C IRCA 77 Claire Blough, Ellen Dittrich, Scott Eichen, Tonisha Rahman, and Julio Santos.
RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.
-
Upload
sharleen-angelica-atkinson -
Category
Documents
-
view
235 -
download
4
Transcript of RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.
![Page 1: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/1.jpg)
RSRS Architecture Study
Doug Blough and Calton Pu
CERCS/Georgia Tech
![Page 2: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/2.jpg)
Study Outline
Part 1: Architectural Analysis and SRS Evaluation
1. Develop high-level architecture concept
2. Study existing projects and evaluate how they fit with architecture
3. Evaluate program strengths/weaknesses vis-a-vis architecture
Part 2: Moving Forward
4. Develop more concrete architecture
5. Apply architecture to system examples and an application scenario
![Page 3: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/3.jpg)
Part 1: Architectural Analysis and Evaluation of SRS Projects
![Page 4: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/4.jpg)
Biologically-InspiredDiversity Tools
(BID)
Cognitive Immunity and Regeneration Environment
Reasoning About Insider Threats
ApplicationsApplications
Granular, Scalable,Redundant Data and
Communication (GSR)
MonitorLearnin
gActuato
r
GSR
BID
GSR
GSR
GSR
GSR
GSR
Attacks Attacks
RSRS Architecture
![Page 5: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/5.jpg)
RSRS Architecture applied to Cognitive Area
Biologically-InspiredDiversity Tools
(BID)
Cognitive Immunity and Regeneration Environment
ApplicationsApplications
Granular, Scalable,Redundant Data and
Communications (GSR)
MonitorLearnin
gActuato
r
Attacks Attacks
![Page 6: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/6.jpg)
Comparison of Cognitive Projects
variable
observ.
data repair
constraints
AWDRAT
differencer
restoratio
n
model-
based
Model-based Executive
obse
rvereactcom
pare
Cortex
State estimat
e
Mission-aware respon
se
statistical
learning
Learn/Repair
System models
Learning
model
Taster DBs
Master DB
query
![Page 7: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/7.jpg)
Summary of Cognitive Projects
• 3 of 4 projects employ model-based approaches (Model-Based, AWDRAT, Cortex)
• Model-based approaches are well-suited for embedded systems, e.g. autonomous vehicles, or single applications, e.g. SQL
• Cognitive approaches still need to be developed and proven for large complex systems
• Learn/Repair is developing self-regenerative techniques that can be applied inside a program
![Page 8: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/8.jpg)
RSRS Architecture applied to Diversity Area
Biologically-Inspired Diversity Tools
Cognitive Immunity and Self-Healing
Attack-resistant variants
Attack description
Create Variants
Test Variants
Feedback
• Monitoring: After the variants are created, their resistance to attacks is evaluated• Learning-Based Diagnosis: The winning variants are stored in a KED, while the losing variants are marked as such or discarded• Regenerative Actuation: The winning variants are used to increase system robustness by replacing vulnerable components, possibly by a Cognitive component or system
![Page 9: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/9.jpg)
Comparison of Diversity Projects
Genesis creates variants at multiple levels: compilation,
linking, loading, run-time
Cognitive Immunity and Self-Healing
Attack-resistant variants
Attack description
Create Variants
Test Variants
Dawson creates variants from binary for Windows
platforms
Cognitive Immunity and Self-Healing
Attack-resistant variants
Attack description
Create Variants
Test Variants
![Page 10: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/10.jpg)
Summary of Diversity Projects
• Genesis generates program variants from source using techniques such as Calling Sequence Diversity and Instruction Set Randomization
• DAWSON generates program variants from binary for the Windows environment using techniques such as variable location (stack/heap) randomization and address (DLL/IAT) randomization
![Page 11: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/11.jpg)
RSRS Architecture applied to Redundancy Area
Sensors, Monitors
& Sources
Biologically-Inspired
Diversity Tools Reasoning About Insider
Threats
Applications
Cognitive Immunity and Self-Healing
GSR
GSRGSR
GSR GSR
Sensors, Monitors
& Sources
Event Dissemination and Processing
QuickSilver/Cayuga
GSRGSR
GSR CommunicationsQuickSilver/Ricochet
GSR Object/Data Mgmt
SAIIA, IITSR
![Page 12: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/12.jpg)
Summary of Redundancy Area
• Steward (SAIIA) provides intrusion-tolerant objects over wide-area networks
• IITSR focuses on Byzantine-tolerant data/object replication• QuickSilver considers scalable and reliable mechanisms, e.g. group
multicast and event dissemination • Projects are primarily focused on performance (as called for in BAA)
but do not investigate internal self-regeneration or reconfiguration (static fault tolerance is provided, in general)
• Opportunities exist to extend existing projects to provide self-regenerative redundant components, which could provide building blocks for larger self-regenerative systems, e.g. a self-regenerative replicated data store or self-regenerative objects
• Scalable event dissemination and processing is critical for RSRS architecture
![Page 13: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/13.jpg)
RSRS Architecture applied to Insider Area
Reasoning About Insider Threats
Monitor activitie
s
Control operat
or scope
Learn/refine model
Cognitive Immunity and Self-Healing
![Page 14: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/14.jpg)
Comparison of Insider Projects
PMOP
Cognitive Immunity and Self-Healing
Send harmful action for remediation
Potential action
behavior monitor
operating model
assess harm/intent
Normal/error
Danger/ Malicious
High Dimensional Search/Monitoring
Cognitive Immunity and Self-Healing
Restrict privilegesRefine
Model
sensor net
HD search engine
repository
Response
engine
![Page 15: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/15.jpg)
Summary of Insider Area
