Designing Protection and Adaptation into a Survivability Architecture: Demonstration and Validation (DPASA-DV)

Funded by DARPA IPTO OASIS DEM/VAL contract F30602-02-C-0134 via a subcontract from BBN Technologies

This project focused on developing techniques for designing and validating intrusion tolerance. The first project task consisted of performing a mission-objective-focused system analysis and engineering effort resulting in a thorough understanding of the specific system-functional and component survivability requirements. We employed a systematic process that evaluated the innovative use of emerging technology to ensure survivability of mission-critical system components. The second project task focused on developing a survivability architecture by describing how advanced survivability mechanisms are used in defining an effective (and revolutionary) survivability architecture. The third project task focused on validation by conducting detailed model-based analysis of the proposed architecture to assess the level of protection provided to critical system components. The project also identified the level of protection provided to key system components as well as residual vulnerability of key system components and the overall system to disruption. The University of Illinois team led the work on the third project task.

University of Illinois Team Personnel

• Adnan Agbaria
• Tod Courtney
• Michael Ihde
• Prof. William H. Sanders
• Mouna Seri
• Sankalp Singh
• Fabrice Stevens

---

Papers generated by the project

• M. Ihde and W. H. Sanders, “Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance,” Proceedings of the 2006 International Conference on Dependable Systems and Networks (DSN’06), Philadelphia, PA, USA, June 25-28, 2006, pp. 209-216. [IEEE Xplore entry]
• M. A. Ihde, Experimental Evaluations of Embedded Distributed Firewalls: Performance and Policy, Master’s Thesis, University of Illinois at Urbana-Champaign, 2005.
• H. V. Ramasamy, A. Agbaria, and W. H. Sanders, “CoBFIT: A Component-Based Framework for Intrusion Tolerance,” Proceedings of the 30th Euromicro Conference, Rennes, France, August 31-September 3, 2004, pp. 591-600. [IEEE Xplore entry]
• P. Rubel, M. Ihde, S. Harp, and C. Payne, “Generating Policies for Defense in Depth,” Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, Arizona, December 5-9, 2005, pp. 505-514. [IEEE Xplore entry]
• S. Singh, A. Agbaria, F. Stevens, T. Courtney, J. F. Meyer, W. H. Sanders, and P. Pal, “Validation of a Survivable Publish-Subscribe System,” International Scientific Journal of “Computing,” vol. 4, no. 2, 2005.
• F. Stevens, Validation of an Intrusion-Tolerant Information System Using Probabilistic Modeling, M.S. thesis, the University of Illinois at Urbana-Champaign, 2004.
• F. Stevens, T. Courtney, S. Singh, A. Agbaria, J. F. Meyer, W. H. Sanders, and P. Pal, “Model-Based Validation of an Intrusion-Tolerant Information System,” Proceedings of the 23rd Symposium on Reliable Distributed Systems (SRDS 2004), Florianópolis, Brazil, October 18-20, 2004, pp. 184-194. [IEEE Xplore entry]