Download Air Force Center for Research on GIG/NCES Challenges (AF

Air Force Center for Research on GIG/NCES
Challenges (AF-TRUST-GNC)
Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
Context


TRUST mission includes commitment to create
significant dialog with stakeholder communities (e.g.
in medicine, financial community, power systems)
2005 saw substantial progress with Air Force
–
–
Dialog builds on a longer history of collaboration between Air
Force and our participants. For example, Air Force
Information Assurance Institute at Cornell
TRUST members assisted in two major studies of GIG/NCES
impact on Air Force research priorities in 2005



AFRL/IF (JBI) Prometheus study
Info Sharing 2010 study requested by SAF-XCX: a pair of TLAs
that includes CIO office of the Secretary of the Air Force (SAF)).
AF-TRUST proposal reflects priorities identified in
these studies
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
2
Advantage: Information
“The natural formation of the country is the soldier's best ally;
but a power of estimating the adversary, of controlling the
forces of victory, and of shrewdly calculating difficulties,
dangers and distances, constitutes the test of a great
general. He who knows these things, and in fighting puts his
knowledge into practice, will win his battles. ”
- General Sun-Tzu Wu, 512BC
Challenge? Finding it!
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
3
The proposed NCES/GIG architecture?



"TRUST and the Global Information
Grid", Ken Birman
Basis is Web Services
standard, although
CORBA is likely to be
used on server
clusters
Primary application
platform will be
Microsoft Windows
NSA and DISA are
playing key roles in
mapping these
components to military
needs
TRUST, Washington, D.C. Meeting January 9–10, 2006
4
Steps to GIG/NCES

Today
–
–

AF runs three side-by-side operational networks and many
dedicated subnetworks, i.e. to control autonomous vehicles
Connects to Internet and other services through various
DISA-operated gateways.
Tomorrow
–
–
–
Single Dark Core: A vision of a unified network with a small
high-security core and a substantial audited but mediumsecurity region.
XML browsers and email throughout, posing a recognized
security risk but offering needed information accessibility
Legacy/stovepipe applications ported and wrapped for
accessibility within this common operating environment
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
5
Missing pieces to the story?

There are many
–
At a “superficial” level, just using the proposed
platform to solve the kinds of problems being
posed is challenging

–
For example, imagine an application that needs mapping
data for Falluja. Which servers have this data? Are some
more up to date, or less loaded, or experiencing faults?
Which one is best? What security policies should apply?
At a more technical level, Web Services lack
properties one would normally expect for missioncritical military systems
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
6
The Prometheus Project
Real-time, Scalable, &
Secure Information
Management for the GIG
Ken Birman
[email protected]
Cornell University
Mike Reiter
[email protected]
Carnegie Mellon University
Douglas C. Schmidt
[email protected]
TRUST, Washington,
D.C. Meeting
January 9–10, 2006
Vanderbilt
University
Tuesday, January 10, 2006
Prometheus Emphasis: Meeting Demands for
QoS-enabled Information Management
Key problem space challenges
• Network-centric, dynamic, very largescale systems of systems (SoS)
• Stringent simultaneous quality of
service (QoS) demands
• e.g. real-time, scalability, security
• Demand for QoS-enabled operational &
tactical Global Information Grid (GIG)
Key solution space challenges
• Enormous accidental & inherent
complexities
• Continuous technology evolution &
change
• Highly diverse network, platform,
"TRUST and the Global Information
language,
& tool environments TRUST, Washington, D.C. Meeting January 9–10, 2006
Grid", Ken Birman
8
Summary of Results from Prometheus
Study





We decided to drill down on four primary
questions
QoS-enabled Publish/Subscribe Technologies
for Tactical Information Management
Scalable Fault- & Intrusion-Tolerance for Critical
GIG Services
Scalable Enterprise Service-Oriented
Architectures
Investigating a Unified Framework for
Demonstrating Policy Compliance
Results include a mix of prototypes, experiments, & analyses
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
9
Focus Area 1: QoS-enabled Publish/Subscribe
Technologies for Tactical Information Management
Coordination
Of Multiple UAVs
Feedback &
Control
Dynamic Mission
Replanning
Image Processing
& Tracking
"TRUST
and theCapstone
Global Information
DARPA
PCES
demo, April 14, ‘05, White Sands Missile Range
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
10
Focus Area 2: Scalable Fault- & IntrusionTolerance for Critical GIG Services
 Critical
GIG services must survive
failures & attacks
Application
Application
 An
intrusion-tolerant service is one
that continues to operate correctly
despite the corruption of some of its
components
–
“Intrusions” modeled as Byzantine
faults (arbitrary behavior)
 In
this focus area, we have studied
how to build fault- & intrusion-tolerant
services to be fault-scalable
–
Application
Application
Pub/Sub
Service
Application
i.e., service performance scales as
number of faults tolerated grows
Application
Application
Application
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
11
Focus Area 3: Scalable Enterprise
Service-Oriented Architectures



Goals
Enhance SOA platforms to support policy-driven enforcement of access to GIG
resources integrated across information, service, & transport
Enable ability to dynamically adjust SOA resource allocation mechanisms in
response to changing mission priorities, failures, attacks, etc.
COI level Connectivity,
Bandwidth, Priority
Enforcement
Satellite
Network
IA Policy-based
Routing
Protection of
Data-in-Transit
Service
Allocation &
Prioritization
Tactical
Network
Terrestrial IP
Network
Red LAN
Access Functions
Red LAN
Access Functions
GIG
SERVICE
Terrestrial
Circuit Network
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
12
AF-TRUST-GNC

Proposal focuses on three areas, roughly
corresponding to the ones identified by
Prometheus
–
–
–
Develop algorithms and software for scalable, realtime and fault-tolerance QoS
Investigate issues associated with very large scale
information assurance and security policy
management
Develop new technologies for scalable and secure
discovery, information architectures and mediation
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
13
Example questions



Can we bring build a new generation of time-critical
web service cluster solutions that combine timecritical update algorithms with mechanisms for
handling faults and load surges?
Suppose that a vast collection of firewalls and audit
mechanisms are controlled from an enormous
distributed database of policies. How can we
administer and update the policy databases without
accidental error?
Is it possible to somehow isolate legacy applications
while still enjoying the benefits of universal
connectivity and access available in Web Services?
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
14
Proposal?



We are proposing to create a TRUST Center focused
on the needs of Air Force and other military vendors
as the GIG/NCES rollout occurs
We have the breadth of talent and resources to make
this work and can exploit a “dream team” that unites
the top research groups in the country and focuses
them on AFRL priorities. AF-TRUST-GNC includes
some TRUST researchers but also some new faces
We suggest a structure parallel to that used by NSF in
the basic TRUST framework
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
15
Possible goal for 2006?

One option is to explore a similar structure
with Dept. of Treasury
–
–
–
Very likely to build on their eCavern project
Wide range of very exciting issues in areas such
as identity-theft, data mining to enforce riskmanagement, regulatory and security policies, data
replication and associated policy enforcement
Could exploit facilities right on Wall Street, where
both Cornell and CMU have offices in shared bldg
"TRUST and the Global Information
Grid", Ken Birman
TRUST, Washington, D.C. Meeting January 9–10, 2006
16