(original) (raw)

%!PS-Adobe-3.0 EPSF-2.0 %%Creator: Windows PSCRIPT %%Title: Microsoft Word - TRAT2.DOC %%BoundingBox: 18 19 593 774 %%DocumentNeededResources: (atend) %%DocumentSuppliedResources: (atend) %%Pages: 0 %%BeginResource: procset Win35Dict 3 1 /Win35Dict 290 dict def Win35Dict begin/bd{bind def}bind def/in{72 mul}bd/ed{exch def}bd/ld{load def}bd/tr/translate ld/gs/gsave ld/gr /grestore ld/M/moveto ld/L/lineto ld/rmt/rmoveto ld/rlt/rlineto ld /rct/rcurveto ld/st/stroke ld/n/newpath ld/sm/setmatrix ld/cm/currentmatrix ld/cp/closepath ld/ARC/arcn ld/TR{65536 div}bd/lj/setlinejoin ld/lc /setlinecap ld/ml/setmiterlimit ld/sl/setlinewidth ld/scignore false def/sc{scignore{pop pop pop}{0 index 2 index eq 2 index 4 index eq and{pop pop 255 div setgray}{3{255 div 3 1 roll}repeat setrgbcolor}ifelse}ifelse}bd /FC{bR bG bB sc}bd/fC{/bB ed/bG ed/bR ed}bd/HC{hR hG hB sc}bd/hC{ /hB ed/hG ed/hR ed}bd/PC{pR pG pB sc}bd/pC{/pB ed/pG ed/pR ed}bd/sM matrix def/PenW 1 def/iPen 5 def/mxF matrix def/mxE matrix def/mxUE matrix def/mxUF matrix def/fBE false def/iDevRes 72 0 matrix defaultmatrix dtransform dup mul exch dup mul add sqrt def/fPP false def/SS{fPP{ /SV save def}{gs}ifelse}bd/RS{fPP{SV restore}{gr}ifelse}bd/EJ{gsave showpage grestore}bd/#C{userdict begin/#copies ed end}bd/FEbuf 2 string def/FEglyph(G )def/FE{1 exch{dup 16 FEbuf cvrs FEglyph exch 1 exch putinterval 1 index exch FEglyph cvn put}for}bd/SM{/iRes ed/cyP ed /cxPg ed/cyM ed/cxM ed 72 100 div dup scale dup 0 ne{90 eq{cyM exch 0 eq{cxM exch tr -90 rotate -1 1 scale}{cxM cxPg add exch tr +90 rotate}ifelse}{cyP cyM sub exch 0 ne{cxM exch tr -90 rotate}{cxM cxPg add exch tr -90 rotate 1 -1 scale}ifelse}ifelse}{pop cyP cyM sub exch 0 ne{cxM cxPg add exch tr 180 rotate}{cxM exch tr 1 -1 scale}ifelse}ifelse 100 iRes div dup scale 0 0 transform .25 add round .25 sub exch .25 add round .25 sub exch itransform translate}bd/SJ{1 index 0 eq{pop pop/fBE false def}{1 index/Break ed div/dxBreak ed/fBE true def}ifelse}bd/ANSIVec[ 16#0/grave 16#1/acute 16#2/circumflex 16#3/tilde 16#4/macron 16#5/breve 16#6/dotaccent 16#7/dieresis 16#8/ring 16#9/cedilla 16#A/hungarumlaut 16#B/ogonek 16#C/caron 16#D/dotlessi 16#27/quotesingle 16#60/grave 16#7C/bar 16#82/quotesinglbase 16#83/florin 16#84/quotedblbase 16#85 /ellipsis 16#86/dagger 16#87/daggerdbl 16#88/circumflex 16#89/perthousand 16#8A/Scaron 16#8B/guilsinglleft 16#8C/OE 16#91/quoteleft 16#92/quoteright 16#93/quotedblleft 16#94/quotedblright 16#95/bullet 16#96/endash 16#97 /emdash 16#98/tilde 16#99/trademark 16#9A/scaron 16#9B/guilsinglright 16#9C/oe 16#9F/Ydieresis 16#A0/space 16#A1/exclamdown 16#A4/currency 16#A5/yen 16#A6/brokenbar 16#A7/section 16#A8/dieresis 16#A9/copyright 16#AA/ordfeminine 16#AB/guillemotleft 16#AC/logicalnot 16#AD/hyphen 16#AE/registered 16#AF/macron 16#B0/degree 