• PMOP uses a model-based approach• HDSM uses a model-based approach to
represent insider knowledge acquisition and high-dimensional search techniques for identifying suspicious activity from large sensor network output
• High-dimensional search is a candidate for learning-based diagnosis for large complex systems
![Page 16: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/16.jpg)
Summary of Findings
• All SRS program areas fit well within RSRS architecture concept
• More work is needed on cognitive approaches for large complex systems
• Examples of critical technologies for RSRS: scalable and reliable event dissemination/processing, high-dimensional search, biodiversity generators
• Opportunities exist to develop self-regenerative building-block components from some of the SRS technologies
![Page 17: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/17.jpg)
Part 2: Moving Forward
![Page 18: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/18.jpg)
RSRS Structural Architecture for Complex System
Event Disseminator
Cognitive/Reflective
SystemManager
M
L
A
Control Plane
System Status Info
SRS Commands
M
Application Group
Software Components
D
Detectors, e.g. IDS and Failure Detectors
Network of Virtual Sensors
A
M
AMulticas
tL L
M
A
L
M
A
L
D D
Self-regenerative Data Store (optional)
High-dimensiona
l search
![Page 19: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/19.jpg)
RSRS Structural Architecture for System of Systems
Global Event Disseminator
Centralized Event
Analyzer (optional)
M
L
A
![Page 20: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/20.jpg)
Military Data/Operations/Command Center
![Page 21: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/21.jpg)
DCGS Global C4ISR Enterprise
![Page 22: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/22.jpg)
Time-Critical Targeting (TCT)
• Executed within Air Operations Centers • Time-sensitive target with limited window of
opportunity• Tasks: find, fix, track, target, engage, and
assess• Applications: intelligence preparation, terrain
analysis, target development/nomination, weapon-target pairing
![Page 23: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/23.jpg)
RSRS Scenario with TCT and DCGS
1. TCT tasks are underway when a non-critical display application reports a data structure corruption event; the data structure is automatically repaired and the application continues; a few minutes later, another corruption is reported and repaired, although the application is forced to display at a lower resolution
2. The RSRS cognitive/reflective component queries DCGS event streams for recent reports and notes that a larger-than-expected number of workstation crashes have occurred over the last 15 minute period
3. The cognitive/reflective component then receives a report of errors from a replica, which is running a critical TCT task and is hosted on the same workstation as the display application
![Page 24: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/24.jpg)
RSRS Scenario, continued
4. A short time later, the workstation hosting the replica and display application crashes
5. Critical applications use reconfigurable objects, so the system automatically starts a new replica on another workstation
6. The RSRS high-dimensional search module is activated to analyze recent log and other event data within the Operations Center
7. The search reveals unusual activity on the Operations Center gateway and a connection from the gateway to the crashed machine via a rarely-used port shortly before data corruption began
![Page 25: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/25.jpg)
RSRS Scenario, continued
7. The cognitive/reflective component also notes that the application using the port is on the list of applications that interact with the display application
8. The RSRS actuator takes the following actions:• It disseminates its analysis results (suspected application
and port) to all other data/command/operations centers via DCGS
• It temporarily disconnects the Operations Center from DCGS and shuts down the gateway
• It reboots the failed workstation and disables the suspected application and port on all workstations
![Page 26: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/26.jpg)
RSRS Scenario, continued
9. Another data center, after seeing the Operations Center report, is able to capture and analyze the attack
10. The attack info is then used by a bio-diversity generator to create a resistant variant of the targeted application, which it distributes to other centers via DCGS
11. Once the TCT operation is completed, RSRS reconnects the Operations Center to DCGS, receives and installs the new variant on all machines, and reopens the closed ports
![Page 27: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/27.jpg)
Use of SRS Technologies in RSRS
• Learn/Repair: self-regeneration within software components, monitoring and event generation
• Cognitive model-based approaches: self-regeneration within embedded systems, e.g. UAVs, or single applications
• Cortex: self-regenerating databases• Dawson, Genesis: generation of resistant
software variants
![Page 28: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/28.jpg)
Use of SRS Technologies in RSRS
• HDSM: Analysis of event streams containing diverse event types and widely varying granularities and time scales
• SAIIA: object replication, reconfigurable and/or self-regenerating objects?
• IITSR: data replication, reconfigurable and/or self-regenerating data stores?
• QuickSilver: robust communication within the data center; event dissemination and filtering within the data center and across enterprise
![Page 29: RSRS Architecture Study Doug Blough and Calton Pu CERCS/Georgia Tech.](https://reader036.fdocuments.net/reader036/viewer/2022062407/56649eab5503460f94bb0936/html5/thumbnails/29.jpg)
RSRS Architecture - Next Steps
• Integrate SRS technologies• Architect cognitive reflective component• Study how existing systems can be integrated
with RSRS architecture, e.g. using wrappers and external monitors
• Apply RSRS to complex system and demonstrate successful self-regeneration in scenario like TCT or alternative