1 / 21

Agile Objects: Component-based Inherent Survivability

Agile Objects: Component-based Inherent Survivability. Andrew A. Chien* and Jane W. Liu** *University of California, San Diego **University of Illinois, Urbana-Champaign http://www-csag.ucsd.edu/projects/agileO.html DARPA ISO Intrusion Tolerant Systems PI Meeting February 22, 2000. Outline.

aolani
Télécharger la présentation

Agile Objects: Component-based Inherent Survivability

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agile Objects: Component-based Inherent Survivability Andrew A. Chien* and Jane W. Liu** *University of California, San Diego **University of Illinois, Urbana-Champaign http://www-csag.ucsd.edu/projects/agileO.html DARPA ISO Intrusion Tolerant Systems PI Meeting February 22, 2000

  2. Outline • Agile Objects Approach • Location Elusiveness • Interface Elusiveness • Detailed Technical Approach • Previously Reported • Progress in past six months • Future Plans

  3. Background/Existing Practice • Static Distributed Software Architectures (nearly) • Fixed points of access, deployment, resource dependence • System/Firewall/Sandbox/Domain based Security • Resource and containment oriented • Security Architecture based on Anticipated Deployment Structures • => Flexibility and reconfiguration can enhance survivability • Our Focus: Flexible Configuration of Distributed C3I Systems (Real-time, High Performance, Mission-Critical Online systems) • E.g. Aegis Battle Cruiser, Theatre Command/Information system, etc.

  4. Focus: Tolerance and Response • Resource revocation due to loss • Physical loss, destruction, crash (failure) • Resource loss due to compromise • Corruption, compromise, unacceptable risk • Resources made undesirable due to changes in security status • Under attack, detected assaults, partially compromised, loss of other security critical information • Proactive reconfiguration in response to partial loss

  5. Technical Objectives • Flexible Configuration of Distributed C3I Systems • Performance • Application Architecture • Security • Location Elusiveness • Survivability (resource loss or compromise) • Continued Real-time performance • Interface Elusiveness • Survivability (automatic, distributed attack) • Adaptive Interfaces/Security Mechanisms over Reconfiguration • Dynamic Responses to Environmental Changes • Prototypes and Demonstrations that support commercial API’s

  6. Technical Approach • Increase application capability thru Enhanced Middleware for Distributed Objects and Components • Benefit to Standard API’s • Survivability thru Elusiveness • Distributed Applications without fixed resources or configuration • Security structures adapt to configuration/performance constraints • Difficult to locate, target, identify, Difficult to compromise Agile Objects Middleware

  7. System#3 System#2 System#1 Evacuate #1 Reconfigure to new Resources Example Scenario • Distributed object/Component applications • Online reconfiguration enables a flexible dynamic response to resource or security change • Response to critical events achieved in short time scales (seconds) • Automatically reconfiguration maintains performance and security properties

  8. Challenges • Location Elusiveness: Support rapid application mobility with • Performance insensitivity • Uniform resource access • Continuous real-time performance • => make this real for significant distributed applications • Interface Elusiveness: Adapt security mechanisms and configuration • Support *very* high speed networks • Describe system application security requirements • Manage and enforce security requirements, adapting in real time to match rapid changes

  9. Detailed Technical Approach • Location Elusiveness • Theoretical and Analytical Foundations • High Performance Distributed Objects • Migration and Scalable Name Service • Dynamic Open Real-time Systems • Prototypes and Demonstrations • High performance distributed objects • Object Migration and Replication • Open Real Time systems and Distributed Resource Managers • Experiment with existing applications for transparent static redistribution • Performance experiment and demonstrations with cluster/LAN and wide-area environments

  10. Detailed Technical Approach (cont.) • Interface Elusiveness • Theoretical and Analytical Foundations • Mutating Interfaces Space/Complexity/Performance (static) • Mutating Interfaces Dynamic Coordination (dynamic) • Mutating Interfaces Targeted (specific response) • Prototypes and Demonstrations • Interface Mutation Prototypes (range, correct operation) • Dynamic Mutation (consistent operation, reconfiguration, resource adaptation) • Demonstration and evaluation of several approaches for distributed coordination • Demonstration and evaluation of targeted responses based in intrusion detection information • Integrated Experiments

  11. Progress • Previously reported results (8/99) • User-level networking performance • Fast Remote RPC (+ improving) • Basic Real-time Framework • Recent Results • Multi-DCOM Prototype • Elusive Interfaces Case Study • Future Plans • Experimentation with Multi-DCOM Prototype • Elusive Interfaces Prototype

  12. Server #1 Server #3 Multi-DCOM Infrastructure • Generic Transparent Interface for Replication • Based on DCOM infrastructure (binary modules of all derivations) • “Iterator” based API: compatibility and basis for extension and experimentation • Experimentation framework for flexible replication (Fault and Intrusion Tolerance) • Partial redundancy/threshold cryptography approaches (e.g. Pasis, etc.) Server #2 Client

