AWDRAT: Architectural Differencing, Wrappers, Diagnosis, Recovery, Adaptivity and Trust Management

Abstract : This document is the final report for AWDRAT, an effort in the DARPA funded Self-Regenerative System (SRS) program conducted by MIT and Teknolwedge. AWDRAT stands for Architectural Differencing, Wrappers, Diagnosis, Recovery, Adaptivity, and Trust Management. AWDRAT is a framework that provides survivability services to legacy (or new) applications, It does so by modeling the intended behavior of the application, using wrappers to instrument the application system and using the information derived from the wrappers to detect deviations from the expected behavior. When the application failed to behave as expected, AWDRAT invokes diagnostic services to determine what resources might have been compromised and then updates its trust model to reflect the probabilities of compromised resources. Recovery efforts are guided by the trust model, steering the system away from possibly comprised resources. AWDRAT was shown in both Red-Team and internal experiments to detect and correct failures at a level exceeding the goals of the SRS program.

[1]  Jon Doyle,et al.  Agile monitoring for cyber defense , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[2]  Howard E Shrobe,et al.  Dependency Directed Reasoning for Complex Program Understanding , 1979 .

[3]  Amnon Naamad,et al.  Statemate: a working environment for the development of complex reactive systems , 1988, ICSE '88.

[4]  Paul Robertson,et al.  A self adaptive architecture for image understanding , 2001 .

[5]  P. Pandurang Nayak,et al.  Efficient enumeration of instantiations in Bayesian networks , 1996, UAI.

[6]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[7]  Robert Balzer,et al.  The ISI visual design editor generator , 1999, Proceedings 1999 IEEE Symposium on Visual Languages.

[8]  Robert Laddaga,et al.  Self-Adaptive Software , 2001, Lecture Notes in Computer Science.

[9]  Howard E. Shrobe,et al.  Initial Report on a Lisp Programmer's Apprentice , 1978, IEEE Transactions on Software Engineering.

[10]  R. M. Balzer,et al.  Mediating connectors , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems. Workshops on Electronic Commerce and Web-based Applications. Middleware.

[11]  Robert Laddaga,et al.  Probabilistic Dispatch, Dynamic Domain Architecture, and Self-adaptive Software , 2001, IWSAS.

[12]  David S. Wile,et al.  Towards a calculus for abstract syntax trees , 1997, Algorithmic Languages and Calculi.

[13]  R. M. Balzer,et al.  Mediating connectors: a non-bypassable process wrapping technology , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[14]  Charles Rich Inspection methods in programming , 1980 .

[15]  Howard E. Shrobe,et al.  Model-Based Diagnosis for Information Survivability , 2001, IWSAS.

[16]  Sonya E. Keene,et al.  Object-oriented programming in COMMON LISP - a programmer's guide to CLOS , 1989 .

[17]  Alexander Egyed,et al.  Unfriendly COTS integration - instrumentation and interfaces for improved plugability , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[18]  Randall Davis,et al.  Model-based reasoning: troubleshooting , 1988 .

[19]  Jeff Magee,et al.  Dynamic structure in software architectures , 1996, SIGSOFT '96.

[20]  Randall Davis,et al.  Diagnostic Reasoning Based on Structure and Behavior , 1984, Artif. Intell..

[21]  Robert Balzer,et al.  Document integrity through mediated interfaces , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[22]  Brian C. Williams,et al.  Diagnosing Multiple Faults , 1987, Artif. Intell..

[23]  Alexander Egyed,et al.  Statechart simulator for modeling architectural dynamics , 2001, Proceedings Working IEEE/IFIP Conference on Software Architecture.

[24]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[25]  Neil M. Goldman Smiley - an interactive tool for monitoring inter-module function calls , 2000, Proceedings IWPC 2000. 8th International Workshop on Program Comprehension.

[26]  David Harel,et al.  Executable object modeling with statecharts , 1997, Computer.

[27]  Rand Waltzman,et al.  The role of suspicion in model-based intrusion detection , 2004, NSPW '04.

[28]  Robert Laddaga,et al.  Self-Adaptive Software: Applications , 2003, Lecture Notes in Computer Science.

[29]  Howard E. Shrobe,et al.  Computational vulnerability analysis for information survivability , 2002, AI Mag..

[30]  I. Kohane,et al.  Event Recognition Beyond Signature and Anomaly , 2001 .

[31]  David S. Wile,et al.  Supporting the DSL Spectrum , 2001 .