16#B1/plusminus 16#B2/twosuperior 16#B3/threesuperior 16#B4/acute 16#B5/mu 16#B6/paragraph 16#B7/periodcentered 16#B8/cedilla 16#B9/onesuperior 16#BA/ordmasculine 16#BB/guillemotright 16#BC/onequarter 16#BD/onehalf 16#BE/threequarters 16#BF/questiondown 16#C0/Agrave 16#C1/Aacute 16#C2/Acircumflex 16#C3/Atilde 16#C4/Adieresis 16#C5/Aring 16#C6/AE 16#C7/Ccedilla 16#C8/Egrave 16#C9/Eacute 16#CA /Ecircumflex 16#CB/Edieresis 16#CC/Igrave 16#CD/Iacute 16#CE/Icircumflex 16#CF/Idieresis 16#D0/Eth 16#D1/Ntilde 16#D2/Ograve 16#D3/Oacute 16#D4 /Ocircumflex 16#D5/Otilde 16#D6/Odieresis 16#D7/multiply 16#D8/Oslash 16#D9/Ugrave 16#DA/Uacute 16#DB/Ucircumflex 16#DC/Udieresis 16#DD/Yacute 16#DE/Thorn 16#DF/germandbls 16#E0/agrave 16#E1/aacute 16#E2/acircumflex 16#E3/atilde 16#E4/adieresis 16#E5/aring 16#E6/ae 16#E7/ccedilla 16#E8 /egrave 16#E9/eacute 16#EA/ecircumflex 16#EB/edieresis 16#EC/igrave 16#ED/iacute 16#EE/icircumflex 16#EF/idieresis 16#F0/eth 16#F1/ntilde 16#F2/ograve 16#F3/oacute 16#F4/ocircumflex 16#F5/otilde 16#F6/odieresis 16#F7/divide 16#F8/oslash 16#F9/ugrave 16#FA/uacute 16#FB/ucircumflex 16#FC/udieresis 16#FD/yacute 16#FE/thorn 16#FF/ydieresis ] def/reencdict 12 dict def/IsChar{basefontdict/CharStrings get exch known}bd/MapCh{dup IsChar not{pop/bullet}if newfont/Encoding get 3 1 roll put}bd/MapDegree{16#b0 /degree IsChar{/degree}{/ring}ifelse MapCh}bd/MapBB{16#a6/brokenbar IsChar{/brokenbar}{/bar}ifelse MapCh}bd/ANSIFont{reencdict begin/newfontname ed/basefontname ed FontDirectory newfontname known not{/basefontdict basefontname findfont def/newfont basefontdict maxlength dict def basefontdict{exch dup/FID ne{dup/Encoding eq{exch dup length array copy newfont 3 1 roll put}{exch newfont 3 1 roll put}ifelse}{pop pop}ifelse}forall newfont /FontName newfontname put 127 1 159{newfont/Encoding get exch/bullet put}for ANSIVec aload pop ANSIVec length 2 idiv{MapCh}repeat MapDegree MapBB newfontname newfont definefont pop}if newfontname end}bd/SB{FC /ULlen ed/str ed str length fBE not{dup 1 gt{1 sub}if}if/cbStr ed /dxGdi ed/y0 ed/x0 ed str stringwidth dup 0 ne{/y1 ed/x1 ed y1 y1 mul x1 x1 mul add sqrt dxGdi exch div 1 sub dup x1 mul cbStr div exch y1 mul cbStr div}{exch abs neg dxGdi add cbStr div exch}ifelse/dyExtra ed/dxExtra ed x0 y0 M fBE{dxBreak 0 BCh dxExtra dyExtra str awidthshow}{dxExtra dyExtra str ashow}ifelse fUL{x0 y0 M dxUL dyUL rmt ULlen fBE{Break add}if 0 mxUE transform gs rlt cyUL sl [] 0 setdash st gr}if fSO{x0 y0 M dxSO dySO rmt ULlen fBE{Break add}if 0 mxUE transform gs rlt cyUL sl [] 0 setdash st gr}if n/fBE false def}bd/font{/name ed/Ascent ed 0 ne/fT3 ed 0 ne/fSO ed 0 ne/fUL ed/Sy ed/Sx ed 10.0 div/ori ed -10.0 div/esc ed/BCh ed name findfont/xAscent 0 def/yAscent Ascent def/ULesc esc def ULesc mxUE rotate pop fT3{/esc 0 def xAscent yAscent mxUE transform /yAscent