IA&S Joint PI Meeting

Honolulu, HI

17-21 July 2000

ITS Track

IA&SIA&S

Administrative Notes

• Please provide electronic copy of presentation for web site posting before departure.

• Agenda Discipline– Presentation Length (“The Hook”)– Breaks (Lunch-Colony for us, other breaks)

• Sidebars (Scheduled chat with PM)• Tours (Submarine, TCCC, JWID)• Social Events (Happy Hour, Luau)• Available Services (ISDN, Fax, Messages)• Cell Phones

– Technology shouldn’t subvert good manners

Program Manager’s Welcome

Intrusion Tolerant Systems Track

Joint IA&S Principal Investigator’s Meeting

Honolulu, Hawaii

July 17 – 21, 2000

Intrusion Tolerant SystemsMajor Events & Milestones: August 1999 – July 2000

ITS Program KickoffSummer IA&S Joint PI Meeting

August 2,3 1999

ITS Winter PI MeetingFebruary 22, 23 2000

Program

RM

Kernel

RMProgram

Kernel

Program

Kernel

RM

Kernel supported

InterpreterModified application

Real Time Execution Monitors

Summer IA&S Joint PI MeetingJuly 17-21, 2000

Proxy Servers

Ballot Monitors

Acceptance Monitors

COTS Servers

Audit Control

Adaptive Reconfiguration

P1 B1

P2 B2

P3 B3

P4 B4

A1

A2

A3

A4

S1

S3

S4

Request

Control

ControlControl

ResponsesResponsesResponses

S2

Error DetectionTolerance Triggers

Error Compensation, ResponseRecovery

ITS WorkshopOctober 4,5 1999

Site Visits

• Augments the two Bi-annual PI Meetings• Purpose:

– Meet the project team– More in depth description of project– Familiarization with the PI’s organization– Informal discussion/questions/exchange of ideas– Bring problems to the attention of the PM

• Annual Affair• Generally a ½ day (approx. 4 hours) is sufficient• Presentations posted to web site

Project Status Reports

• Requirements specified in contract– Generally monthly for commercial organizations– Generally quarterly for university grants

• Purpose:– Tool for PM to monitor progress– Contract management for agent

• Timeliness

Project Summaries and Quad Charts

• Update existing summaries– Important for accuracy and currency

• Need summaries for new projects– Visit http://schafercorp-ballston.com/its for examples

• Summaries very useful for collecting project information• Summaries are provided on web site accessible to general

public• Press Releases

– Coordinate with PM in advance of release

ITS Web Site

• http://tolerantsystems.org– Under Construction– Link to active ITS web site

• http://iaands.org– Link to ITS

• http://schafercorp-ballston.com/its/– Project summaries– ITS Kickoff Meeting (Phoenix)– ITS Williamsburg Workshop– ITS Winter PI Meeting (Aspen)– User id:itsfolks p/w:redundant

Presentation & Meeting Guidance

• New Format– Group discussion at the end of each related set of presentations

• Present as if talking to your peers– These presentations are as much for them as for the PM

• Jumping around between tracks– Some of you have conflicts with other tracks– Attending presentations in parallel tracks is allowed, even encouraged

• Other presentations– PACOM speakers with operational emphasis– EWG Process– Threat/Attack Model and Policy Specification Workshop– JBI

Goals of Wednesday Discussion

• Better understanding of threat/attack models different projects are working with

• Better understanding of what protection the current ITS projects will provide– individually– collectively

• What is your attack model?• What policies can you enforce?

Monday Afternoon

• 12:30- Program Manager’s Welcome (Jay Lala, DARPA)• 12:40- Automatic Synthesis of Program-based Triggers for Intrusion

Tolerance Mechanisms (C.C. Michael, RST Corp)• 1:05- System Health and Intrusion Monitoring (SHIM): A New Approach to

Triggering Intrusion Tolerant Mechanisms (Calvin Ko, NAI Labs)• 1:30- Semantic Data Integrity (David Rosenthal, ORA)• 2:00- Break• 2:15- Group Discussion• 2:30- Self Protecting Mobile Agents (Lee Badger, NAI Labs)• 3:25- Group Discussion

Tuesday Morning

• 6:30- Registration and Breakfast• 7:30- PACOM Speaker (Col(P)) Jan Hicks• 8:30- Break• 8:45- Scaling Proof-Carrying Code to Production Compilers and Security

Policies (Andrew Appel, Princeton University)• 9:15- New Approaches to Mobile Code: Reconciling Execution Efficiency

with Provable Security (Michael Franz, UC, Irvine)• 9:45- Break• 10:10- Containment and Integrity for Mobile Code (Andrew Myers, Cornell)• 10:40- Group Discussion• 10:55- MAFTIA (Yves Deswarte, LAAS-CNRS; SRI International)• 11:30- Lunch

Tuesday Afternoon

• 12:30- Intrusion Tolerant Server Infrastructure (Dick O’Brien, Secure Computing Corp.)

