Applications that Participate in their Own Defense APOD

1
Applications that Participate in their Own
Defense (APOD)
Demo slides for FTN Winter PI Meeting St
Petersburg, Florida Januray 16-19, 2001

• A BBN Technologies Project
• Sponsored by DARPA
• Under the FTN Program
• (Dr. Douglas Maughan)
• Monitored by AFRL
• (Mr. Patrick Hurley)

2
The APOD Technical Approach
BBN Technologies

• Defense Enabling increasing resistance to
  malicious attacks even though the environment in
  which the applications run is untrustworthy
• Defense enabled applications have defense
  strategies, which are supported by defense
  mechanisms
• coordinated via an adaptive middleware (QuO)
• in a systematic (as opposed to ad-hoc) manner
  with minimal changes in the application
• Example defense strategies try to defeat the
  attack, try to work around the attack, try to
  impose a stronger barrier against future attacks
  etc.
• These strategies can be at various levels
  application level, QoS/Resource Mgmt level,
  network/OS infrastructure level etc.
• Example defense mechanisms adaptive behavior,
  access control, IDS, network filtering,
  replication management
• This demo presents an example defense enabled
  application capturing a cross-section of multiple
  defense mechanisms we have developed
• It is a 3GS approach to survivability adaptive
  use multiple mechanisms including 1GS (access
  control), 2GS (IDS) and others (replication)

3
BBN Technologies
The Air Space Monitoring (ASM) Application and
example attacks
senses
senses
Fuses sensed data

• Attackers motive
• keep ASM from being useful
• Example attacker strategies (only the blue ones
  are in the demo)
• invoke methods on application objects
• kill key application processes/take down hosts
  that run them
• flood networks

destroys
Invokes unauthorized operations
displays
Observes/tunes parameters
Radar Display
Administrator
4
Defense Enabled ASM
BBN Technologies

• Individual Defense mechanisms
• Replication a key object (database) is
  replicated using Proteus (developed under Quorum)
  dependability management mechanism
• Dynamic Access Control all objects are subject
  to OODTE access control policy which allows only
  a specific set of inter-object interaction
• Packet Filtering a COTS packet filtering
  mechanism (IPChains) is used as a representative
  example
• IDS a COTS IDS (Tripwire) is used as a
  representative example
• Adaptive behavior includes adaptive use of most
  of the above. Some examples
• Application level adaptation switching to back
  up database when multiple hosts running database
  replicas are suspect
• Adaptive use of replication pattern of replica
  crashes on a host causes moving the replica to a
  different host
• Adaptive use of IDS running Tripwire when
  multiple hosts are suspect
• Adaptive use of access control changing access
  control policies
• Adaptive use of packet filtering tightening the
  firewall to increase security of the backup

5
BBN Technologies
Demo Organization
simulated
simulated
simulatedc
Proteus display
replication hosts
tomato
jackfruit
ugli
macoun
Backup db host
Because of limited number of hosts, we share the
hosts among multiple processes
Main display
Radar Display
Administrator
Attacker
winesap