CT-ISG: Towards Trusted Adaptation Dynamics in Computing Systems and Networks

CT-ISG：迈向计算系统和网络中的可信适应动态

• 批准号: 0524477
• 负责人: Azer Bestavros
• 金额: $ 30万
• 依托单位: Trustees of Boston University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2005
• 资助国家: 美国
• 起止时间: 2005-10-01 至 2009-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0524477&HistoricalAwards=false
• 关键词: CT; ISG; Towards; Trusted; Adaptation

This proposal aims to study (and develop appropriate defenses against) emerging exploits that target the "dynamics" of a system's operation---dynamics that result from the adaptation strategies deployed in most computing systems and networks. While few instances of adversarial exploits along these lines have been identified recently---namely, the PIs work on Reduction of Quality (RoQ) attacks on admission controllers of end-hosts and on TCP adaptation in networks---little is known about the significance, prevalence, and other-than-adversarial motives of such exploits, not to mention effective defenses. INTELLECTUAL MERITS: The work to be pursued as part of this proposal flows along three dimensions: (1) vulnerability assessment, (2) attack synthesis, and (3) hardening and countermeasures. Along the first dimension, and in order to assess the vulnerability of system components, the PIs intend to adopt a control-theoretic approach to model the transient operation of common adaptive system and network components -- from schedulers, load balancers, and admission controllers to network traffic engineering and routing protocols. These models will be used to analytically characterize the vulnerabilities of such components to various exploits, whether the motive of such exploits is adversarial in nature (e.g., reducing a system's fidelity or effective capacity) or simply unfriendly (e.g., causing the system to preferentially treat a particular class of requests or flows). Along the second dimension, the PIs will investigate how a determined adversary could infer the vulnerabilities of a given system component through simple observations (from the outside), and thereupon design an exploit of low intensity but of high impact on the component's availability or service quality. Along the third dimension, the PIs intend to develop mechanisms that harden a component's susceptibility to exploits by non-clairvoyant adversaries, and also enable the identification (e.g., trace-back) of perpetrators.The PIs will focus their attention on two specific types of systems that are particularly vulnerable to exploits of adaptation dynamics, and with which they have had quite a bit of experience, namely (A) network management and engineering, and (B) scalable web services, virtual hosting environments, and firewalls. These systems are particularly vulnerable due to their open nature, necessitating the use of dynamic resource management policies, which are exploitable by adversaries.Expected outcomes from this effort include:- The development of metrics and techniques that are capable of quantifying the vulnerabilities of computing systems to exploits that target their dynamics. - The development of design principles that elucidate the tradeoffs between various design goals. For example, by relating a system's adaptation speed to its susceptibility to exploits, a system designer would be able to discern the risks and rewards involved in choosing one adaptation strategy versus another. - The development of novel adaptation strategies and protocols that would be tolerant to specific exploits. While the PIs' focus will be on adaptation techniques that are prevalent in Internet systems, the new approaches and principles they develop will be applicable to a much wider range of systems, including operating systems, embedded systems, sensor networks, ad-hoc and distributed systems, among others.BROADER IMPACT: The proposed work will also result in important tangible contributions to education and training through the development of various artifacts, including:- The creation of a repository that would act as a knowledge base of known vulnerabilities and defenses in various adaptive systems. The mere availability of such a repository would be quite instrumental in hardening newly developed systems by enabling practitioners access to what amounts to benchmarks for testing their designs.- The development of artifacts (e.g., tutorials, laboratory modules, software tools, and Web-based demonstrations) that could be integrated into standard systems and networking curricula. In addition, the pursuit of the proposed work will result in important intangible broader impacts, including:- Heightening the research community's appreciation of the importance of system dynamics, which will undoubtedly lead to concrete advancement in basic research with the expected outcomes of scientific publications and student training.- Leveraging the efforts of the PIs in extending their proven service record to the systems and networking research community, as well as their outreach to minority and under-represented groups.Last but not least, the pursuit of the research outlined in this proposal will promote the design of information systems, which are worthy of (and to which we can entrust) our society.

该提案旨在研究（并制定适当的防御措施）针对系统操作的“动态”的新兴漏洞-动态，这是大多数计算系统和网络中部署的适应策略的结果。虽然最近已经确定了沿着这些路线的对抗性利用的一些实例--即，PI对终端主机的准入控制器和网络中的TCP适配进行质量降低（RoQ）攻击--但对这种利用的重要性、流行性和其他非对抗性动机知之甚少，更不用说有效的防御了。智力优势：作为本提案一部分的工作将沿着沿着三个方面进行：（1）脆弱性评估，（2）攻击合成，以及（3）加固和对策。沿着第一个维度，为了评估系统组件的脆弱性，PI打算采用控制理论方法来模拟 通用自适应系统和网络组件的瞬态操作--从路由器、负载均衡器和准入控制器到网络流量工程和路由协议。这些模型将用于分析这些组件对各种漏洞的脆弱性，无论这些漏洞的动机本质上是敌对的（例如，降低系统的保真度或有效容量）或仅仅是不友好的（例如，使得系统优先处理特定类别的请求或流）。沿着第二个维度，PI将调查确定的对手如何通过简单的观察（从外部）推断给定系统组件的漏洞，并因此设计低强度但对组件的可用性或服务质量具有高影响的利用。沿着第三个维度，PI打算开发一种机制，使组件对非透视对手的利用更加敏感，并且还能够识别（例如，PI将把他们的注意力集中在两种特别容易受到适应动态利用的特定类型的系统上，并且他们对此有相当多的经验，即（A）网络管理和工程，以及（B）可扩展的web服务、虚拟托管环境和防火墙。这些系统由于其开放性而特别脆弱，需要使用动态资源管理策略，这是对手可以利用的。这项工作的预期成果包括：-开发能够量化计算系统漏洞的指标和技术，以利用其动态。 - 设计原则的发展，阐明了各种设计目标之间的权衡。例如，通过将系统的适应速度与其对漏洞的敏感性联系起来，系统设计者将能够辨别选择一种适应策略与另一种适应策略所涉及的风险和回报。- 开发新的适应策略和协议，以容忍特定的漏洞。虽然PI的重点将放在互联网系统中普遍存在的适应技术上，但他们开发的新方法和原则将适用于更广泛的系统，包括操作系统、嵌入式系统、传感器网络、自组织和分布式系统等。拟议的工作还将通过开发各种产品，为教育和培训做出重要的实际贡献，包括：- 创建一个存储库，作为各种自适应系统中已知漏洞和防御的知识库。仅仅是这样一个存储库的可用性就可以通过使从业者能够访问测试其设计的基准来加强新开发的系统。人工制品的发展（例如，教程、实验室模块、软件工具和基于Web的演示），可以集成到标准系统和网络课程中。此外，对拟议工作的追求将产生重要的无形的更广泛的影响，包括：-提高研究界对系统动力学重要性的认识，这无疑将导致基础研究的具体进展，并带来科学出版物和学生培训的预期成果。利用PI的努力，将其经过验证的服务记录扩展到系统和网络研究社区，以及他们对少数群体和代表性不足的群体的推广。最后但并非最不重要的是，本提案中概述的研究将促进信息系统的设计，这是值得的（我们可以委托）我们的社会。