1 21 July 00 Joint PI Meeting FTN Applications that Participate in their Own Defense (APOD) BBN Technologies Franklin Webber, Ron Scott, Partha Pal, Michael.

Slides:



Advertisements
Similar presentations
1 12/16/98DARPA Intrusion Detection PI Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall
Advertisements

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Applications that Participate in their Own Defense (APOD) A BBN Technologies Project Sponsored by DARPA Under the FTN Program (Dr. Douglas Maughan) Monitored.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
1 23 March 00 APOD Review Applications that Participate in their Own Defense (APOD) Review Meeting 23 March 00 Presentation by: Franklin Webber, Ron Scott,
Distributed Systems Architectures
1 12/10/03CCM Workshop QoS Engineering and Qoskets George Heineman Praveen Sharma Joe Loyall Richard Schantz BBN Technologies Distributed Systems Department.
Software Evolution Managing the processes of software system change
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
1 8/99 IMIC Workshop 6/22/2015 New Network ServicesJohn Zinky BBN Technologies The Need for A Network Resource Status Service IMIC Workshop 1999 Boston.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
1 5/4/99ISORC ‘99 BBN Technologies An Object-level Gateway Supporting Integrated Property Quality of Service Rick Schantz John Zinky, David Karr, Dave.
OPX PI Meeting 2002 February page 1 Applications that Participate in their Own Defense (APOD) QuO Franklin Webber BBN Technologies.
Scott Hoffpauir BroadSoft, Inc. Vice President, Engineering OPENSIG October 15, 1999 The Enhanced Services Layer in a Distributed Packet Network.
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
© DSRG 2001www.cs.agh.edu.pl Cross Grid Workshop - Kraków Krzysztof Zieliński, Sławomir Zieliński University of Mining and Metallurgy {kz,
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Lecture 11 Intrusion Detection (cont)
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
1 4/20/98ISORC ‘98 BBN Technologies Specifying and Measuring Quality of Service in Distributed Object Systems Joseph P. Loyall, Richard E. Schantz, John.
1 05/01/02ISORC 2002 BBN Technologies Joe Loyall Rick Schantz, Michael Atighetchi, Partha Pal Packaging Quality of Service Control Behaviors for Reuse.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
BBN Technologies Craig Rodrigues Gary Duzan QoS Enabled Middleware: Adding QoS Management Capabilities to the CORBA Component Model Real-time CCM Meeting.
©Ian Sommerville 2000 Software Engineering, 6th edition. Slide 1 Component-based development l Building software from reusable components l Objectives.
Intrusion Tolerance by Unpredictability and Adaptation Presented by: Partha Pal Ron Watro Franklin Webber Chris Jones William H. Sanders Michel Cukier.
1 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Mechanisms and the APOD Red-team Experiments Chris Jones Michael Atighetchi, Partha Pal, Franklin.
MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,
1 06/00 Questions 10/6/2015 QoS in DOS ECOOP 2000John Zinky BBN Technologies ECOOP 2000 Workshop on Quality of Service in Distributed Object Systems
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.
1 10/20/01DOA Application of the QuO Quality-of-Service Framework to a Distributed Video Application Distributed.
WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.
Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.
BBN Technologies a part of page 118 January 2001 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting January.
1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal,
1 Introduction to Middleware. 2 Outline What is middleware? Purpose and origin Why use it? What Middleware does? Technical details Middleware services.
1 06/ /21/2015 ECOOP 2000 Workshop QoS in DOSJohn Zinky BBN Technologies Quality Objects (QuO) Middleware Framework ECOOP 2000 Workshop QoS in DOS.
Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
2001 July page 1 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting 2001 July 30 Franklin Webber QuO.
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
1 10/23/98Lunchtime Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall, Rick Schantz, Rodrigo Vanegas, James Megquier,
1 Applying Adaptive Middleware, Modeling, and Real-Time CORBA Capabilities to Ensure End-to- End QoS Capabilities of Video Streams BBN Technologies Cambridge,
9 Systems Analysis and Design in a Changing World, Fourth Edition.
2001 November13 -- page 1 Applications that Participate in their Own Defense (APOD) Project Status Review Presentation to Doug Maughan Presentation by.
Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.
1 BBN Technologies Quality Objects (QuO): Adaptive Management and Control Middleware for End-to-End QoS Craig Rodrigues, Joseph P. Loyall, Richard E. Schantz.
1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting.
The CoBFIT Toolkit PODC-2007, Portland, Oregon, USA August 14, 2007 HariGovind Ramasamy IBM Zurich Research Laboratory Mouna Seri and William H. Sanders.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Java Programming: Advanced Topics 1 Enterprise JavaBeans Chapter 14.
Role Of Network IDS in Network Perimeter Defense.
March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.
Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally
Middleware Policies for Intrusion Tolerance
Intrusion Tolerance by Unpredictable Adaptation
Security Engineering.
Inventory of Distributed Computing Concepts and Web services
Inventory of Distributed Computing Concepts
Quality-aware Middleware
Presentation transcript:

1 21 July 00 Joint PI Meeting FTN Applications that Participate in their Own Defense (APOD) BBN Technologies Franklin Webber, Ron Scott, Partha Pal, Michael Atighetchi, Chris Jones, Tom Mitchell, and Ron Watro {fwebber, rscott, ppal, matighet, ccjones, tmitchel, QuO

2 21 July 00 Joint PI Meeting FTN Long-term Vision Systems with more survivability, built with less effort. Future military systems need to be more survivable than the components from which they are built. These systems will be distributed, and will: –Assume that OS and network infrastructure is vulnerable to intrusion and cyber-attack; –Adapt their own behavior, resource usage, and service levels to remain as effective as possible in spite of attacks. Such systems are defense-enabled, and need to be designed, implemented, operated, and maintained with less (or at least no more) effort than today’s non-defense-enabled systems.

