Agile Objects: Componentbased Inherent Survivability - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Agile Objects: Componentbased Inherent Survivability

Description:

Concurrent Systems Architecture Group. Agile Objects: Component-based Inherent Survivability ... E.g. Aegis Battle Cruiser, Theatre Command/Information system, etc. ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 24
Provided by: Andre524
Category:

less

Transcript and Presenter's Notes

Title: Agile Objects: Componentbased Inherent Survivability


1
Agile Objects Component-based Inherent
Survivability
  • Andrew A. Chien
  • achien_at_cs.ucsd.edu, UC San Diego
  • Riccardo Bettati
  • bettati_at_cs.tamu.edu, Texas AM
  • http//www-csag.ucsd.edu/projects/agileO.html
  • AFRL F30602-9-1-0534
  • OASIS PI Meeting, August 19, 2002

2
Outline
  • Motivation and Goals
  • Agile Objects Project
  • Agile Objects Recent Progress
  • Naming Services
  • Application for DDoS Tolerance

3
Context
  • Static Distributed Software Architectures
    (nearly)
  • Fixed points of access, deployment, resource
    dependence
  • System/Firewall/Sandbox/Domain based Security
  • Resource and containment oriented
  • Security Architecture based on Anticipated
    Deployment Structures
  • gt Flexibility and reconfiguration to enhance
    survivability
  • Our Focus Flexible Configuration of Distributed
    C3I Systems (Real-time, High Performance,
    Mission-Critical Online systems)
  • E.g. Aegis Battle Cruiser, Theatre
    Command/Information system, etc.
  • High bandwidth networks, rich resource environment

4
Agile Objects
  • Middleware for survivable component based
    distributed applications
  • Large number of distributed components, extensive
    communication via RPC
  • Ex large distributed Java or .NET application
  • Survivability to distributed applications based
    on
  • High performance RPC Configuration independent
    performance
  • Agile configuration changes in response to
    resource loss or compromise

5
Elusive Applications, Rapid Reconfiguration
  • Resource loss due to compromise, physical damage,
    or change in security status
  • Rapid Change of Location and Interface,
    Elusiveness
  • reconfiguration to increase survivability in
    response to attacks
  • preserving real-time performance

6
Technical Objectives
  • Elusive Distributed Applications
  • Location Elusiveness
  • Seamless boundary between Component and
    Distributed Object applications
  • Real-time framework allows performance
    transparent distributed reconfiguration
  • Replication supports fault tolerance, rapid
    reconfiguration, multi-version assurance and
    survivability
  • Interface Elusiveness
  • Integrates security mechanisms with traditional
    object interface marshalling to achieve high
    performance
  • An adaptive security mechanism (there are many)
  • Adaptive security required with rapidly changing
    application configuration
  • gt also rapidly changing surrounding resource and
    security environment
  • Transparent reconfiguration maintains performance
    and security properties
  • Incorporate software components without major
    effort
  • Respond to critical Assurance and Survivability
    events fast (ltlt seconds)
  • Respond to noisy intrusion information without
    negative impact

7
Assumptions and Scope
  • What threats/attacks is your project considering?
  • Any that lead to compromise of nodes, networks,
    services
  • esp. object/component interface based attacks
  • What assumptions does your project make?
  • Applications are component-based
  • Only some resources are compromised segregation
    possible
  • Some warning (could be noisy) gt Low impact
    techniques to respond
  • What policies can your project enforce?
  • Application configuration lt-gt Level of compromise
    of resources
  • Reflect Infocon level or resource status fast
  • Many that drive reconfiguration, decouple
    reconfiguration from complex analysis and
    performance

8
Challenges
  • Location Elusiveness Support rapid application
    mobility with
  • Performance insensitivity
  • Uniform resource access
  • Continuous real-time performance
  • gt make this possible for distributed
    applications
  • Interface Elusiveness Integrate data security
    with RPC
  • Support very high speed networks
  • Characterize EI interface configuration spaces
    and cost of data permutation approaches
  • High performance RPC on very high speed networks
    while protecting data

9
Previous Results
  • Location Elusiveness
  • Low-latency RPC system (40 microseconds as fast
    as local)
  • Multi-DCOM PrototypeTransparent replication
    high performance
  • Realtor Real-time Allocation Framework
  • Analytic Grounding
  • Implements rapid allocation while enforcing
    Real-time guarantees
  • Proactive resource allocation
  • Interface Elusiveness
  • Analysis of interface space for sample
    distributed applications
  • Simple systems, 106 1016 configurations
  • Elusive Interfaces prototype and evaluation
  • Tolerating a DDOS attack
  • Applying Agile Objects technology
  • Distributed Proxy Network
  • Back-end Agile Object Application

10
Recent Progress
  • Completion implementation of Elusive Interfaces
  • Complete implementation of Realtor RT Allocator
  • Analytical Performance Requirements for Naming
    and Migration
  • Modeling of Distributed Denial of Service Attack
    and Survivability
  • Demonstration

