Philip K. McKinley Software Engineering and Network Systems Laboratory Department of Computer Science and Engineering Michigan State University RAPIDware: Adaptive Software for Critical Infrastructure Protection
Dec 25, 2015
Philip K. McKinley
Software Engineering and Network Systems Laboratory
Department of Computer Science and Engineering
Michigan State University
RAPIDware: Adaptive Software forCritical Infrastructure Protection
Critical Infrastructures
Examples:Electric power gridsTelecommunication networksWater systemsNuclear facilities, hydroelectric damsCommand and control networks Financial networks, and so on…
Managed by distributed computing facilities, connected to the Internet
Hence, they are at risk of cyber attack.
The consequences could be catastrophic.
RAPIDware ProjectFive-year, $3.1M project in CSE SENS Laboratory
Funded by U.S Office of Naval ResearchAdaptable Software / Critical Infrastructure Protection ProgramOutgrowth of Presidential Decision Directive 63 (May ’98)
Goal: Software (middleware) that can protect itself from:Cyber attackHardware and software component failuresChanging environmental conditionsDynamic application/user requirements (e.g. security policies)
RAPIDware supports: 5 CSE faculty members10 graduate research assistants
Middleware for “Internet Speed” development and evolution of applications must support:Multiple dimensions of adaptabilityAutonomous execution of middleware componentsDynamic composition of middleware services
“Principled” methods (compiler/language support, code generation, reflection, run-time checks, etc) needed to help ensure reliability, correctness, reusability, security
RAPIDware Investigators
Phil McKinley - distributed computing, network protocols, adaptive middleware, anomaly detection
Kurt Stirewalt - software analysis, interactive systems, model checking
Laura Dillon - formal methods for concurrent systems, real-time systems
Betty Cheng - software engineering, formal methods, object-oriented development
Sandeep Kulkarni - fault tolerance, security
What is Middleware?
Interconnected Computer Networks
Distributed Computer Applications
MIDDLEWARE (CORBA, J2EE, .NET,…)
Internet Protocols (TCP/IP)
Adaptive Middleware
Adaptive middleware can manage nonfunctional aspects of the system in coordinated fashion: actively monitor the system, execute security policies provide fault tolerance for specified components adapt to changing environmental conditionsmanage energy consumption in battery-powered devices insulate the application from device/network differences
“Always On” systems E.g., command and control, many critical infrastructure systems require dynamic adaptation in ways not envisioned during
development.
Enables systems to Operate Through Attacks
RAPIDware ApproachAdaptive middleware must support
Multiple dimensions of adaptabilityAutonomous execution of middleware componentsDynamic composition of middleware services
“Principled” methods Automated software development (e.g., code generation)Formal methods support for composition and adaptation
Needed for reliability, correctness, security
We focus on mobile computing systemsProblem is “harder” than in wired systemsExpected to dominate Internet access
Mobile Computing Testbed
Multiple-cell wireless LAN
Various laptop, handheld, and wearable computers
Isolating Adaptive Functionality
APPLICATION LAYER
observers
responders Proxy node(e.g., desktop)
Application
Host computer (desktop)
core middleware components
Application
Host computer (wearable)
Application
Host computer (palmtop)
data paths
MIDDLEWARE LAYER
NETWORK LAYER
Adaptive JavaMany adaptive middleware approaches involve
computational reflectionability of a process to reason about (and alter) its behavior
We developed Adaptive Java Extension of Java programming languageProvides language-level support for adaptability
Example use: Meta(morphic) sockets that can:report behavior to intrusion detection systeminsert forward error correction for wireless networkschange socket behavior to save power
MetaSocket Configuration
Application or Middleware Base Code
MetaSocket Layer
To Network
Adaptive Logic
MetaSocket Structure
Application can insert and remove filters that manipulate the data stream
Some base-class methods are occluded
Socket
Send-Socket
InsertFilter
RemoveFilter
GetStatusclosesend
filter with thread and buffer
MetaSendSocket
Examples: Error Control and Component Auditing
Adaptive Java makes it possible to change components dynamically.
Effectively, any component can be made more robust, or more secure at run time.
Nature of auditing can be determined after development.
On-demand auditing may be especially useful to mobile systems.
