Philip K. McKinley

Software Engineering and Network Systems Laboratory

Department of Computer Science and Engineering

Michigan State University

RAPIDware: Adaptive Software forCritical Infrastructure Protection

Critical Infrastructures

Examples:Electric power gridsTelecommunication networksWater systemsNuclear facilities, hydroelectric damsCommand and control networks Financial networks, and so on…

Managed by distributed computing facilities, connected to the Internet

Hence, they are at risk of cyber attack.

The consequences could be catastrophic.

RAPIDware ProjectFive-year, $3.1M project in CSE SENS Laboratory

Funded by U.S Office of Naval ResearchAdaptable Software / Critical Infrastructure Protection ProgramOutgrowth of Presidential Decision Directive 63 (May ’98)

Goal: Software (middleware) that can protect itself from:Cyber attackHardware and software component failuresChanging environmental conditionsDynamic application/user requirements (e.g. security policies)

RAPIDware supports: 5 CSE faculty members10 graduate research assistants

Middleware for “Internet Speed” development and evolution of applications must support:Multiple dimensions of adaptabilityAutonomous execution of middleware componentsDynamic composition of middleware services

“Principled” methods (compiler/language support, code generation, reflection, run-time checks, etc) needed to help ensure reliability, correctness, reusability, security

RAPIDware Investigators

Phil McKinley - distributed computing, network protocols, adaptive middleware, anomaly detection

Kurt Stirewalt - software analysis, interactive systems, model checking

Laura Dillon - formal methods for concurrent systems, real-time systems

Betty Cheng - software engineering, formal methods, object-oriented development

Sandeep Kulkarni - fault tolerance, security

What is Middleware?

Interconnected Computer Networks

Distributed Computer Applications

MIDDLEWARE (CORBA, J2EE, .NET,…)

Internet Protocols (TCP/IP)

Adaptive Middleware

Adaptive middleware can manage nonfunctional aspects of the system in coordinated fashion: actively monitor the system, execute security policies provide fault tolerance for specified components adapt to changing environmental conditionsmanage energy consumption in battery-powered devices insulate the application from device/network differences

“Always On” systems E.g., command and control, many critical infrastructure systems require dynamic adaptation in ways not envisioned during

development.

Enables systems to Operate Through Attacks

RAPIDware ApproachAdaptive middleware must support

Multiple dimensions of adaptabilityAutonomous execution of middleware componentsDynamic composition of middleware services

“Principled” methods Automated software development (e.g., code generation)Formal methods support for composition and adaptation

Needed for reliability, correctness, security

We focus on mobile computing systemsProblem is “harder” than in wired systemsExpected to dominate Internet access

Mobile Computing Testbed

Multiple-cell wireless LAN

Various laptop, handheld, and wearable computers

Isolating Adaptive Functionality

APPLICATION LAYER

observers

responders Proxy node(e.g., desktop)

Application

Host computer (desktop)

core middleware components

Application

Host computer (wearable)

Application

Host computer (palmtop)

data paths

MIDDLEWARE LAYER

NETWORK LAYER

Adaptive JavaMany adaptive middleware approaches involve

computational reflectionability of a process to reason about (and alter) its behavior

We developed Adaptive Java Extension of Java programming languageProvides language-level support for adaptability

Example use: Meta(morphic) sockets that can:report behavior to intrusion detection systeminsert forward error correction for wireless networkschange socket behavior to save power

MetaSocket Configuration

Application or Middleware Base Code

MetaSocket Layer

To Network

Adaptive Logic

MetaSocket Structure

Application can insert and remove filters that manipulate the data stream

Some base-class methods are occluded

Socket

Send-Socket

InsertFilter

RemoveFilter

GetStatusclosesend

filter with thread and buffer

MetaSendSocket

Examples: Error Control and Component Auditing

Adaptive Java makes it possible to change components dynamically.

Effectively, any component can be made more robust, or more secure at run time.

Nature of auditing can be determined after development.

On-demand auditing may be especially useful to mobile systems.

