DARPA ISO Sponsored Research

2000 Project Summary
Intrusion Tolerance by Unpredictable Adaptation
BBN Technologies

Project Website:  http://www.dist-systems.bbn.com/projects/ITUA/index.shtml -- Additional project information provided by the performing organization 
Quad Chart:  Link to Quad Chart   provided by the performing organization
Objective: Applications that can react to intrusion attacks and survive the consequences are key problems in the area of intrusion tolerant systems. While the idea of intrusion-aware, survivable applications is a natural part of the defense in depth concept, there currently is no easy and systematic way to support such a concept in today's distributed systems infrastructure. A survivable application must incorporate a "survivability strategy"-a specification distinct from its functional requirements, covering behavior during an intrusion attack. These strategies involve adaptation and awareness of the environment and system resources because intrusion attacks affect the availability and quality of these resources. Adaptive responses must be unpredictable to the attacker in order to withstand sophisticated, multi-stage attacks. The availability of multiple options for responding to a symptom enables unpredictability.

Our objective is to develop a capability that will allow applications to tolerate pre-planned and coordinated attacks that may lead to Byzantine failures in the system. We will first investigate cases where components fail in an arbitrary manner, and there are multiple simultaneous failures or cascading waves of failures due to intrusion attacks. We will then develop algorithms and implement prototype mechanisms that will enable applications to survive these attack symptoms.

We will demonstrate that using the tools developed it is possible to build distributed applications that tolerate a set of coordinated and pre-planned attacks significantly better and longer than the state of the art today, and that such applications can be built in a systematic and cost-effective way.

We will demonstrate the applicability of our technology in the context of military applications by first evaluating the results in the context of on-going DoD programs through project participants and later by transitioning it into a DoD applications that need intrusion tolerance.

Approach: Our approach is to:
  • extend Fault Tolerance techniques to address simultaneous, cascading failures, and use these extended techniques along with security techniques to develop a multi-layer and decentralized redundancy mechanism
  • use the capabilities of this redundancy mechanism in devising adaptive responses in a manner unpredictable to the attacker

    We view middleware as the appropriate place to coordinate the new services required to support intrusion-aware survivable applications. Middleware technology has advanced to the point where integration of diverse mechanisms such as security and fault-tolerance is possible in a realistic and cost-effective manner.

    The following are the key aspects of our approach:

  • Application's tolerance of symptoms: If an application can tolerate the effects caused by an attack, it has effectively survived the attack itself. We focus on enabling the application to survive the symptoms caused by attacks, rather than actually detecting, diagnosing or preventing the attacks.
  • Byzantine failures: Resource redundancy alone is not enough in coping with attack symptoms, especially the pre-planned and coordinated attacks that can lead to common-mode or arbitrary failures. We plan to incorporate Byzantine fault tolerance in the redundancy mechanism.
  • Adaptive and unpredictable response: We will use adaptive middleware technology (QuO) to make the application aware of and responsive to availability and quality of system resources. We will also exploit redundancy so that multiple adaptive responses are possible for a single symptom. Given this, the middleware will be able to engage one or more of them in an unpredictable manner.
  • Self protection and trade off: We will use cryptographic techniques to protect the new mechanisms against possible exploitation by the attacker. We will also address the trade-off issues involving adaptation vis-a-vis the systems functioning and performance.
  • Recent FY-00 Accomplishments: The project began in July 2000.
    FY-01 Plans: During FY-01 we plan to analyze the way in which pre-planned and coordinated attacks can cause simultaneous and cascading failures of arbitrary nature. We will then develop algorithms for coping with such failures. One way of doing that is to use redundancy and Byzantine agreement protocols in managing system resources. We will then devise adaptive responses that an application can take using the capabilities of a redundancy mechanism that employs this algorithm. We plan to implement a prototype of the of the redundancy mechanism and adaptive strategies, which will constitute the initial prototype of our middleware-based survivability mechanism. We will also develop a concept demonstration using this initial prototype.

    The initial prototype will be continually refined to add additional capabilities such as unpredictable response engagement and self-protection throughout the life of the project.

    Technology Transition: As the primary members of the project team, BBN and the University of Illinois have existing relationships with DoD applications (e.g. ALP, WSOA etc.) and will actively work to promote the project results in these and other domains. In addition, the Open Systems Architecture Group at Boeing Corporation has joined with BBN and UI to provide the ITUA team with direct access to defense development environments as working examples, and for test and evaluation of results.We will identify a DoD application being developed at Boeing early on in the project and use it to evaluate assumptions and approaches against its needs. We will continually evaluate our technology as it evolves incrementally against the same application to ensure that the solution our technology provides is also realistic and valid.  
    Principal Investigator: PI Name: Partha Pal
    Organization: BBN Technologies
    Address: 10 Moulton Street, Cambridge, MA 02138
    Phone: 617 873 2056
    Fax: 617 873 4328
    email: ppal@bbn.com

    Admin Contact Name: Bruce Malley
    Organization: BBN Technologies
    Address: 10 Moulton Street,Cambridge, MA 02138
    Phone: 617 873 4252
    Fax: 617 873 2794
    email:bmalley@bbn.com