DARPA ISO Sponsored Research

2000 Project Summary
(SITAR-Scalable Intrusion-Tolerant Architecture)
(MCNC,Duke)

Project Website:  SITAR Home Page -- Additional project information provided by the performing organization 
Quad Chart:  Link to Quad Chart   provided by the performing organization
Objective: MCNC and Duke University propose to develop a scalable intrusion-tolerant architecture for distributed services in a network environment.    There are several novel aspects to our proposed effort: (1) we focus on one generic class of services (network-distributed services built from COTS components) as the target for protection. This target presents us with enough challenging problems to solve while remaining concrete enough for us to explore specific intrusion-tolerance issues associated with it. (2) Two specific kinds of challenges are addressed in our novel architecture.  The first one is how some of the very basic techniques of fault-tolerance (e.g., redundancy and diversity) apply to our target.  The second is how we deal with the external attacks and compromised components, which exhibit very unpredictable behavior compared to accidental or planted faults.  (3) Our dynamic reconfiguration strategies will be based on an intrusion-tolerance model built within the architecture.  (4) Model-based (using analysis and simulation) and measurement-based approaches will be used to evaluate the security of the architecture and to carry out cost-benefit tradeoff studies.

The main tasks for the first half of the project will be to study faults versus intrusions, to develop a model of intrusion-tolerance, and to define an initial architecture.  Next, we will conduct analytical/simulation-based tradeoff studies, create a prototype system, and evaluate the prototype through experimental measurements. MCNC’s strong expertise in security management and intrusion assessment is complemented by Duke’s advanced research experience in fault-tolerant computing and dependability assessment. The collaborative team has a successful track record of working together and contributing to DARPA research programs.

Approach: The project will focus on the following main challenges:

1. Develop an architecture for building intrusion-tolerant systems. Being an architecture, it should be useful not only for building all-new systems but also for creating intrusion-tolerant systems out of existing COTS, and for hardening existing systems.
2. Develop methods for applying existing fault-tolerant approaches to intrusion tolerance, e.g. how to perform acceptance test on a generic information server.
3. Develop solutions to deal with the problem of “dynamic faults” caused by compromised components and external attacks.  For instance, a compromised component may exhibit behavior that is totally unpredictable; external attacks (e.g. denial-of-service) may come in many forms and at arbitrary times.

We will start with a detailed study of faults in the existing fault-tolerant context versus intrusions in intrusion-tolerant systems to understand their relationships.  We will develop a model to capture important components in an intrusion-tolerant system and their functions.  A scalable intrusion-tolerant architecture will be defined for building intrusion-tolerant systems from potentially vulnerable components.  Both analytic and simulation methods will be applied to evaluate the architecture and its prototype implementation.  A prototype intrusion-tolerant Web server system will be created and demonstrated as part of this research effort.
 

Recent FY-99 Accomplishments: New start.  A presentation was given on SITAR at the DARPA IA&S Joint PI Meeting in Honolulu, July 17-21, 2000.
FY-00 Plans: Two main tasks will be performed in this fiscal year:
1. Detailed study of faults versus intrusions.  The emphasis is on how the "faults" considered in the existing fault-tolerant research are related to the "intrusions" in an intrusion-tolerant context.  This understanding is critical in enabling us to apply existing fault-tolerant methods to building intrusion-tolerant systems.
2. Futher study and refinement of the initial intrusion-tolerant architecture.  In particular, technical issues associated with proxy server operations and intrusion triggers will be addressed.
Technology Transition: New start.
Principal Investigator: Fengmin Gong
MCNC
3021 Cornwallis Road
Research Triangle Park, NC 27709
(919) 248-9214
(919) 248-1455
fmg@anr.mcnc.org

John Cambier
MCNC
3021 Cornwallis Road
Research Triangle Park, NC 27709
(919) 248-1998
(919) 248-1455
johnc@mcnc.org