Abstract
A distributed application can be given increased resistance to certain types of malicious behavior, even when the environment in which it is operating contains untrustworthy elements. Recent trends in protecting applications use operating systems as only the first layer of security, anticipating that this layer may be breached. Another layer is added to react to and repair the damage done by intruders that succeed in breaching the first layer. A promising approach to designing the second layer of protection uses adaptive middleware to enable agile behavior and to coordinate protective responses across the distributed system, even in resource-depleted environments. This new approach to protection complements more traditional approaches — in which only one layer of security is used — by hardening critical components at multiple system levels. When integrated effectively, this multi-level approach makes it harder for intruders to corrupt or disable distributed systems and applications.
This paper presents three contributions to the study of protecting distributed applications against malicious behavior. First, we describe the key ideas and technologies behind the emerging multi-level approach to protecting distributed applications. Second, we explain how these ideas relate to security engineering in general. Finally, we report recent results in evaluating a collection of technologies that implement this approach. These results reinforce the premise that an adaptive middleware approach to increasing survival time and enabling applications to operate through attacks is feasible, though much additional research remains to be done.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35696-9_19
Chapter PDF
Similar content being viewed by others
Keywords
References
J.P. Anderson. Computer Security Technology Planning Study. Technical Report ESD-TR-73–51, vols I and II, AD-758 206, USAF Electronic Systems Division, October 1972.
M. Barborak, M. Malek, and A. Dahbura. The Consensus Problem in Fault-Tolerant Computing. ACM Comp. Sury, 25 (2), 1993.
S. Blake et al. An Architecture for Differentiated Services. Technical Report RFC 2475, Internet Engineering Task Force, http://ietf.org/rfc/, December 1998.
F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, and M. Stal. Pattern-Oriented Software Architecture — A System of Patterns. Wiley and Sons, New York, 1996.
M. Cukier et al. AQuA: An Adaptive Architecture that Provides Dependable Distributed Objects. In IEEE Symp. Reliable Distributed Syst., pages 245–253, October 1998.
B.S. Doerr et al. Adaptive Scheduling for Real-Time Embedded Information Systems. In Proc. 18th IEEE/AIAA Digital Avionics Syst. Conf, 1999.
T. Harrison, D. Levine, and D. Schmidt. The Design and Performance of a Real-Time (CORBA) Event Service. In ACM Conf Object-Oriented Prog., Syst., Lang., and Applications, October 1997.
M. Hayden. The Ensemble System. Technical Report 1662, Cornell Univ., January 1998.
S. Kent. On the Trail of Intrusions into Information Systems. IEEE Spectrum, December 2000.
G. Kim, and E. Spafford. The Design and Implementation of Tripwire: A Filesystem Integrity Checker. In Proc. 2nd ACM Conf. Computer and Communications Security, 1994.
J.L. Loyall et al. Comparing and Contrasting Adaptive Middleware Support in Wide-Area and Embedded Distributed Object Applications. In Int’l Conf. Distributed Comp. Syst., April 2001.
J.P. Loyall et al. Building Adaptive and Agile Applications Using Intrusion Detection and Response. In Proc. ISOC Network and Distributed Systems Security Conf, February 2000.
J.P. Loyall, R.E. Schantz, J.A. Zinky, and D.E. Bakken. Specifying and Measuring Quality of Service in Distributed Object Systems. In IEEE Int’l Symp. Object-Oriented Real-Time Distributed Comp.,April 1998. Kyoto, Japan.
Malicious-and Accidental- Fault Tolerance for Internet Applications. http://maftia.org. IST Programme RTD Research Project IST-199911583.
P.G. Neumann, and P.A. Porras. Experience with EMERALD to Date. In Proc. 1st Usenix Workshop on Intrusion Detection and Network Monitoring, April 1999.
Organically Assured and Survivable Information Systems. http://www.tolerantsystems.org. DARPA.
Object Management Group. Fault–Tolerant CORBA Using Entity Redundancy RFP,1998. OMG document orbos/98–04–01.
Object Management Group. Real–Time CORBA Joint Revised Submission,1999. OMG document orbos/99–02–12.
Object Management Group. The Common Object Request Broker: Architecture and Specification,2.6 edition, December 2001.
Partha P. Pal et al. Open Implementation Toolkit for Building Survivable Applications. In DARPA Info. Survivability Conf and Expo., January 2000.
Y. (J.) Ren et al. Passive Replication Schemes in Aqua. In Proc. Pacific Rim Int’l Symp. Dependable Computing (PRDC), December 2002. Tsukuba, Japan.
C. Sabnis et al. Proteus: A Flexible Infrastructure to Implement Adaptive Fault Tolerance in AQuA. In Proc. 7th IFIP Working Conf. on Dependable Computing for Critical Applications, pages 137–156, January 1999.
R. Schantz, and D. Schmidt. Research Advances in Middleware for Distributed Systems. In World Computer Congress, August 2002.
R.E. Schantz et al. An Object-Level Gateway Supporting Integrated-Property Quality of Service. In IEEE Int’l Symp. Object-Oriented Real-Time Distributed Comp., May 1999.
R.E. Schantz, and D.C. Schmidt. Middleware for Distributed Systems: Evolving the Common Structure for Network-Centric Applications. In John Marciniak and George Telecki, editors, Encyclopedia of Software Engineering. Wiley, and Sons, New York, 2001.
D.C. Schmidt et al. Software Architectures for Reducing Priority Inversion and Non-Determinism in Real-Time Object Request Brokers. J. Real-Time Syst., 2000.
B. Schneier. Applied Cryptography. John Wiley, and Sons, 1996.
D. Sterne et al. Scalable Access Control for Distributed Object Systems. In 8th Usenix Security Symposium, August 1999.
US Department of Defense. Trusted Computer System Evaluation Criteria (Orange Book),December 1985. DoD 5200.28-STD.
R. Vanegas et al. QuO’s Runtime Support for Quality of Service in Distributed Objects. Proc. Middleware 98, the IFIP Int’l Conf on Distributed Systems Platform and Open Distributed Processing, September 1998.
T.L. Wu et al. Securing QoS: Threats to RSVP Messages and their Countermeasures. In Int’l Workshop on Quality of Service, June 1999.
L. Zhang et al. RSVP: A New Resource ReSerVation Protocol. IEEE Network, September 1993.
J.A. Zinky, D.E. Bakken, and R.E. Schantz. Architectural Support for Quality of Service for CORBA Objects. Theory and Practice of Object Systems, 1 (3): 55–73, April 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Schantz, R.E., Webber, F., Pal, P., Loyall, J., Schmidt, D.C. (2003). Protecting Applications Against Malice Using Adaptive Middleware. In: Nardelli, E., Posadziejewski, S., Talamo, M. (eds) Certification and Security in E-Services. IFIP WCC TC11 2002. IFIP — The International Federation for Information Processing, vol 127. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35696-9_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-35696-9_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-4737-9
Online ISBN: 978-0-387-35696-9
eBook Packages: Springer Book Archive