Wired Network Wireless Network

Trader

Notifying eventRefraction or transmutation

ComponentLoader

DecisionMaker(DM)

InformationEvent

Mediator

DM

DMDM

A

B

C

Informer DM Decision Maker

Experimental Configuration

Second source begins transmitting to multicast address during audio conversation

Access Point

Wireless iPAQ Receivers

Audio Stream

Legitimate Source

...

Malicious/errantSource

Adaptive Metasocket Behavior

Loss thresholds set to 30% and 10%.

Network Packet Loss vs. Application Packet Loss

0

5

10

15

20

25

30

35

40

45

50

1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 65 69 73 77 81 85 89 93

Packet Set (100 packets per set)

Pac

ket

Lo

ss R

ate

(per

cen

tag

e)

Network Packet Loss

Application Packet Loss

Detection of Second Source

Interpacket Delay

0

5

10

15

20

25

30

35

40

45

50

1

22

43

64

85

10

6

12

7

14

8

16

9

19

0

21

1

23

2

25

3

27

4

29

5

31

6

33

7

35

8

37

9

40

0

42

1

44

2

46

3

48

4

50

5

52

6

54

7

56

8

Packet Number

Inte

rpac

ket

del

ay (

mil

lise

con

ds)

Second source starts at packet 349, detected at packet 379.

Filter inserted automatically to remove “noise.”

Summary

RAPIDware is an ONR-funded project in the CSE Dept.

Addresses adaptive middleware to protect critical infrastructures from:Cyber attacksComponent failuresDynamic external conditions

Particular focus on wireless, collaborative computing systems

Adaptive Java Programming language support for adaptabilityEnables dynamic reconfiguration and auditing of components in deployed

systems

Ongoing Work

Adaptive Java and MetaSockets:Dynamic auditing of componentsDynamic energy consumption managementQuality of service for wireless networks

Higher-level languages for adaptability

Middleware/Operating System cooperation for SecurityEnergy management

Anomaly detection using statistical methods

Wireless network protocols (video, audio, data)

Security and robustness of peer-to-peer networks

Potential CollaborationWe are always looking for new research collaboratorsSecurity/robustness of mobile computing systems

Emergency services Command and control Medical applications

Intrusion/anomaly detection and monitoring Control of:

Telecommunication networks Water distribution systems Power grids Business/financial systems

“Smart” physical infrastructures: buildings, bridges, dams, etc.Traceability of software development and usage for

Computer forensics? Tracking intruders

Cognitive/Decision-making processes

Related PapersP. McKinley, U. Padmanabhan, N. Ancha, “Experiments in composing proxy

audio services for mobile users,” Proc. ACM/IFIP International Conference on Distributed Systems Platforms (Middleware’01), Heidelberg, Germany, Nov. 2001.

P. K. McKinley, et al., Realizing multi-dimensional software adaptation,'' in Proceedings of the ACM Workshop on Self-Healing, Adaptive and self-MANaged Systems (SHAMAN), (New York), June 2002.

E. Kasten, et al., “Separating introspection and intercession to support metamorphic distributed systems,” Proc. IEEE Workshop on Aspect-Oriented Programming for Distributed Computing Systems (AOPDCS’02), Vienna, Austria, July 2002.

P. K. McKinley, S. Sadjadi, E. P. Kasten, and R. Kalaskar, “Programming language support for adaptable wearable computing,‘” in Proceedings of the Sixth International Symposium on Wearable Computers, Seattle, Washington, October 2002.

Z. Yang, et al., “An aspect-oriented approach to dynamic adaptation,” in Proceedings of the ACM SIGSOFT Workshop on Self-Healing Systems (WOSS02) (Charleston, South Carolina), November 2002.

Acknowledgements

U.S. Department of the Navy, Office of Naval Research, Grant No. N00014-01-1-0744.

U.S. National Science Foundation grants: CDA-9617310, NCR-9706285, CCR-9912407, EIA-0000433, and EIA-0130724

This work was supported in part by:

Further Information

Software Engineering and Network Systems Lab: www.cse.msu.edu/sens

RAPIDware Project: www.cse.msu.edu/rapidware

Email contact: mckinley@cse.msu.edu