DARPA ISO Sponsored Research

2000 Project Summary
Intrusion Tolerant Software Architectures
SRI International

Project Website:  http://www.sdl.sri.com/dsa/projects/itarch/ -- Additional project information provided by the performing organization 
Quad Chart:  Quad Chart  
Objective: The objective of the project is to develop a methodology based on architectural concepts for constructing intrusion tolerant systems. Our approach is based on the premise that a system's architecture can ensure intrusion tolerance, and was inspired by recent DARPA/ITO-funded research that led to the development of provably secure architectures. A well-designed architecture can guarantee that a system is multilevel secure if its components have much simpler security properties. Whether components have these properties can be determined by a combination of analysis and testing.

Analogously, we expect that an intusion tolerant architecture can guarantee that a system is intrusion tolerant if its components satisfy simpler properties that can be directly verified.

Approach: Architecture models describe the components from which systems are built, the connections between these components, and constraints on how components and connectors can be assembled into architectures. SRI has developed technology for developing and manipulating architecture hierachies, that represent the same system at different levels of abstraction. Successive levels in the hierarchy are linked by refinement mappings that can be shown to preserve properties of interest. This project will apply this technology to intrusion tolerance properties.

We will identify architectural properties (in terms of component and connector properties and of constraints on how components and connectors can be assembled) that ensure that a system satisfy intrusion-tolerance requirements. We will define an appropriate notion of refinement mappings that ensure that these architectural properties are preserved at each level of an architecture hierarch.

The research will be focused by studying intrusion tolerance aspects of a representative distributed system, namely, the GENOA system, and of a representative component of this system, namely, SEAS a tool that supports structured argumentation.

Recent FY-00 Accomplishments: The project started in March 2000.

We have examined intrusion tolerance aspect of a simple system: the Enclaves framework for building secure group applications. We have defined an improved version of Enclaves's group management protocol, built a model of the protocol using the PVS theorem prover, and proved using PVS that the new protocol satisfies an important intrusion tolerance requirement.

FY-01 Plans: Develop an intrusion tolerance ontology: characterize architecture-level properties that ensure intrusion tolerance.

Develop an approach to assign intrusion-tolerance levels to a system's components.

Define a notion of refinement mapping that preserve relevant intrusion tolerance architectural properties.

Produce a draft report to characterize the intrusion-tolerant dimensions of the GENOA system.

Technology Transition: Our research and technology will be documented and disseminated via publications in journals or conferences and presentations at PI meetings.

We will present our results to the GENOA research and development community.

We will study possible transfer to SRI's Emerald system.

Principal Investigator: Victoria Stavridou
System Design Laboratory, SRI International
333 Ravenswood Avenue, Menlo Park, CA 94025
Phone: (650) 859-4590
Fax: (650) 859-2844
email: victoria@sdl.sri.com

Admin Contact:
Donna Linné
SRI International
333 Ravenswood Avenue, Menlo Park, CA 94025
Phone: (650) 859-2004
Fax: (650) 859-6171
email: linne@unix.sri.com