucSeqs ()QualifierList NucFeature.getQualifiers () String FeatureLocation.getLocationString () String FeatureLocation.getSeq () NucFeature FeatureLocation.getNucFeature () LocationNodeList FeatureLocation.getNodes ()

17 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200016 Dimensions of Interface Manipulation Method offset value Method offset spacing Method offset location (in message) Parameter location Parameter organization* Parameter encryption Parameter buffering Flexible packetization Temporal variation...

18 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200017 Practical Encoding Space How large a space can we generate for an attacker? »Analyze all possible configurations of the parameters »Potential for obscuring application information (published interfaces) »Incorrect probes all detected »(details available in a forthcoming report) Encoding Space (NSDB) No increase in Communication Traffic 10 6 – 10 8 Increasing Communication Traffic by adding Parameters 10 8 – 10 16 (most benefits with a few parameters)

19 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200018 Initial Observations Space is large and proportional to interface complexity (increasing?) Interface encoding to be performed a line speed using custom- generated code sequences Relationship to classical cryptography approaches needs to be developed (cost, difficulty of attack) Current: manual experiments, Building a general prototype for broader experimentation

20 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200019 Agile Objects Project Plan Location ElusivenessInterface Elusiveness Integrated Demonstration Interface Elusiveness Demonstration Dynamic Mutation Prototype (online, reactive) Mutation Prototype Analytical Foundations & Case Studies Location Elusiveness Demonstration Location Elusiveness Demonstration Object Migration integrated with Distribution Insensitivity Distribution Insensitivity (RPC & Real-time Scheduling) High Performance RPC 2/00 Status

21 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200020 Quantitative Metrics Location Elusiveness »Speed of remote RPC, ratio of local/remote »Time of application reconfiguration (physical network parameters, applications) »Granularity/precision of real-time guarantees Interface elusiveness »Size of reconfiguration space, range of techniques »Reconfiguration Cost »Reconfiguration Delay Scale of Demonstrations

22 University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Andrew A. Chien – 2/22/200021 Expected Major Achievements Location Elusiveness: Distribution insensitive distributed applications »High Performance RPC which enables flexible configuration »Online Migration and Replication »Real-time applications which reconfigure while maintaining performance guarantees Interface Elusiveness: Characterize space of interface mutation and dynamic coordination mechanisms »Crystallize a framework for adaptive interface mutation management (reconfiguration, cost, space) »Configuration independent application security specifications Develop a range of targeted responses based on Intrusion Detection & System status information Integrate techniques for a unified Agile Objects approach and demonstration

Download ppt "University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability."

Similar presentations

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Lecture # 2 : Process Models

Lecture # 2 : Process Models
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
Distributed components

Distributed components
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Chapter 17: Client/Server Computing Business Data Communications, 4e.

Chapter 17: Client/Server Computing Business Data Communications, 4e.
SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics

SE curriculum in CC2001 made by IEEE and ACM: Overview and Ideas for Our Work Katerina Zdravkova Institute of Informatics
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.

1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.

Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.
SensIT PI Meeting, April 17-20, 2001 1 Distributed Services for Self-Organizing Sensor Networks Alvin S. Lim Computer Science and Software Engineering.

SensIT PI Meeting, April 17-20, Distributed Services for Self-Organizing Sensor Networks Alvin S. Lim Computer Science and Software Engineering.
1 Personal Activity Coordinator (PAC) Xia Hong UC Berkeley ISRG retreat 1/11/2000.

1 Personal Activity Coordinator (PAC) Xia Hong UC Berkeley ISRG retreat 1/11/2000.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Concurrent Systems Architecture Group University of California, San Diego and University of Illinois at Urbana-Champaign Morph 9/21/98 Morph: Supporting.

Concurrent Systems Architecture Group University of California, San Diego and University of Illinois at Urbana-Champaign Morph 9/21/98 Morph: Supporting.
Undergraduate Poster Presentation Match 31, 2015 Department of CSE, BUET, Dhaka, Bangladesh Wireless Sensor Network Integretion With Cloud Computing H.M.A.

Undergraduate Poster Presentation Match 31, 2015 Department of CSE, BUET, Dhaka, Bangladesh Wireless Sensor Network Integretion With Cloud Computing H.M.A.
Software Process and Product Metrics

Software Process and Product Metrics
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Similar presentations

Ads by Google