computational resiliency
Download
Skip this Video
Download Presentation
Computational Resiliency

Loading in 2 Seconds...

play fullscreen
1 / 27

Computational Resiliency - PowerPoint PPT Presentation


  • 265 Views
  • Uploaded on

Computational Resiliency. Steve J. Chapin, Susan Older Syracuse University Gregg Irvin Mobium Enterprises. Recap: What is Computational Resiliency?. The ability to sustain application operation and dynamically restore the level of assurance during an attack.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Computational Resiliency' - RexAlvis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
computational resiliency

Computational Resiliency

Steve J. Chapin, Susan Older

Syracuse University

Gregg Irvin

Mobium Enterprises

OASIS PI Meeting

recap what is computational resiliency
Recap: What isComputational Resiliency?

The ability to sustain application operation

and dynamically restore the level

of assurance during an attack.

Application-centric self defense, built

on replication, migration, functionality

mutation, and camouflage.

computational resiliency3

ComputationalResiliency

Techniques applied to correct situation

Attack

Result of

Attack

Degraded Application trying to perform Mission CriticalFunction

Mission CriticalApplication

Degraded Application sufficiently Improved by Resiliency to perform Mission Critical Function

Computational Resiliency
example of crlib
Example of CRLib

“Safe Zone”

OASIS protection

“The Wild”

limited protection

the players
The Players
  • Rocky & Bullwinkle: our heroes, both air and ground forces.
  • Dudley: representative of allied power.
  • Boris & Natasha: Directed by shadowy figure (Fearless Leader). Mission: big trouble for Moose and Squirrel.
  • Snidely: attempting to disrupt Dudley’s jobs.
the benign state
The Benign State

Rocky’s job

Bullwinkle’s job

Dudley’s job

(low priority)

the attacks
The Attacks

Snidely:

blocked at

firewall

Dudley does nothing.

the attacks8
The Attacks

Natasha attacks Rocky; caught by IDS.

the attacks9
The Attacks

Rocky’s job migrates back into safe zone;

Dudley must give up resources.

the attacks10
The Attacks

Boris attacks Bullwinkle’s job.

Some attacks succeed.

the attacks11
The Attacks

Bullwinkle’s job employs camouflage,

decoys, and migration.

multi faceted approach
Multi-Faceted Approach
  • Strong theoretical basis
    • reason about conformance to policy
  • Computational resiliency library
    • dynamic application management
  • System software support
    • scheduling/policy frameworks
computational resiliency library
Computational ResiliencyLibrary
  • Group messaging
    • group contains multiple nodes
    • all nodes receive all messages to group
  • Replication/recovery with migration
    • liveness check at synchronization points
    • application readiness restored via node creation and migration
groups and messaging

Group 1

Group 3

node

channel

Group 2

Groups and Messaging

One group per cooperating task in a distributed computation.

group messaging detail

Group 1

Group 2

Group Messaging Detail

In actuality, each member of Group 1 has

a channel to each member of Group 2.

mapping of nodes to processors channels not shown
Nodes of group mapped across processors

Multiple nodes as threads in a single process

One or more processes per processor

Mapping of Nodes to Processors (channels not shown)

Group

Processor

periodic liveness check
Periodic Liveness Check
  • Done at user-defined synchronization points in the computation
  • All group members send ping messages to all others in the same group
  • Local Group Leader (1 per group) elected (responsible for restoring intra-group replication level)
  • LGLs elect Global Group Leader (responsible for inter-group coordination)
periodic liveness check ii
Periodic Liveness Check II
  • LGLs determine local status by fiat, restore replication level, and report to GGL
    • create new threads via cloning LGL
    • consensus option is in place but currently unused
  • GGL reports results of LGL actions to other LGLs.
  • LGL and GGL return to normal duty
current issues
Current Issues
  • Exploring through in-house red teaming and modeling
  • Efficiency of basic mechanisms
    • multiplicative communication load
    • additive computation load
  • Efficacy of basic mechanisms
    • Window of attack between liveness checks
    • Attack during liveness check
    • agreement algorithms
next steps
Next Steps
  • Additional policy choices
    • agreement protocols
    • replication/recovery methods
    • message passing schemes
  • Tool for user policy expression
    • state-dependent policy specified via “chinese menu” approach
    • logical predicates, state transitions

}

Not necessarily

orthogonal

choices

next steps24
Next Steps
  • -calculus-based formal model for core library behavior
  • Split/merge for groups
    • all nodes in a group must be identical
    • basis for load balancing, functionality mutation
  • First demo at summer PI meeting, 2001
schedule

6/00 12/00 6/01 12/02 6/02 12/02 6/03 12/03

Schedule

Basic -calc

Formal

equivalence

Policy/

Protocol

Analysis

Basic

CRLib

schedule ii

6/00 12/00 6/01 12/02 6/02 12/02 6/03 12/03

Schedule II

Funct. Mut.

Policy

Frameworks

Camouflage

Schedulers

Hard. Apps.

Integration

Demos

open issues
Open Issues
  • Cost/benefit analysis of CR
    • how much protection do we provide if the attacker knows what we’re trying to do?
    • How much is performance affected by message load, active replication, etc.
  • Potential integration with other OASIS
    • complementary with system-hardening technology (e.g., Dependable Intrusion Tolerance)
ad