DARPA ISO Sponsored Research

2000 Project Summary
Intrusion Tolerant Distributed Object Systems
Trusted Information Systems, NAI Labs, Network Associates, Inc.

Project Website:  (To be determined.   Until then, you can find much of our other research here.)
Quad Chart:  ITDOS Quad Chart   (in PowerPoint format)
Objective:

Intrusion tolerant information systems continue to function correctly and reliably in the face of attack.   Fault tolerant systems tolerate accidental faults - unintended failures in software and hardware that cause the system to crash or otherwise behave improperly.   Intrusion tolerant systems go beyond the capabilities of fault tolerant systems.   Intrusion-tolerant systems can also tolerate arbitrary (Byzantine) behavior, such as that caused by an adversary.   Since Byzantine fault can appear to be accidental, intrusion tolerant systems must also be fault tolerant.  

Mission-critical applications demand high availability from their information systems, and so, require intrusion tolerance.   System designers often choose to use distributed object architectures, particularly CORBA, for implementing new mission-critical systems.   Consequently, new mission-critical systems frequently need intrusion tolerant CORBA implementations.   Unfortunately, the commercial world has failed to deliver such systems.  

This project seeks to design, develop, document, implement, and validate prototype intrusion tolerant architecture for distributed object middleware and supporting firewall technology.   We focus specifically on bringing intrusion tolerance to CORBA.  

Approach:

We will build an architecture that includes both intrusion tolerant CORBA middleware, and compatible firewall technology.  

The middleware will support active server replication, secure group communications, and Byzantine fault detection.   The architecture will tolerate compromise of a subset of the replicated servers without losing integrity.   We will select an ORB and use it to develop a prototype of the middleware.  

The architecture's application proxy firewalls will protect client and server hosts. A firewall proxy will securely establish its own participation in each secure multicast group whose messages traverse the firewall.   Proxies will propagate the IGMP (Internet Group Management Protocol) messages needed for proper group management.   Proxies will converse with routers using DVMRP (Distance Vector Multicast Routing Protocol) in order to properly route secure multicast messages.   We will select an application proxy firewall and use it to develop prototype firewall proxies.  

Finally, we will develop a plan to experiment with the prototypes. We will publish the results of our experiments as well as a cost/benefit analysis of the resultant architecture.  

Recent FY-99 Accomplishments: We have just launched this new project.
FY-00 Plans: Research, review, and evaluate prior work in these related areas:
  • Fault tolerant CORBA (active replication to heterogeneous servers)
  • Byzantine fault detection and consensus protocols
  • Secure, reliable, authenticated multicast
Technology Transition: We will participate in meetings of the Object Management Group - the CORBA standards body - and in the meetings of other technical organizations to convey our research results to their members, and to promote standards that emerge or derive from our research.  
Principal Investigator: Gregg W. Tally

Trusted Information Systems, NAI Labs, Network Associates, Inc.
3060 Washington Road (Rte. 97), Suite 100
Glenwood, MD 21738
Voice: 443-259-2329
Fax: 301-854-4731
email: gtally@nai.com
Administrative Contact: Matthew Dick

Trusted Information Systems, NAI Labs, Network Associates, Inc.
3060 Washington Road (Rte. 97), Suite 100
Glenwood, MD 21738
Voice: 443-259-2345
Fax: 301-854-4731
email: matthew_dick@nai.com