Declarative Platform for Secure and Robust System Code Generation - Cyber

Abstract

This project proposes the design and implementation of a declarative platform that provides a software development environment that enhances the robustness and security properties generated code, through declarative programming techniques, in combination with formal verification techniques, and high-performance big data analytics for real-time performance and security monitoring. The proposed platform builds upon prior work on declarative networking and Scalanytics. Declarative networking provides a domain specific language that allows network operators to specify their network protocols and policies with orders of magnitude reduction in code sizes. Scalanytics (stands for Scalable Analytics) is a declarative platform that supports high performance scalable analytics platform. Scalanytics can be deployed side-by-side with existing routers and physical sensors, and parallelized using a cluster of inexpensive multicore machines. Using the above technologies as a basis, the proposal tackles the following: • Automatic generation of secure and robust code. Adapt prior work on declarative networking in security protocols to specify and implement distributed systems that have strong security guarantees. • Formal specifications/implementation analysis for performance and security requirements. Declarative networking programs will be automatically synthesized from high-level user policies and examples. These programs are then verified for security requirements using theorem provers and model checking techniques. Distributed constraint solving techniques will be used to enforce performance guarantees. • Late-stage software customization. Software-defined networking technologies are used to dynamically inject declarative networking policies into network routers and cloud orchestration engines, to dynamically allocate resources and steer traffic around congested points in the network, in order to block out or rate-limited bad or unwanted traffic. Declarative networking programs will be dynamically modified at runtime, and executed after verification, in order to support late-stage software customization. • Monitoring infrastructure. Using Scalanytics as a basis, data collection is carried out across a wide spectrum of physical and software sensors in a distributed environment. These can include sensors on hardware devices, routers, machines, application performance, etc. The goal is to collect sensor data across the entire system stack, from low level physical sensors, up to application-level metrics. Scalanytics uses a high-performance in-memory store, and continuous queries to enable efficient data collection at massive scale. Machine learning techniques parallelized by Scalanytics are used to perform distributed anomaly detection of possible cyberattacks. • Real-time mitigation of attacks. Using existing cloud orchestration engine, data center controllers, and software-defined networking (SDN) controllers, declarative policies are used to customize mitigation policies to meet fault tolerance requirements. These mitigation actions can include routing network traffic around routers under attack, or migrating virtual machines from unsafe to safe zones for further operations.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 12, 2016

Source ID

N000141512654

Entities

Tags