2000 Project Summary
|Project Website:||http://www-csag.ucsd.edu/projects/agileO.html -- Additional project information provided by the performing organization|
|Quad Chart:||http://www-csag.ucsd.edu/projects/agileO/reporting/1999-quad.ppt provided by the performing organization|
|Objective:||To develop and demonstrate a component framework called Agile Objects which enables the construction of inherently survivable applications based on components. The component middleware enables applications to exploit location elusiveness, interface elusiveness, and dynamic elusiveness respond flexibly to noisy information about attacks and to survive.|
|Approach:||The project is developing three core technologies
(location elusiveness, interface elusiveness, and dynamic elusiveness)
which enable the construction of component-based inherently survivable
systems. These technologies will be embedded in a component middleware
which allows applications based on component technologies to exploit survivability
capabilities transparently. For more sophisticated or demanding applications,
a translucent approach to these capabilities may also be beneficial.
Location Elusiveness is the capability of application components to be reconfigured across distributed resources -- while the application is running and preserving the performance and real-time properties of the application both across and during the migration. In short, an application can flee systems that are likely (or already) compromised, dynamically reconfiguring to continue its mission. Such capability leverages recent dramatic advances in user-level networking and open real-time systems, but also requires significant advances in component runtime systems, system resource virtualization, component migration, and dynamic management of application performance thru migration. We will design, implement, and develop a component middleware system which enables online application reconfiguration to enhance application survivability.
Interface Elusiveness enables a component middleware system to manage automatic change and configuration of application component and distributed object interfaces to maintain application security. Such automatic management is critical in an environment where the application is reconfigured in ways and into resource environments that the application designer never considered. For example, components presumed local may now be remoted, exposing formerly intra-process communication to a variety of network security attacks. The interface manipulation and binding technologies used pervasively in distributed object and component systems provide the core capability for interface elusiveness approaches, but at present there is little understanding of how to specify security properties, manage them for Agile Object systems, and use Interface Elusiveness techniques to provide application security. We are developing intellectual, analytical, and empirical frameworks to explore this technology. Prototypes which embody interface elusiveness approaches will be built and integrated into overall Agile Objects prototypes.
Dynamic Elusiveness is the capability to dynamically manage the dimensions of elusiveness in response to a complex and evolving security / intrusion environment. In typical environments, information about security attacks is noisy, and ability to react is limited and slow. Exploiting the flexible capabilities of location and interface elusiveness, it is possible to construct systems which provide detailed information on some attack types (distributed object interface attacks) and provide low-impact effective responses to attacks (rapid reconfiguration). We will explore a range of responses to detected electronic and physical attacks, balancing the cost of mutation/migration versus the desired difficulty of penetration and survivability.
Performing experiments with prototype and ultimately large-scale applications is a critical part of understanding, demonstrating, and transferring novel Agile Objects technologies. As such we will build a series of prototypes which embody these technologies. These prototypes will be widely disseminated to the community and also use to perform empirical studies of effectiveness and capabilities.
|Recent FY-99/FY-00 Accomplishments:||July 1, 1999 Start
1. Attend DARPA Combined Information Assurance and Survivability PI meeting, Intrusion Tolerant Systems
2. Demonstrate fast RPC implementations, achieving round trip invocation times for remote RPC's (51 microseconds) within a factor of two of optimized local approaches such as LRPC. Faster than other remotable approaches such as named pipes. This is a critical enabling technology for Agile Objects.
3. Design a demonstration scenario for Agile Objects technology based
on a closely coupled command and control system (such as in an Aegis battle
cruiser). This scenario will providing a
|FY-00 Plans:||1. Location elusiveness: Explore and characterize
component middleware techniques for fast remote RPC, real-time performance,
and component migration. Integrate a prototype system and demonstrate
these capabilities on a simple component-object based application.
2. Interface Elusiveness: Define and characterize the space and properties interface elusiveness schemes for component interface security. In particular, explore cost/performance tradeoffs compared to traditional session key approaches, and the impact of high speed networks. Construct prototypes to evaluate these tradeoffs empirically.
3. Overall: Elusive systems based on Agile Objects where both applications and resources are decentralized create significant new challenges for naming and location services. We will explore and characterize these challenges and formulate novel solutions to meet these needs. Several of the most promising approaches will be prototyped and evaluated.
|Technology Transition:||Technology will be documented and disseminated
through the channels indicated below:
- technical papers published in leading technical meetings and technical reports
- presentations at ITS Principal Investigator meetings and at other sites as appropriate
- release and dissemination of software prototypes in source and binary form
- continued close working relationships with technical partners in industry to encourage and enable them to incorporate these technologies into their products
|Principal Investigator:||Professor Andrew A. Chien
University of California, San Diego
9500 Gilman Drive, Dept 0114, La Jolla, CA 92093-0114
Professor Jane Liu