Designing Protection and Adaptation into a Survivability Architecture: Demonstration and Validation (DPASA-DV)

Funded by DARPA IPTO OASIS DEM/VAL contract F30602-02-C-0134 via a subcontract from BBN Technologies

This project focuses on developing techniques for designing and validating intrusion tolerance. The first project task consists of performing a mission-objective-focused system analysis and engineering effort resulting in a thorough understanding of the specific system-functional and component survivability requirements. We are employing a systematic process that evaluates the innovative use of emerging technology to ensure survivability of mission-critical system components. The second project task focuses on developing a survivability architecture by describing how advanced survivability mechanisms are used in defining an effective (and revolutionary) survivability architecture. The third project task focuses on validation by conducting detailed model-based analysis of the proposed architecture to assess the level of protection provided to critical system components. The project will also identify the level of protection provided to key system components as well as residual vulnerability of key system components and the overall system to disruption. The University of Illinois team is leading the work on the third project task.

University of Illinois Team Personnel

• Adnan Agbaria (alumnus)
• Tod Courtney
• Michael Ihde (alumnus)
• Prof. William H. Sanders
• Mouna Seri
• Sankalp Singh
• Fabrice Stevens (alumnus)

Publications

• M. Ihde and W. H. Sanders, "Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance," Proceedings of the 2006 International Conference on Dependable Systems and Networks (DSN'06), Philadelphia, PA, USA, June 25-28, 2006, pp. 209-216.
• M. Ihde and W. H. Sanders, "Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance," submitted for publication.
• M. A. Ihde, Experimental Evaluations of Embedded Distributed Firewalls: Performance and Policy, Master's Thesis, University of Illinois at Urbana-Champaign, 2005.
• H. V. Ramasamy, A. Agbaria, and W. H. Sanders, "CoBFIT: A Component-Based Framework for Intrusion Tolerance," Proceedings of the 30th Euromicro Conference, Rennes, France, August 31-September 3, 2004, pp. 591-600.
• P. Rubel, M. Ihde, S. Harp, and C. Payne, "Generating Policies for Defense in Depth," Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, Arizona, December 5-9, 2005, pp. 505-514.
• S. Singh, A. Agbaria, F. Stevens, T. Courtney, J. F. Meyer, W. H. Sanders, and P. Pal, "Validation of a Survivable Publish-Subscribe System," International Scientific Journal of "Computing," vol. 4, no. 2, 2005.
• F. Stevens, Validation of an Intrusion-Tolerant Information System Using Probabilistic Modeling, M.S. thesis, the University of Illinois at Urbana-Champaign, 2004.
• F. Stevens, T. Courtney, S. Singh, A. Agbaria, J. F. Meyer, W. H. Sanders, and P. Pal, "Model-Based Validation of an Intrusion-Tolerant Information System," Proceedings of the 23rd Symposium on Reliable Distributed Systems (SRDS 2004), Florianópolis, Brazil, October 18-20, 2004, pp. 184-194.