Designing Protection and Adaptation into a Survivability Architecture: Demonstration and Validation (DPASA-DV)
Funded by DARPA IPTO OASIS DEM/VAL contract F30602-02-C-0134 via a subcontract from BBN Technologies
This project focused on developing techniques for designing and validating intrusion tolerance. The first project task consisted of performing a mission-objective-focused system analysis and engineering effort resulting in a thorough understanding of the specific system-functional and component survivability requirements. We employed a systematic process that evaluated the innovative use of emerging technology to ensure survivability of mission-critical system components. The second project task focused on developing a survivability architecture by describing how advanced survivability mechanisms are used in defining an effective (and revolutionary) survivability architecture. The third project task focused on validation by conducting detailed model-based analysis of the proposed architecture to assess the level of protection provided to critical system components. The project also identified the level of protection provided to key system components as well as residual vulnerability of key system components and the overall system to disruption. The University of Illinois team led the work on the third project task.
University of Illinois Team Personnel
Papers generated by the project:
- M. Ihde and W. H. Sanders, "Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance," Proceedings of the 2006 International Conference on Dependable Systems and Networks (DSN'06), Philadelphia, PA, USA, June 25-28, 2006, pp. 209-216. [IEEE Xplore entry]
- M. A. Ihde, Experimental Evaluations of Embedded Distributed Firewalls: Performance and Policy, Master's Thesis, University of Illinois at Urbana-Champaign, 2005.
- H. V. Ramasamy, A. Agbaria, and W. H. Sanders, "CoBFIT: A Component-Based Framework for Intrusion Tolerance," Proceedings of the 30th Euromicro Conference, Rennes, France, August 31-September 3, 2004, pp. 591-600. [IEEE Xplore entry]
- P. Rubel, M. Ihde, S. Harp, and C. Payne, "Generating Policies for Defense in Depth," Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, Arizona, December 5-9, 2005, pp. 505-514. [IEEE Xplore entry]
- S. Singh, A. Agbaria, F. Stevens, T. Courtney, J. F. Meyer, W. H. Sanders, and P. Pal, "Validation of a Survivable Publish-Subscribe System," International Scientific Journal of "Computing," vol. 4, no. 2, 2005.
- F. Stevens, Validation of an Intrusion-Tolerant Information System Using Probabilistic Modeling, M.S. thesis, the University of Illinois at Urbana-Champaign, 2004.
- F. Stevens, T. Courtney, S. Singh, A. Agbaria, J. F. Meyer, W. H. Sanders, and P. Pal, "Model-Based Validation of an Intrusion-Tolerant Information System," Proceedings of the 23rd Symposium on Reliable Distributed Systems (SRDS 2004), Florianópolis, Brazil, October 18-20, 2004, pp. 184-194. [IEEE Xplore entry]
COPYRIGHT NOTICES: The above electronic files are presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
The following copyright notice applies to all of the above items that appear in IEEE publications: "Personal use of this material is permitted. However, permission to reprint/publish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from IEEE."