2000 Project Summary
|Project Website:||SITAR Home Page -- Additional project information provided by the performing organization|
|Quad Chart:||Link to Quad Chart provided by the performing organization|
|Objective:||MCNC and Duke University propose to develop a
scalable intrusion-tolerant architecture for distributed services in a
network environment. There are several novel aspects
to our proposed effort: (1) we focus on one generic class of services (network-distributed
services built from COTS components) as the target for protection. This
target presents us with enough challenging problems to solve while remaining
concrete enough for us to explore specific intrusion-tolerance issues associated
with it. (2) Two specific kinds of challenges are addressed in our novel
architecture. The first one is how some of the very basic techniques
of fault-tolerance (e.g., redundancy and diversity) apply to our target.
The second is how we deal with the external attacks and compromised components,
which exhibit very unpredictable behavior compared to accidental or planted
faults. (3) Our dynamic reconfiguration strategies will be based
on an intrusion-tolerance model built within the architecture. (4)
Model-based (using analysis and simulation) and measurement-based approaches
will be used to evaluate the security of the architecture and to carry
out cost-benefit tradeoff studies.
The main tasks for the first half of the project will be to study faults versus intrusions, to develop a model of intrusion-tolerance, and to define an initial architecture. Next, we will conduct analytical/simulation-based tradeoff studies, create a prototype system, and evaluate the prototype through experimental measurements. MCNC’s strong expertise in security management and intrusion assessment is complemented by Duke’s advanced research experience in fault-tolerant computing and dependability assessment. The collaborative team has a successful track record of working together and contributing to DARPA research programs.
|Approach:||The project will focus on the following main
1. Develop an architecture for building intrusion-tolerant systems.
Being an architecture, it should be useful not only for building all-new
systems but also for creating intrusion-tolerant systems out of existing
COTS, and for hardening existing systems.
We will start with a detailed study of faults in the existing fault-tolerant
context versus intrusions in intrusion-tolerant systems to understand their
relationships. We will develop a model to capture important components
in an intrusion-tolerant system and their functions. A scalable intrusion-tolerant
architecture will be defined for building intrusion-tolerant systems from
potentially vulnerable components. Both analytic and simulation methods
will be applied to evaluate the architecture and its prototype implementation.
A prototype intrusion-tolerant Web server system will be created and demonstrated
as part of this research effort.
|Recent FY-99 Accomplishments:||New start. A presentation was given on SITAR at the DARPA IA&S Joint PI Meeting in Honolulu, July 17-21, 2000.|
|FY-00 Plans:||Two main tasks will be performed in this fiscal
1. Detailed study of faults versus intrusions. The emphasis is on how the "faults" considered in the existing fault-tolerant research are related to the "intrusions" in an intrusion-tolerant context. This understanding is critical in enabling us to apply existing fault-tolerant methods to building intrusion-tolerant systems.
2. Futher study and refinement of the initial intrusion-tolerant architecture. In particular, technical issues associated with proxy server operations and intrusion triggers will be addressed.
|Technology Transition:||New start.|
|Principal Investigator:||Fengmin Gong
3021 Cornwallis Road
Research Triangle Park, NC 27709