3 21 July 00 Joint PI Meeting FTN Have multiple operating modes and a strategy for changing modes to survive the effects of intrusion and denial of service –some adaptations will lead to a degraded mode of operation –most will involve interacting with management subsystems in the application’s environment to collect information and request changes –most will be automatic Are aware of various aspects of Quality of Service (QoS) and can recognize and react when QoS is degraded, indicating a potential failure, intrusion, or attack Integrate security mechanisms, including intrusion detection systems (IDSs), with the application and with QoS management subsystems Adaptable, Defense-Enabled, Survivable Applications

4 21 July 00 Joint PI Meeting FTN Application and Attacker Compete to Control System Resources Application Attacker Raw Resources CPU, bandwidth, files... QoS Management CryptoCrypto OSs and NetworkIDSsFirewalls

5 21 July 00 Joint PI Meeting FTN Levels of Attacker Privilege no privilege “login shell” privilege “root shell” privilege application privilege Application privilege includes the ability to modify the application or start new application components. We assume attackers do not have application privilege. We use cryptographic techniques to try to enforce this assumption. A related BBNT project (under ITS) will remove this assumption about application privilege. “Intrusion Tolerance by Uncertain Adaptation”

6 21 July 00 Joint PI Meeting FTN Project Goals Formulate strategies for responding to attacks that threaten survival of applications. Organize response mechanisms around a middleware infrastructure (i.e., a software layer between the application and the resources). –Start with existing QuO (Quality of Service for Objects) framework and the QoS aspects it supports; –Extend QuO as necessary with application-centered strategies. Test whether response strategies, implemented at both the application and middleware layers and using QuO-integrated mechanisms, enhance survivability.

7 21 July 00 Joint PI Meeting FTN Why Put Defenses In Middleware? practicality: Requiring secure, reliable OS and network support is not currently cost-effective. Middleware defenses will augment, not replace, defense mechanisms available in lower system layers. simplicity: QoS concerns separated from functionality of application. Better software engineering. uniformity: Advanced middleware such as QuO provides a systematic way to integrate defense mechanisms. Middleware can hide peculiarities of different platforms. reuseability Middleware can support a wide variety of applications.

8 21 July 00 Joint PI Meeting FTN QuO Technology QuO is DARPA Quorum developed middleware that provides: interfaces to property managers, each of which monitors and controls an aspect of the Quality of Service (QoS) offered by an application; specifications of the application’s normal and alternate operating conditions and how QoS should depend on these conditions. QuO has integrated managers for several properties: dependability (DARPA’s Quorum AQuA project) communication bandwidth (DARPA’s Quorum DIRM project) real-time processing (using TAO from UC Irvine/WUStL) security (using OODTE access control from NAI) QuO

9 21 July 00 Joint PI Meeting FTN Simplified DOC Model (CORBA) ClientNetworkServer Application Developer Mechanism Developer Logical Method Call Client ORB Proxy Obj Req Broker Object ORB Proxy Obj Req Broker Network

10 21 July 00 Joint PI Meeting FTN QuO adds specification, measurement, and adaptation into the object model ClientNetworkServer Application Developer QuO Developer Mechanism Developer Logical Method Call Client Delegate ORB Proxy Specialized ORB Contract SysCond Object Delegate ORB Proxy Specialized ORB Contract Network Mechanism/Property Manager SysCond

11 21 July 00 Joint PI Meeting FTN The QuO Toolkit provides tools for building QuO applications Quality Description Languages (QDL) –Support the specification of QoS contracts (CDL), delegates and their adaptive behaviors (SDL), connection, creation, and initialization of QuO application components (CSL) –QuO includes code generators that parse QDL descriptions and generates Java and C++ code for contracts, delegates, creation, and initialization System Condition Objects, implemented as CORBA objects QuO Runtime Kernel –Contract evaluator –Factory object which instantiates contract and system condition objects CORBA IDL Code Generators Code Generators Contract Description Language (CDL) Structure Description Language (SDL) QuO Runtime Delegates Contracts Connectors Connector Setup Language (CSL)

12 21 July 00 Joint PI Meeting FTN A Classification of Defense Mechanisms Table is open to expansion: more strategies more columns

13 21 July 00 Joint PI Meeting FTN Accomplishments Integrated the following defensive mechanisms within the QuO adaptive infrastructure: redundancy management access control intrusion detection packet filtering Applied all the mechanisms in a simple defensive strategy in the context of a single demonstration example air traffic monitoring application Developed validation plan (partially complete)

