A pplications that P articipate in their O wn D efense ( APOD )

1. Applications that Participate in their Own Defense (APOD) Demo slides for FTN Winter PI Meeting St Petersburg, Florida Januray 16-19, 2001 A BBN Technologies Project Sponsored by DARPA Under the FTN Program (Dr. Douglas Maughan) Monitored by AFRL (Mr. Patrick Hurley)

2. BBN Technologies The APOD Technical Approach • Defense Enabling: increasing resistance to malicious attacks even though the environment in which the applications run is untrustworthy • Defense enabled applications have ‘defense strategies’, which are supported by ‘defense mechanisms’ • coordinated via an adaptive middleware (QuO) • in a systematic (as opposed to ad-hoc) manner with minimal changes in the application • Example defense strategies: try to defeat the attack, try to work around the attack, try to impose a stronger barrier against future attacks etc. • These strategies can be at various levels: application level, QoS/Resource Mgmt level, network/OS infrastructure level etc. • Example defense mechanisms: adaptive behavior, access control, IDS, network filtering, replication management • This demo presents an example defense enabled application capturing a cross-section of multiple defense mechanisms we have developed • It is a 3GS approach to survivability: adaptive use multiple mechanisms including 1GS (access control), 2GS (IDS) and others (replication)

3. Database Attacker The Air Space Monitoring (ASM) Application and example attacks BBN Technologies senses senses Fuses sensed data • Attacker’s motive • keep ASM from being useful • Example attacker strategies (only the blue ones are in the demo): • invoke methods on application objects • kill key application processes/take down hosts that run them • flood networks destroys Invokes unauthorized operations displays Observes/tunes parameters Administrator Radar Display

4. BBN Technologies Defense Enabled ASM • Individual Defense mechanisms: • Replication: a key object (database) is replicated using Proteus (developed under Quorum) dependability management mechanism • Dynamic Access Control: all objects are subject to OODTE access control policy which allows only a specific set of inter-object interaction • Packet Filtering: a COTS packet filtering mechanism (IPChains) is used as a representative example • IDS: a COTS IDS (Tripwire) is used as a representative example • Adaptive behaviorincludes adaptive use of most of the above. Some examples: • Application level adaptation: switching to back up database when multiple hosts running database replicas are suspect • Adaptive use of replication: pattern of replica crashes on a host causes moving the replica to a different host • Adaptive use of IDS: running Tripwire when multiple hosts are suspect • Adaptive use of access control: changing access control policies • Adaptive use of packet filtering: tightening the firewall to increase security of the backup

5. Database replica Database replica BBN Technologies Demo Organization simulated simulated simulatedc Proteus display replication hosts tomato jackfruit ugli macoun Backup db host Because of limited number of hosts, we share the hosts among multiple processes Main display Attacker Administrator Radar Display winesap