2000 Project Summary
|Project Website:||http://www.sdl.sri.com/dsa/projects/itarch/ -- Additional project information provided by the performing organization|
|Quad Chart:||Quad Chart  |
|Objective:||The objective of the project is to develop a
methodology based on architectural concepts for constructing intrusion
tolerant systems. Our approach is based on the premise that a system's
architecture can ensure intrusion tolerance, and was inspired by
recent DARPA/ITO-funded research that led to the development of
provably secure architectures. A well-designed architecture can
guarantee that a system is multilevel secure if its components have
much simpler security properties. Whether components have these
properties can be determined by a combination of analysis and
Analogously, we expect that an intusion tolerant architecture can guarantee that a system is intrusion tolerant if its components satisfy simpler properties that can be directly verified.
Architecture models describe the components from which systems are
built, the connections between these components, and constraints on
how components and connectors can be assembled into architectures. SRI
has developed technology for developing and manipulating architecture
hierachies, that represent the same system at different levels of
abstraction. Successive levels in the hierarchy are linked by
refinement mappings that can be shown to preserve properties of
interest. This project will apply this technology to intrusion
We will identify architectural properties (in terms of component and
connector properties and of constraints on how components and
connectors can be assembled) that ensure that a system satisfy
intrusion-tolerance requirements. We will define an appropriate
notion of refinement mappings that ensure that these architectural
properties are preserved at each level of an architecture hierarch.
The research will be focused by studying intrusion tolerance aspects of a representative distributed system, namely, the GENOA system, and of a representative component of this system, namely, SEAS a tool that supports structured argumentation.
|Recent FY-00 Accomplishments:||
The project started in March 2000.
We have examined intrusion tolerance aspect of a simple system: the Enclaves framework for building secure group applications. We have defined an improved version of Enclaves's group management protocol, built a model of the protocol using the PVS theorem prover, and proved using PVS that the new protocol satisfies an important intrusion tolerance requirement.
Develop an intrusion tolerance ontology:
characterize architecture-level properties that ensure intrusion tolerance.
Develop an approach to assign intrusion-tolerance levels to a system's components.
Define a notion of refinement mapping that preserve relevant intrusion tolerance architectural properties.
Produce a draft report to characterize the intrusion-tolerant dimensions of the GENOA system.
Our research and technology will be documented and disseminated via
publications in journals or conferences and presentations at PI meetings.
We will present our results to the GENOA research and development community.
We will study possible transfer to SRI's Emerald system.
|Principal Investigator:||Victoria Stavridou
System Design Laboratory, SRI International
333 Ravenswood Avenue, Menlo Park, CA 94025
Phone: (650) 859-4590
Fax: (650) 859-2844