DARPA ISO Sponsored Research

2000 Project Summary
A Comprehensive Approach for Intrusion Tolerance Based on Intelligent Compensating Middleware
Telcordia Technologies Inc. Morristown NJ

Project Website:  http://govt.argreenhouse.com/intrumid/  
Quad Chart:  Link to Quad Chart   a PPT file
Objective: The objective of this work is to assure application integrity as well as high availability under information attacks. We focus on intrusion tolerance of application systems (DoD and commercial) which themselves may contain many weak commercial off-the-shelf (COTS) subsystems. The reason we focus on intrusion tolerance mechanisms at the application and middleware level is because not much attention has been paid to the various security related functionalities such as intrusion tolerance, intrusion prevention etc. for these higher level services. Further, these higher level services such as applications, CORBA, MOM etc. also present an increased area of vulnerability due to the widespread use of middleware stacks in ebusiness. As part of this we plan to focus on designing efficient algorithms based on the Fragmentation-Redundancy-Scattering (FRS) technique in order to provide intrusion tolerance. Metrics to evaluate effectiveness of different algorithms in terms of providing intrusion tolerance capabilities will also be developed.
Approach: In this work, we plan to provide a single uniform solution across different COTS middleware systems by designing and developing an Intelligent Compensating Middleware (ICM). The goal is to architect ICM such that it will co-exist with the existing middleware packages and provides the intrusion tolerance functionality missing from the middleware packages. ICM, the centerpiece of our work, goes far beyond the existing COTS middleware by adjusting and adapting quickly for continued operation in the face of intrusion attacks. ICM supports a multi-layered architecture that assures application integrity and high availability by a) making the application programs and data intrusion tolerant by themselves, b) making existing COTS middleware intrusion tolerant by adjusting to the partial as well as major compromises of COTS middleware, and c) supporting dynamic and probabilistic invocation of alternatives to confuse the knowledgeable moles.

The algorithms used in ICM to assure integrity and availability of applications as well as middleware rely heavily on extensions to the Fragmentation-Redundancy-Scattering (FRS) techniques to include stationary/mobile agent technology. Our work will be based on a thorough investigation of the FRS technique that correlates the tolerance level desired in a system with performance of different algorithms.

Recent FY-99 Accomplishments: This project is a new start.
FY-00 Plans: We plan to focus on studying the impact of the absence of intrusion tolerance mechanisms on the different COTS packages widely in use currently. We also plan to focus on the design of the ICM architecture as well as on the design of efficient FRS algorithms.
Technology Transition: Telcordia will publicize the results of the work performed in this project at appropriate conferences after consultation with DARPA. We will also use our current active participation in standards bodies such as OMG, W3C, and IETF to influence the industry directions. Telcordia will also work with DARPA to identify potential transition to military customers.  
Principal Investigator: Dr.Amjad Umar
Telcordia Technologies Inc.
445, South Street, Morristown NJ-07960.
973-829-3114 (voice)
973-829-2645 (fax)

John Karolewicz
Telcordia Technologies Inc.
NVC 3A214, 331 Newman Springs Road, RedBank, NJ 07701
732-758-3015 (voice)
732-758-5975 (fax)
email jkarolew@telcordia.com