Wired Network Wireless Network
Trader
Notifying eventRefraction or transmutation
ComponentLoader
DecisionMaker(DM)
InformationEvent
Mediator
DM
DMDM
A
B
C
Informer DM Decision Maker
Experimental Configuration
Second source begins transmitting to multicast address during audio conversation
Access Point
Wireless iPAQ Receivers
Audio Stream
Legitimate Source
...
Malicious/errantSource
Adaptive Metasocket Behavior
Loss thresholds set to 30% and 10%.
Network Packet Loss vs. Application Packet Loss
0
5
10
15
20
25
30
35
40
45
50
1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 65 69 73 77 81 85 89 93
Packet Set (100 packets per set)
Pac
ket
Lo
ss R
ate
(per
cen
tag
e)
Network Packet Loss
Application Packet Loss
Detection of Second Source
Interpacket Delay
0
5
10
15
20
25
30
35
40
45
50
1
22
43
64
85
10
6
12
7
14
8
16
9
19
0
21
1
23
2
25
3
27
4
29
5
31
6
33
7
35
8
37
9
40
0
42
1
44
2
46
3
48
4
50
5
52
6
54
7
56
8
Packet Number
Inte
rpac
ket
del
ay (
mil
lise
con
ds)
Second source starts at packet 349, detected at packet 379.
Filter inserted automatically to remove “noise.”
Summary
RAPIDware is an ONR-funded project in the CSE Dept.
Addresses adaptive middleware to protect critical infrastructures from:Cyber attacksComponent failuresDynamic external conditions
Particular focus on wireless, collaborative computing systems
Adaptive Java Programming language support for adaptabilityEnables dynamic reconfiguration and auditing of components in deployed
systems
Ongoing Work
Adaptive Java and MetaSockets:Dynamic auditing of componentsDynamic energy consumption managementQuality of service for wireless networks
Higher-level languages for adaptability
Middleware/Operating System cooperation for SecurityEnergy management
Anomaly detection using statistical methods
Wireless network protocols (video, audio, data)
Security and robustness of peer-to-peer networks
Potential CollaborationWe are always looking for new research collaboratorsSecurity/robustness of mobile computing systems
Emergency services Command and control Medical applications
Intrusion/anomaly detection and monitoring Control of:
Telecommunication networks Water distribution systems Power grids Business/financial systems
“Smart” physical infrastructures: buildings, bridges, dams, etc.Traceability of software development and usage for
Computer forensics? Tracking intruders
Cognitive/Decision-making processes
Related PapersP. McKinley, U. Padmanabhan, N. Ancha, “Experiments in composing proxy
audio services for mobile users,” Proc. ACM/IFIP International Conference on Distributed Systems Platforms (Middleware’01), Heidelberg, Germany, Nov. 2001.
P. K. McKinley, et al., Realizing multi-dimensional software adaptation,'' in Proceedings of the ACM Workshop on Self-Healing, Adaptive and self-MANaged Systems (SHAMAN), (New York), June 2002.
E. Kasten, et al., “Separating introspection and intercession to support metamorphic distributed systems,” Proc. IEEE Workshop on Aspect-Oriented Programming for Distributed Computing Systems (AOPDCS’02), Vienna, Austria, July 2002.
P. K. McKinley, S. Sadjadi, E. P. Kasten, and R. Kalaskar, “Programming language support for adaptable wearable computing,‘” in Proceedings of the Sixth International Symposium on Wearable Computers, Seattle, Washington, October 2002.
Z. Yang, et al., “An aspect-oriented approach to dynamic adaptation,” in Proceedings of the ACM SIGSOFT Workshop on Self-Healing Systems (WOSS02) (Charleston, South Carolina), November 2002.
Acknowledgements
U.S. Department of the Navy, Office of Naval Research, Grant No. N00014-01-1-0744.
U.S. National Science Foundation grants: CDA-9617310, NCR-9706285, CCR-9912407, EIA-0000433, and EIA-0130724
This work was supported in part by:
Further Information
Software Engineering and Network Systems Lab: www.cse.msu.edu/sens
RAPIDware Project: www.cse.msu.edu/rapidware
Email contact: [email protected]