  13. Elusive Interfaces Specialized Cryptography Hardware • Distributed Object and Component Applications: primitive pairwise relationships • End-to-end encryption techniques practically incompatible with high speed networks • Ideas • Low-cost encryption techniques based on interface structure • Adapt and manage automatically in response to changes • Systematic analysis of opportunities, costs, and capabilities High Speed Net Untrusted Net Time-varying

  14. Security Overhead • SSL inline overhead (excluding initial exchange protocol) • 4x fixed overhead; 17x per byte costs (~2Mbits) • 56-bit keys, 500Mhz Pentium II’s, 100Mbit Ethernet • Cleartext protocol stacks barely feed high speed networks

  15. EmblSeq Embl.getEmblSeq (string) ULONG EmblSeq.getCountA () ULONG EmblSeq.getCountC () ULONG EmblSeq.getCountG () ULONG EmblSeq.getCountT () ULONG EmblSeq.getEntryVersion () ULONG EmblSeq.getCheckSum () ULONG EmblSeq.getBioSeqVersion () ULONG EmblSeq.getLength () String EmblSeq.getEntryName () String EmblSeq.getEntryStatus () String EmblSeq.getDescription () String EmblSeq.getMoleculeType () String EmblSeq.getSeq () String EmblSeq.getTopology () String EmblSeq.getBioSeqId () RevisionList EmblSeq.getRevisions () String EmblSeq.getSubSeqByFeature (NucFeature) tk_array EmblSeq.getAnySeq () String EmblSeq.getSubSeq (ULONG, ULONG) StringList EmblSeq.getSecondaryIds () StringList EmblSeq.getComments () StringList EmblSeq.getKeyWords () DbXrefList EmblSeq.getDbXrefs () DbXrefList EmblSeq.getReferences () DbXrefList EmblSeq.getOrganisms () NucFeatureList EmblSeq.getNucFeaturesByKey (string) Location EmblSeq.getLocalLocation (NucFeature) NucFeatureList EmblSeq.getNucFeatures () Location EmblSeq.geReferenceLocation (string) String NucFeature.getFeatureId () String NucFeature.getKey () FeatureLocation NucFeature.getLocation () ULONG NucFeature.getFeatureVersion () Qualifier NucFeature.getQualifier (string) DbXrefList NucFeature.getNucSeqs () QualifierList NucFeature.getQualifiers () String FeatureLocation.getLocationString () String FeatureLocation.getSeq () NucFeature FeatureLocation.getNucFeature () LocationNodeList FeatureLocation.getNodes () Case Study: Elusive Interfaces • European Molecular Biology Laboratory’s Nucleotide Sequence Database (NSDB) • 41 methods, 4 distinct interfaces, various numbers of arguments • Wide range of data access mechanisms (standard queries) and attribute information • Application at simple end of the spectrum

  16. Dimensions of Interface Manipulation • Method offset value • Method offset spacing • Method offset location (in message) • Parameter location • Parameter organization* • Parameter encryption • Parameter buffering • Flexible packetization • Temporal variation • . . .

  17. Practical Encoding Space • How large a space can we generate for an attacker? • Analyze all possible configurations of the parameters • Potential for obscuring application information (published interfaces) • Incorrect probes all detected • (details available in a forthcoming report)

  18. Initial Observations • Space is large and proportional to interface complexity (increasing?) • Interface encoding to be performed a line speed using custom-generated code sequences • Relationship to classical cryptography approaches needs to be developed (cost, difficulty of attack) • Current: manual experiments, Building a general prototype for broader experimentation

  19. 2/00 Status Agile Objects Project Plan Location Elusiveness Interface Elusiveness High Performance RPC Analytical Foundations & Case Studies Distribution Insensitivity (RPC & Real-time Scheduling) Object Migration integrated with Distribution Insensitivity Mutation Prototype Location Elusiveness Demonstration Dynamic Mutation Prototype (online, reactive) Interface Elusiveness Demonstration Location Elusiveness Demonstration Integrated Demonstration

  20. Quantitative Metrics • Location Elusiveness • Speed of remote RPC, ratio of local/remote • Time of application reconfiguration (physical network parameters, applications) • Granularity/precision of real-time guarantees • Interface elusiveness • Size of reconfiguration space, range of techniques • Reconfiguration Cost • Reconfiguration Delay • Scale of Demonstrations

  21. Expected Major Achievements • Location Elusiveness: Distribution insensitive distributed applications • High Performance RPC which enables flexible configuration • Online Migration and Replication • Real-time applications which reconfigure while maintaining performance guarantees • Interface Elusiveness: Characterize space of interface mutation and dynamic coordination mechanisms • Crystallize a framework for adaptive interface mutation management (reconfiguration, cost, space) • Configuration independent application security specifications • Develop a range of targeted responses based on Intrusion Detection & System status information • Integrate techniques for a unified Agile Objects approach and demonstration

More Related