14 21 July 00 Joint PI Meeting FTN Control CenterField Deployed admin publish Map server File sharing protocol Map display attacker Tripwire detects intrusion into admin credentials Quo Contract sens1 simulator database sens2 attacker Attempt to insert fake data into the database is thwarted by OO-DTE Quo Contract Admin privileges suspended after intrusion detected tripwire QuO sets critical parameters to preset value QuO restores credentials

15 21 July 00 Joint PI Meeting FTN Redundancy Management Threat: denial of service by killing application components Defense: maintain component replicas group communication using Ensemble (Cornell U) membership services reliable atomic multicast encapsulation in QuO Gateway alternate transport-layer protocol replica management using Proteus (U of Illinois) several alternate failure models supported TBD: use “secure Ensemble” replicate Proteus, QuO Kernel

16 21 July 00 Joint PI Meeting FTN QuO Gateway IIOPGlue Control QuO Gateways Support Specialized Communication Protocols Client-Side ORB IIOP Group Replication WAN Bandwidth Reservation IIOP over TCP/IP (default) IIOPGlue Control IIOP Server-Side ORB The QuO gateway enables insertion of below-the-ORB mechanisms and specialized network controls The gateway translates IIOP messages into specialized communication protocols or network level controls To the client-side, the QuO gateway looks like the remote ORB To the object-side, the QuO gateway looks like the client’s ORB The two ends of the gate- way are on the same LAN as the client/object Currently, we have gate- ways that support Ensemble group communication, RSVP resource reservation, and IIOP over TCP/IP

17 21 July 00 Joint PI Meeting FTN Access Control Threat: corruption of the application’s components or its communication Defense: cryptography-based access control security policy maintenance using OODTE (NAI) digital signatures using PGP or JCE access control enforcement in CORBA interceptors Proteus and QuO Kernel protected executables, keys, protected by Tripwire TBD: use enhancements to OODTE enforcement as they become available from NAI (e.g., SSL enforcement in conjuction with Ensemble)

18 21 July 00 Joint PI Meeting FTN Stand-Alone Mechanisms Integrated Using QuO Using off-the-shelf IDSs Tripwire to notice attacks on critical files Snort to recognize known attack signatures in network traffic Using Linux ipchains to block packets suspected to be a threat needed to counter some denial of service attacks a readily available defense on a single platform These mechanisms are off-the-shelf QuO is a control system in which IDSs are one kind of sensor and ipchains is one kind of actuator

19 21 July 00 Joint PI Meeting FTN Work In Progress Augmenting IDS information about possible attacks with application-level anomaly detection: violation of application invariants timeouts Developing more complex defense strategies, e.g., anomalous behavior from one host triggers further scrutiny Porting QuO Gateway to TAO (The ACE ORB) (UC Irvine, Wash U StL) will facilitate future control of real-time behavior

20 21 July 00 Joint PI Meeting FTN Plans Integrate management of additional QoS aspects: scheduling CPU expect to rely on TAO real-time reserving communication bandwidth candidate mechanism is ARQOS (NC State) Implement additional defensive strategies: port hopping protocol replacement Tighten current defenses (e.g. replicate Proteus, QuO) Develop toolkit for configuring application defenses specification language for defensive strategies Evaluate defensive strategies both by analysis and by experiment

21 21 July 00 Joint PI Meeting FTN A Strategy Specification Language Short-Term Goal: describe defensive strategies abstractly avoid hardwiring in property managers allow non-APOD users to create own strategies easily encapsulate QuO QDLs Long-Term Goal: map high-level strategies to lower-level ones generate some QDL automatically generate instructions for non-QuO components, e.g. configure IDSs dynamically using CIDF

22 21 July 00 Joint PI Meeting FTN Validating Defenses by Experiment Are APOD defense strategies effective? This question cannot be answered by analysis alone: depends on skill of attacker depends on quality of defenses in underlying OS and network IA’s Technology Integration Center offers facilities and staff that could be used for running attacks against APOD defenses. We are trying to put an APOD experiment on the TIC’s agenda. Hypothesis: the application-level defensive adaptation in an APOD application significantly increases the work needed to damage or destroy that application

23 21 July 00 Joint PI Meeting FTN Schedule July 1999 Start July 2000July 2001July 2002 Finish Final Survivability Tools Delivery Proof of Concept SW Release Defense-Enabled App SW Releases Validation Experiment Technical Reports

24 21 July 00 Joint PI Meeting FTN Technology Transition Plan: Defense-enabling of more complex applications Candidate applications likely to emerge from QuO user base NSWC ALP (Advanced Logistics Program)

25 21 July 00 Joint PI Meeting FTN Summary A variety of software defense mechanisms, including property management and other support from QuO middleware, is being used to enhance the survivability of applications. Ideally, the effectiveness of these defenses will be tested by experiment at the TIC. A software release, demonstrating the use of redundancy management, cryptography-based access control, multiple IDS triggers, and packet filtering, will be available after July 2000:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.