1

RSRS Architecture Study

Calton Pu and Doug BloughCERCS/Georgia Tech

2

RSRS Study Outline Model of self-regenerative systems

Analysis and meta-model based on feedback/reflection: (MLA) loop

Comparison of SRS projects (by area) Event-based core functional interfaces

Self-regenerative (MLA) functionality Area-specific functionality

Project-specific capabilities Synthesis and integration of interfaces

3

Self-Regeneration Meta-Model

Focus on self-regeneration process Based on feedback and reflection Monitor-Learning-Actuator (MLA) loop MLA loop appears in several system levels

Monitor Learning Actuator

4

Model ofBiologically-Inspired

Diversity

Biologically-InspiredDiversity Tools

(Genesis, Dawson)

Cognitive Immunity and Self-Healing

GSRGSR

5

Biologically-InspiredDiversity Tools

Cognitive Immunity and Self-Healing(Learn/Repair, Model-Based, AWDRAT, Cortex)

Reasoning About Insider Threats

ApplicationsApplications Granular, Scalable Redundancy

AttacksAtta

cks

Monitor Learning ActuatorBID

Model of Cognitive Immunity and Self-Healing

GSRGSRGSRGSR

6

Sensors & Sources

Model of Granular, Scalable Redundancy

Biologically-InspiredDiversity Tools

Reasoning About Insider Threats

Applications

Cognitive Immunity and Self-Healing

GSR

GSRGSR

GSR GSR

Sensors & Sources

Event Proc. (QuickSilver)

Granular, Scalable Redundancy Object Mgmt

(SAIIA, IITSR)

GSRGSR

GSR Communications(QuickSilver)

7

Model of Reasoning About Insider ThreatsReasoning About Insider Threats

(Detect & Prevent, Mitigate,Asbestos)

Cognitive Immunity and Self-Healing

GSRGSR

8

Biologically-InspiredDiversity Tool

(Genesis, Dawson)

Cognitive Immunity and Self-Healing Fabric(Learn/Repair, Model-Based, AWDRAT, Cortex)

Reasoning About Insider Threats

(Detect & Prevent, Mitigate)

ApplicationsApplications

Granular, Scalable,Redundancy

(SAIIA, IITSR, QuickSilver)

AttacksA

ttack

sAtta

cks

Monitor Learning Actuator

GSRGSR

RSRS Model Summary

9

Core Functional Interface Comparison by Area

Core functionality for each area Self-regenerative (MLA) functionality

Cognitive immunity and self-healing Reasoning about insider threats

Area-specific functionality Biologically-inspired diversity Granular, scalable redundancy

Project-specific capabilities

10

Biologically-Inspired Diversity Interfaces

Self-regeneration (MLA) functionality Test and evaluation environment

Area-specific functionality Create diverse representations of

programs in response to known and unknown attacks

Provide a “measure” of diversity (estimated degree of resistance to known attacks)

Project-specific functionality

11

Cognitive Immunity and Self-Healing Interfaces

Self-regeneration (MLA) functionality Monitor interface: evaluate the defensive

actions during attacks on applications Learning interface: match attacks and

defenses (diverse code generation tools) Regeneration Actuator interface: replace

vulnerable code Area-specific functionality Project-specific functionality

Learn/Repair: embedded data structure repair tools

12

Granular, Scalable Redundancy Interfaces

Self-regeneration (MLA) functionality Regeneration in multicast, gossip

protocols Area-specific functionality

Redundant communication services (pub/sub, multicast)

Redundant event processing Redundant object management services

Project-specific functionality

13

Reasoning About Insider Threats Interfaces

Self-regeneration (MLA) functionality Monitor interface: detect potential/actual

insider threats Learning interface: refine detection and

guide adaptive responses Regeneration Actuator interface:

implement adaptive policies in response Area-specific functionality Project-specific functionality

14

We Need Your Help Give comments and feedback on the

model and core functional interfaces If it doesn’t fit your project well

Provide concrete information on the functional interfaces of your project Core: Self-regeneration (MLA) interface

and area-specific interface Project-specific interfaces