Date post: | 31-Dec-2015 |
Category: |
Documents |
Upload: | sharleen-angelica-atkinson |
View: | 221 times |
Download: | 4 times |
RSRS Architecture Study
Doug Blough and Calton Pu
CERCS/Georgia Tech
Study Outline
Part 1: Architectural Analysis and SRS Evaluation
1. Develop high-level architecture concept
2. Study existing projects and evaluate how they fit with architecture
3. Evaluate program strengths/weaknesses vis-a-vis architecture
Part 2: Moving Forward
4. Develop more concrete architecture
5. Apply architecture to system examples and an application scenario
Part 1: Architectural Analysis and Evaluation of SRS Projects
Biologically-InspiredDiversity Tools
(BID)
Cognitive Immunity and Regeneration Environment
Reasoning About Insider Threats
ApplicationsApplications
Granular, Scalable,Redundant Data and
Communication (GSR)
MonitorLearnin
gActuato
r
GSR
BID
GSR
GSR
GSR
GSR
GSR
Attacks Attacks
RSRS Architecture
RSRS Architecture applied to Cognitive Area
Biologically-InspiredDiversity Tools
(BID)
Cognitive Immunity and Regeneration Environment
ApplicationsApplications
Granular, Scalable,Redundant Data and
Communications (GSR)
MonitorLearnin
gActuato
r
Attacks Attacks
Comparison of Cognitive Projects
variable
observ.
data repair
constraints
AWDRAT
differencer
restoratio
n
model-
based
Model-based Executive
obse
rvereactcom
pare
Cortex
State estimat
e
Mission-aware respon
se
statistical
learning
Learn/Repair
System models
Learning
model
Taster DBs
Master DB
query
Summary of Cognitive Projects
• 3 of 4 projects employ model-based approaches (Model-Based, AWDRAT, Cortex)
• Model-based approaches are well-suited for embedded systems, e.g. autonomous vehicles, or single applications, e.g. SQL
• Cognitive approaches still need to be developed and proven for large complex systems
• Learn/Repair is developing self-regenerative techniques that can be applied inside a program
RSRS Architecture applied to Diversity Area
Biologically-Inspired Diversity Tools
Cognitive Immunity and Self-Healing
Attack-resistant variants
Attack description
Create Variants
Test Variants
Feedback
• Monitoring: After the variants are created, their resistance to attacks is evaluated• Learning-Based Diagnosis: The winning variants are stored in a KED, while the losing variants are marked as such or discarded• Regenerative Actuation: The winning variants are used to increase system robustness by replacing vulnerable components, possibly by a Cognitive component or system
Comparison of Diversity Projects
Genesis creates variants at multiple levels: compilation,
linking, loading, run-time
Cognitive Immunity and Self-Healing
Attack-resistant variants
Attack description
Create Variants
Test Variants
Dawson creates variants from binary for Windows
platforms
Cognitive Immunity and Self-Healing
Attack-resistant variants
Attack description
Create Variants
Test Variants
Summary of Diversity Projects
• Genesis generates program variants from source using techniques such as Calling Sequence Diversity and Instruction Set Randomization
• DAWSON generates program variants from binary for the Windows environment using techniques such as variable location (stack/heap) randomization and address (DLL/IAT) randomization
RSRS Architecture applied to Redundancy Area
Sensors, Monitors
& Sources
Biologically-Inspired
Diversity Tools Reasoning About Insider
Threats
Applications
Cognitive Immunity and Self-Healing
GSR
GSRGSR
GSR GSR
Sensors, Monitors
& Sources
Event Dissemination and Processing
QuickSilver/Cayuga
GSRGSR
GSR CommunicationsQuickSilver/Ricochet
GSR Object/Data Mgmt
SAIIA, IITSR
Summary of Redundancy Area
• Steward (SAIIA) provides intrusion-tolerant objects over wide-area networks
• IITSR focuses on Byzantine-tolerant data/object replication• QuickSilver considers scalable and reliable mechanisms, e.g. group
multicast and event dissemination • Projects are primarily focused on performance (as called for in BAA)
but do not investigate internal self-regeneration or reconfiguration (static fault tolerance is provided, in general)
• Opportunities exist to extend existing projects to provide self-regenerative redundant components, which could provide building blocks for larger self-regenerative systems, e.g. a self-regenerative replicated data store or self-regenerative objects
• Scalable event dissemination and processing is critical for RSRS architecture
RSRS Architecture applied to Insider Area
Reasoning About Insider Threats
Monitor activitie
s
Control operat
or scope
Learn/refine model
Cognitive Immunity and Self-Healing
Comparison of Insider Projects
PMOP
Cognitive Immunity and Self-Healing
Send harmful action for remediation
Potential action
behavior monitor
operating model
assess harm/intent
Normal/error
Danger/ Malicious
High Dimensional Search/Monitoring
Cognitive Immunity and Self-Healing
Restrict privilegesRefine
Model
sensor net
HD search engine
repository
Response
engine
Summary of Insider Area
• PMOP uses a model-based approach• HDSM uses a model-based approach to
