Aaron Paulos

MEAD: support for Real‐Time Fault‐Tolerant CORBA

The OMGs Real‐Time CORBA (RT‐CORBA) and Fault‐Tolerant CORBA (FT‐CORBA) specifications make it possible for todays CORBA implementations to exhibit either real‐time or fault tolerance in isolation. While real‐time requires a priori knowledge of the systems temporal operation, fault tolerance necessarily deals with faults that occur unexpectedly, and with possibly unpredictable fault recovery times. The MEAD (Middleware for Embedded Adaptive Dependability) system attempts to identify and to reconcile the conflicts between real‐time and fault tolerance, in a resource‐aware manner, for distributed CORBA applications. MEAD supports transparent yet tunable fault tolerance in real‐time, proactive dependability, resource‐aware system adaptation to crash, communication and timing faults with bounded fault detection and fault recovery. Copyright

Trinetra: Assistive Technologies for Grocery Shopping for the Blind

Trinetra aims for cost-effective, assistive technologies to provide an independent grocery-shopping experience for the blind by leveraging barcodes and networking diverse embedded COTS devices.

Dynamic Policy-Driven Quality of Service in Service-Oriented Systems

Service-oriented architecture (SOA) middleware has emerged as a powerful and popular distributed computing paradigm due to its high-level abstractions for composing systems and hiding platform-level details. Control of some details hidden by SOA middleware is necessary, however, to provide managed quality of service (QoS) for SOA systems that need predictable performance and behavior. This paper presents a policy-driven approach for managing QoS in SOA systems. We discuss the design of several key QoS services and empirically evaluate their ability to provide QoS under CPU overload and bandwidth-constrained situations.

A3: An Environment for Self-Adaptive Diagnosis and Immunization of Novel Attacks

This paper describes an ongoing research effort aiming to use adaptation to defend individual applications against novel attacks. Application focused adaptive security spans adaptive use of security mechanisms in both the host and the network. The work presented in this paper is developing key infrastructure capabilities and supporting services including mandatory mediation of application I/O, record and replay of channel interaction, and VMI-based monitoring and analysis of execution that will facilitate replay-based diagnosis and patch derivation for attacks that succeed and go unnoticed until a known undesired condition manifests. After describing the basics, we present the results from our initial evaluation and outline the next steps.

Fault Tolerant Approaches for Distributed Real-time and Embedded Systems

Fault tolerance (FT) is a crucial design consideration for mission-critical distributed real-time and embedded (DRE) systems, which combine the real-time characteristics of embedded platforms with the dynamic characteristics of distributed platforms. Traditional FT approaches do not address features that are common in DRE systems, such as scale, heterogeneity, real-time requirements, and other characteristics. Most previous R&D efforts in FT have focused on client-server object systems, whereas DRE systems are increasingly based on component-oriented architectures, which support more complex interaction patterns, such as peer-to-peer. This paper describes our current applied R&D efforts to develop FT technology for DRE systems. First, we describe three enhanced FT techniques that support the needs of DRE systems: a transparent approach to mixed-mode communication, auto-configuration of dynamic systems, and duplicate management for peer-to-peer interactions. Second, we describe an integrated FT capability for a real-world component-based DRE system that uses off-the-shelf FT middleware integrated with our enhanced FT techniques. We present experimental results that show that our integrated FT capability meets the DRE systems real-time performance requirements for both the responsiveness of failure recovery and the minimal amount of overhead introduced into the fault-free case.

Dynamic Policy-Driven Quality of Service in Service-Oriented Information Management Systems

SOA middleware has emerged as a powerful and popular distributed computing paradigm because of its high‐level abstractions for composing systems and encapsulating platform‐level details and complexities. Control of some details encapsulated by SOA middleware is necessary, however, to provide managed QoS for SOA systems that require predictable performance and behavior. This paper presents a policy‐driven approach for managing QoS in SOA systems called QoS enabled dissemination (QED). QED includes services for: (1) specifying and enforcing the QoS preferences of individual clients; (2) mediating and aggregating QoS management on behalf of competing users; and (3) shaping information exchange to improve real‐time performance. We describe QEDs QoS services and mechanisms in the context of managing QoS for a set of Publish‐Subscribe‐Query information management services. These services provide a representative case study in which CPU and network bottlenecks can occur, client QoS preferences can conflict, and system‐level QoS requirements are based on higher level, aggregate end‐to‐end goals. We also discuss the design of several key QoS services and describe how QEDs policy‐driven approach bridges users to the underlying middleware and enables QoS control based on rich and meaningful context descriptions, including users, data types, client preferences, and information characteristics. In addition, we present experimental results that quantify the improved control, differentiation, and client‐level QoS enabled by QED. Copyright

Advanced Adaptive Application (A3) Environment: initial experience

In this paper, we describe the prevention-focused and adaptive middleware mechanisms implemented as part of the Advanced Adaptive Applications (A3) Environment that we are developing as a near-application and application-focused cyber-defense technology under the DARPA Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) program.

Moving target defense (MTD) in an adaptive execution environment

This paper describes how adaptation support facilitated by an execution environment can be used to implement moving target defenses (MTD). Reactive and proactive use of adaptation, although beneficial for cyber defense, comes with additional cost, and therefore needs to be employed selectively. We also describe the pros and cons of using reactive and proactive adaptation for MTD for a representative sample of adaptations supported by an execution environment that we are developing.

Isolation of Malicious External Inputs in a Security Focused Adaptive Execution Environment

Reliable isolation of malicious application inputs is necessary for preventing the future success of an observed novel attack after the initial incident. In this paper we describe, measure and analyze, Input-Reduction, a technique that can quickly isolate malicious external inputs that embody unforeseen and potentially novel attacks, from other benign application inputs. The Input-Reduction technique is integrated into an advanced, security-focused, and adaptive execution environment that automates diagnosis and repair. In experiments we show that Input-Reduction is highly accurate and efficient in isolating attack inputs and determining casual relations between inputs. We also measure and show that the cost incurred by key services that support reliable reproduction and fast attack isolation is reasonable in the adaptive execution environment.

An Uncrewed Aerial Vehicle Attack Scenario and Trustworthy Repair Architecture

With the growing ubiquity of uncrewed aerial vehicles (UAVs), mitigating emergent threats in such systems has become increasingly important. In this short paper, we discuss an indicative class of UAVs and a potential attack scenario in which a benign UAV completing a mission can be compromised by a malicious attacker with an antenna and a commodity computer with open-source ground station software. We attest to the relevance of such a scenario for both enterprise and defense applications. We describe a system architecture for resiliency and trustworthiness in the face of these attacks. Our system is based on the quantitative assessment of trust from domain-specific telemetry data and the application of program repair techniques to UAV flight plans. We conclude with a discussion of restoring trust in post-repair UAV mission integrity.