• 12:55- Intrusion Tolerance Using Masking, Redundancy, and Dispersion (Janet Lepanto, Draper Labs)

• 1:20- Hierarchical Adaptive Control for QoS Intrusion Tolerance (James Just, Teknowledge)

• 1:45- Group Discussion• 2:00- Break• 2:15- A High Security Information System (Joe Johnson, University of

South Carolina)• 2:40- Engineering a Distributed Intrusion Tolerant Database System Using

COTS Components (Peng Liu, Univ of Maryland, Baltimore County)• 3:05- Group Discussion

Wednesday Morning

• 6:30- Registration and Breakfast• 7:30- PACOM Speaker• 8:45- Cross Program Presentations• 9:45 Break• 10:00 Threat/Attack Model and Policy Specifications Discussion (Carl

Landwehr, Mitretek)• 10:30 Models of Security Policies for Proof-Carrying Code (Andrew Appel,

Princeton University)• 11:30- Lunch

Wednesday Afternoon

• 12:30- Active Trust Management (ATMs) for Autonomous Adaptive Survivable Systems (Howard Shrobe, MIT)

• 12:55- Dependable Intrusion Tolerance (Alfonso Valdes, SRI International)• 1:20- Intrusion Tolerant Software Architecture (Bruno Dutertre, SRI

International)• 1:45- Group Discussion• 2:00- Break• 2:15- Joint Battlespace Infosphere (Walt Tirenin, AFRL)• 3:00- Using Maximum Entropy for Rapid Cyberwarfare Deduction and

Inference - A Demonstration (Philip Calabrese, SSC-SD)

Thursday Morning

• 6:30- Registration and Breakfast• 7:30- PACOM Guest Speaker• 8:30- Break• 8:45- A Distributed Framework for Perpetually Available and Secure Information

Systems (Greg Ganger/Pradeep Khosla, CMU)• 9:15- PASIS Demonstration (Greg Ganger/Pradeep Khosla, CMU)• 9:25- SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services

(Fengmin Gong, MCNC)• 9:50- Break• 10:05- Tolerating Intrusions Through Secure System Reconfiguration (Alexander

Wolf, Univ. of Colorado)• 10:30- Group Discussion• 10:40- Randomized Failover Intrusion Tolerant Systems (RFITS) (Ranga Ramanujan,

Architecture Technology Corp.)• 11:05- Computational Resiliency (Steve Chapin, Syracuse)• 11:30- Lunch

Thursday Afternoon

• 12:30- Agile Objects – Component-based Inherent Survivability (Andrew Chien, UC, San Diego)

• 1:00- A Comprehensive Approach for Intrusion Tolerance Based on Intelligent Compensating Middleware (Amjad Umar, Telcordia Technologies)

• 1:25- Group Discussion• 1:35- FOUR A – Agent Adaptation and Assurance (Bill Scherlis, CMU)• 2:05- Break• 2:20- Intrusion Tolerant Distributed Object Systems (Gregg Tally, NAI Labs)• 2:45- Intrusion Tolerance by Unpredictable Adaptation (IT by UA) (Partha

Pal, BBN Technologies)• 3:10- Group Discussion

Friday Morning

• 6:30- Breakfast• 7:30- PACOM Guest Speaker• 8:30- Break• 8:45- Effectively Constraining Active Scripting on the Win32 Platform

(Anup Ghosh, RST Corp)• 9:15- Integrity Through Mediated Interfaces (Bob Balzer, Teknowledge)• 9:45- Break• 10:00- A Binary Agent Technology for COTS Software Integrity (Anant

Agarwal, InCert Software Corp)• 10:30- Group Discussion• 10:45- Program Manager’s Closing Remarks