11
AO Naming Performance Requirements
Traditional System
Object Migration
Name Lookup
Application Work
Naming Update
RPC Overhead
Agile Objects
?
?
  • High Performance RPC and Migration enable rapid
    application reconfiguration
  • Major costs state movement, naming updates
  • How fast do the naming services have to be?
  • Support continuous execution
  • Support enable acceptable portion of time for
    real computation
  • Range of analysis, synthetic benchmarks
  • Derive performance requirements, tradeoffs
  • Determine acceptable naming services performance
    (dramatically higher)
  • gt later combine with application structure

12
How much work can a migrating application get
done?
  • Vary Call Frequency
  • calls/migration
  • Vary name server performance
  • Vary Migration cost
  • gt both are critical to getting reasonable
    efficiencies
  • Ex 100 null calls/migration Lookup 10 mics,
    migration cost 100 mics
  • 25 efficiency
  • gt Need very fast name servers and significant
    work for AO to work well

13
How does migration cost affect efficiency?
  • Fast migration directly enables distribution at a
    finer object granularity

14
How does naming lookup cost affect efficiency?
  • Low lookup overhead is critical for achieving
    high efficiency
  • High name lookup overhead prohibits flexible
    application distribution (and more
    components/application)

15
Naming Services Summary
  • Low migration and RPC cost enable flexible
    deployment and application reconfiguration
  • Use of migration for Location Elusiveness imposes
    stresses on the system
  • Naming lookup
  • Naming update
  • gt these services must be low-cost, scalable with
    10-100 microsecond overheads to support rapid
    reconfiguration
  • gt we are evaluating approaches to achieve these
    performance requirements

16
AO Tolerating DDoS Attack
Location Elusive Application
Proxy
Proxy
User
User
User
User
Proxy
Proxy
User
User
User
User
User
  • Location Elusiveness uses reconfiguration to
    tolerate infrastructure-level attacks
  • Proxies know application location
  • Users do not know application location

17
Modeling DDoS Attack Tolerance
  • Detailed Approach (Location Elusiveness)
  • Applications live in Proxy Network name space
  • Users (including attackers) live in the IP name
    space
  • Proxies secure the mapping between name spaces
  • Indirection prevents direct infrastructure level
    attacks on applications
  • Dynamically reconfigure (proactively or
    reactively) proxy network, migrate applications

18
Multi-level Proxy Networks
IP Name Space
Attackers
Distance to edge
Clients
proxy
proxy
App
proxy
proxy
Proxy Name Space
proxy
proxy
proxy
proxy
  • Location mapping from IP to Proxy Name Spaces
    (Location Elusiveness)
  • Application can change its location due to
    security threat
  • Location hiding in multiple levels
  • Distance to the edge corresponds to the chance of
    exposure ( of levels)
  • Distance can be changed dynamically (overhead vs.
    security)
  • Reconfiguration to contain the impact of attack
  • Dynamic location mapping from IP to Proxy
    namespace is dynamic
  • gt Model Analysis determines the key
    factors/issues

19
Modeling and Analysis
  • Formalize DoS attack and delivered Application
    service
  • Models for
  • System
  • Proxy network (topology, scale, reconfiguration)
  • Application (migration)
  • Sensor (accuracy, performance)
  • Simple Attack model (scale, rate/prob.
    compromise, cost)
  • Cost model (cost of damage, reconfiguration)
  • A cost-oriented analysis for DoS tolerance
  • Investment vs. attackers capabilities, likely
    attacks
  • Develop a system analysis, based on a set of
    models
  • Open to allow others to use different assumptions

20
Key Factors
Proxy network Complexity/Overhead
Application Agility (cost of reconfig)
Investment Expected tolerance
Application Performance
Proxy network reconfiguration cost
Damage to Applications by attackers
Attackers Capability/cost to compromise X
21
Summary
  • Recent Progress
  • Location Elusiveness High Performance RPC and
    Migration
  • Naming Analytical performance requirements,
    initial implementations
  • Interface Elusiveness framework and empirical
    evaluation, full implementation
  • Real-time Resource Framework proactive, fast,
    implemented
  • Exploration of capabilities Tolerating DDoS
    using AO, analytical modelling of
    attacker/defender tradeoffs
  • Next Steps
  • Evaluation of multiple Naming/migration
    implementations
  • Continue to explore Elusive Interfaces
    tradeoffs/capabilities
  • System Experiments
  • Continue to explore AO capabilities to tolerate
    DDOS attacks

22
Agile Objects Demo Location Elusiveness
Agile Object Clients
Agile Object Applications Migrating
  • Back-end Agile Objects application
  • Migrates in AO resource pool
  • Provides continuous service
  • Front End Agile Objects Client, accesses Agile
    File Server

AO Resource Pool
23
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com