Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture...
-
Upload
lenard-ramsey -
Category
Documents
-
view
214 -
download
1
Transcript of Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture...
![Page 1: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/1.jpg)
Randomized Failover Intrusion Tolerant Systems (RFITS)
Ranga Ramanujan
Noel Schmidt
Architecture Technology Corporation
Odyssey Research Associates
DARPA Intrusion Tolerant Systems Program
![Page 2: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/2.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Application Domain Comparison
IBM Compatib le IBM Compatib le
I'net
IBM Compatib le
IBM Compatib le
DA TABA SE
LA N
• Situational awareness• Representation of real-time• Hard real-time• Examples
– Air traffic control– Sonar data processing
• Data collection &dissemination• Up-to-date and historical data• Soft real-time • Examples
– Intelligence gathering– MDDS
Server to Warfighter Sensor to Warfighter
![Page 3: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/3.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Technical Challenge
• Key challenges to building a high availability intrusion tolerant system– maintaining error detection coverage for an evolving fault set– sustaining required error recovery coverage in spite of intentional faults
SystemFailure
ResourceDepletion
Loss ofIntegrity
ProcessingDepletion
Comm.Depletion
Loss ofProgramIntegrity
Loss ofData
Integrity
AccidentalFaults
IntentionalFaults
![Page 4: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/4.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Research Objectives
• Develop general design principles, collectively called RFITS, for building robust information systems that can sustain correct operation in spite of intrusion-induced DOS attacks – Focus on real-time, high availability military systems
• Validate and demonstrate effectiveness of RFITS – establish generality of RFITS architecture and techniques
– build prototype of RFITS-based system
– derive performance characteristics via experimentation and simulations
– perform joint experimentation with other IA&S efforts
![Page 5: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/5.jpg)
Architecture Technology Corporation/Odyssey Research Associates
RFITS Approach
• Randomized failover process
• Randomized distribution of service requests among redundant (and possibly diverse) servers
• Semantic integrity checks at subsystem service boundaries
• Hierarchical recovery management
• Systems engineering methodology for deriving a layered intrusion tolerant architecture
Network(N)
System (S))
Pro ce s s o r(P )
P ro ce s s o r(P )
P ro ce s s o r(P )
Network(N)
Ran
dom
izin
g D
ispa
tche
r
Ran
dom
izin
g D
ispa
tche
r
Local Recovery M anagerS ervice Reques t/Response Units
G lobalRecovery
M anagem ent
![Page 6: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/6.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Strawman RFITS Methodology
• The system engineering methodology consists of the application of the following processes:– Analysis of the operational, systems, and technical architecture to
identify the threats
– Derivation of fault model for the system under study
– FMEA/FMECA driven design of error detection mechanisms
– FMEA driven design of failover policy
– End-to-end threads analyses
• Applied RFITS methodology to tactical ad hoc networks to derive an intrusion tolerant architecture, i.e., TIARA
![Page 7: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/7.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Vulnerabilities of Ad Hoc Networks
• Resource depletion attack
– intruder usurps network resources by injecting spurious traffic or by replaying traffic
• Flow disruption attack– intruder drops,
corrupts, or delays data packets
• Route hijacking– intruder creates
phantom routes
A
B
E
D
C
P
F
G
H
Q
P a th 1
In tru d e r
P a th 2
![Page 8: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/8.jpg)
Architecture Technology Corporation/Odyssey Research Associates
RFITS-Based TIARA Approach
• Collectively, TIARA mechanisms protect ad hoc networks against intrusion attacks on routing as well as data traffic
TIARA CountermeasuresDistributed Firewall Traffic Policing Intrusion Tolerant Routing
FR
AC
Fast
Auth
entic
atio
n
Sequence
Num
bers
Refe
rrals
Flo
w
Monito
ring
Multi-p
ath
Routin
g
Sourc
e In
it.R
oute
Sw
itchin
g
Spurios Trafffic
Packet Replay
Session Flooding
Flow Disruption
Route Hijacking
Intru
sio
n A
ttacks
![Page 9: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/9.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Risks
• Availability of sufficient number of candidate operational systems for study– Leverage FAA connections
– Acquire openly available material on DoD systems
• Implementation of prototype with sufficient richness to demonstrate a range of RFITS derive intrusion tolerant mechanisms– Augment base system with simulations, if possible
![Page 10: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/10.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Metrics
• Coverage of RFITS derived techniques– error detection
– failover
• Lifecycle cost impact– deployment costs
– operating costs
• Performance overhead
![Page 11: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/11.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Major Achievements
• Handbook for building real-time, high-availability intrusion tolerant systems– RFITS system engineering methodology
– RFITS-derived techniques for error detection and failover
• Demonstration of a prototype military application (e.g., air traffic surveillance system) built using RFITS
![Page 12: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/12.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Task Schedule
Task Y1
1. Design RFITS mechanisms
2. Build and Demonstrate Initial
RFITS Sy stem
3. Build and Demonstrate Full
RFITS Sy stem
4. Program Management
5. Perf orm Simulation or
Implementation (Option 1)
6. Perf orm joint experimentation
(Option 2)
Design Rev iew and DemonstrationsDemo 1 Demo 2 Demo 3
Y2 Y3 Y4
Design Rev iew Demo 4
![Page 13: Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649cce5503460f94999b26/html5/thumbnails/13.jpg)
Architecture Technology Corporation/Odyssey Research Associates
Technology Transfer
• Transferable technology resulting from this effort – Design techniques (i.e., RFITS) for building intrusion tolerant
systems
• Technology transition avenues include– Strategic alliances with DoD system integration contractors
– Collaboration with DoD Technology Transition organizations
– Leverage relationship with the FAA
– Publications