represent insider knowledge acquisition and high-dimensional search techniques for identifying suspicious activity from large sensor network output
• High-dimensional search is a candidate for learning-based diagnosis for large complex systems
Summary of Findings
• All SRS program areas fit well within RSRS architecture concept
• More work is needed on cognitive approaches for large complex systems
• Examples of critical technologies for RSRS: scalable and reliable event dissemination/processing, high-dimensional search, biodiversity generators
• Opportunities exist to develop self-regenerative building-block components from some of the SRS technologies
Part 2: Moving Forward
RSRS Structural Architecture for Complex System
Event Disseminator
Cognitive/Reflective
SystemManager
M
L
A
Control Plane
System Status Info
SRS Commands
M
Application Group
Software Components
D
Detectors, e.g. IDS and Failure Detectors
Network of Virtual Sensors
A
M
AMulticas
tL L
M
A
L
M
A
L
D D
Self-regenerative Data Store (optional)
High-dimensiona
l search
RSRS Structural Architecture for System of Systems
Global Event Disseminator
Centralized Event
Analyzer (optional)
M
L
A
Military Data/Operations/Command Center
DCGS Global C4ISR Enterprise
Time-Critical Targeting (TCT)
• Executed within Air Operations Centers • Time-sensitive target with limited window of
opportunity• Tasks: find, fix, track, target, engage, and
assess• Applications: intelligence preparation, terrain
analysis, target development/nomination, weapon-target pairing
RSRS Scenario with TCT and DCGS
1. TCT tasks are underway when a non-critical display application reports a data structure corruption event; the data structure is automatically repaired and the application continues; a few minutes later, another corruption is reported and repaired, although the application is forced to display at a lower resolution
2. The RSRS cognitive/reflective component queries DCGS event streams for recent reports and notes that a larger-than-expected number of workstation crashes have occurred over the last 15 minute period
3. The cognitive/reflective component then receives a report of errors from a replica, which is running a critical TCT task and is hosted on the same workstation as the display application
RSRS Scenario, continued
4. A short time later, the workstation hosting the replica and display application crashes
5. Critical applications use reconfigurable objects, so the system automatically starts a new replica on another workstation
6. The RSRS high-dimensional search module is activated to analyze recent log and other event data within the Operations Center
7. The search reveals unusual activity on the Operations Center gateway and a connection from the gateway to the crashed machine via a rarely-used port shortly before data corruption began
RSRS Scenario, continued
7. The cognitive/reflective component also notes that the application using the port is on the list of applications that interact with the display application
8. The RSRS actuator takes the following actions:• It disseminates its analysis results (suspected application
and port) to all other data/command/operations centers via DCGS
• It temporarily disconnects the Operations Center from DCGS and shuts down the gateway
• It reboots the failed workstation and disables the suspected application and port on all workstations
RSRS Scenario, continued
9. Another data center, after seeing the Operations Center report, is able to capture and analyze the attack
10. The attack info is then used by a bio-diversity generator to create a resistant variant of the targeted application, which it distributes to other centers via DCGS
11. Once the TCT operation is completed, RSRS reconnects the Operations Center to DCGS, receives and installs the new variant on all machines, and reopens the closed ports
Use of SRS Technologies in RSRS
• Learn/Repair: self-regeneration within software components, monitoring and event generation
• Cognitive model-based approaches: self-regeneration within embedded systems, e.g. UAVs, or single applications
• Cortex: self-regenerating databases• Dawson, Genesis: generation of resistant
software variants
Use of SRS Technologies in RSRS
• HDSM: Analysis of event streams containing diverse event types and widely varying granularities and time scales
• SAIIA: object replication, reconfigurable and/or self-regenerating objects?
• IITSR: data replication, reconfigurable and/or self-regenerating data stores?
• QuickSilver: robust communication within the data center; event dissemination and filtering within the data center and across enterprise
RSRS Architecture - Next Steps
• Integrate SRS technologies• Architect cognitive reflective component• Study how existing systems can be integrated
with RSRS architecture, e.g. using wrappers and external monitors
• Apply RSRS to complex system and demonstrate successful self-regeneration in scenario like TCT or alternative