ed/xAscent ed}if [Sx 0 0 Sy neg xAscent yAscent] esc mxE rotate mxF concatmatrix makefont setfont [Sx 0 0 Sy neg 0 Ascent] mxUE mxUF concatmatrix pop fUL{currentfont dup/FontInfo get/UnderlinePosition known not{pop/Courier findfont}if/FontInfo get/UnderlinePosition get 1000 div 0 exch mxUF transform/dyUL ed/dxUL ed}if fSO{0 .3 mxUF transform /dySO ed/dxSO ed}if fUL fSO or{currentfont dup/FontInfo get/UnderlineThickness known not{pop/Courier findfont}if/FontInfo get/UnderlineThickness get 1000 div Sy mul/cyUL ed}if}bd/min{2 copy gt{exch}if pop}bd/max{2 copy lt{exch}if pop}bd/CP{/ft ed{{ft 0 eq{clip}{eoclip}ifelse}stopped{currentflat 1 add setflat}{exit}ifelse}loop}bd/patfont 10 dict def patfont begin /FontType 3 def/FontMatrix [1 0 0 -1 0 0] def/FontBBox [0 0 16 16] def/Encoding StandardEncoding def/BuildChar{pop pop 16 0 0 0 16 16 setcachedevice 16 16 false [1 0 0 1 .25 .25]{pat}imagemask}bd end/p{ /pat 32 string def{}forall 0 1 7{dup 2 mul pat exch 3 index put dup 2 mul 1 add pat exch 3 index put dup 2 mul 16 add pat exch 3 index put 2 mul 17 add pat exch 2 index put pop}for}bd/pfill{/PatFont patfont definefont setfont/ch(AAAA)def X0 64 X1{Y1 -16 Y0{1 index exch M ch show}for pop}for}bd/vert{X0 w X1{dup Y0 M Y1 L st}for}bd/horz{Y0 w Y1{dup X0 exch M X1 exch L st}for}bd/fdiag{X0 w X1{Y0 M X1 X0 sub dup rlt st}for Y0 w Y1{X0 exch M Y1 Y0 sub dup rlt st}for}bd/bdiag{X0 w X1{Y1 M X1 X0 sub dup neg rlt st}for Y0 w Y1{X0 exch M Y1 Y0 sub dup neg rlt st}for}bd/AU{1 add cvi 15 or}bd/AD{1 sub cvi -16 and}bd/SHR{pathbbox AU/Y1 ed AU/X1 ed AD/Y0 ed AD/X0 ed}bd/hfill{/w iRes 37.5 div round def 0.1 sl [] 0 setdash n dup 0 eq{horz}if dup 1 eq{vert}if dup 2 eq{fdiag}if dup 3 eq{bdiag}if dup 4 eq{horz vert}if 5 eq{fdiag bdiag}if}bd/F{/ft ed fm 256 and 0 ne{gs FC ft 0 eq{fill}{eofill}ifelse gr}if fm 1536 and 0 ne{SHR gs HC ft CP fm 1024 and 0 ne{/Tmp save def pfill Tmp restore}{fm 15 and hfill}ifelse gr}if}bd/S{PenW sl PC st}bd/m matrix def/GW{iRes 12 div PenW add cvi}bd/DoW{iRes 50 div PenW add cvi}bd/DW{iRes 8 div PenW add cvi}bd/SP{/PenW ed/iPen ed iPen 0 eq iPen 6 eq or{[] 0 setdash}if iPen 1 eq{[DW GW] 0 setdash}if iPen 2 eq{[DoW GW] 0 setdash}if iPen 3 eq{[DW GW DoW GW] 0 setdash}if iPen 4 eq{[DW GW DoW GW DoW GW] 0 setdash}if}bd/E{m cm pop tr scale 1 0 moveto 0 0 1 0 360 arc cp m sm}bd /AG{/sy ed/sx ed sx div 4 1 roll sy div 4 1 roll sx div 4 1 roll sy div 4 1 roll atan/a2 ed atan/a1 ed sx sy scale a1 a2 ARC}def/A{m cm pop tr AG m sm}def/P{m cm pop tr 0 0 M AG cp m sm}def/RRect{n 4 copy M 3 1 roll exch L 4 2 roll L L cp}bd/RRCC{/r ed/y1 ed/x1 ed/y0 ed/x0 ed x0 x1 add 2 div y0 M x1 y0 x1 y1 r arcto 4{pop}repeat x1 y1 x0 y1 r arcto 4{pop}repeat x0 y1 x0 y0 r arcto 4{pop}repeat x0 y0 x1 y0 r arcto 4{pop}repeat cp}bd/RR{2 copy 0 eq exch 0 eq or{pop pop RRect}{2 copy eq{pop RRCC}{m cm pop/y2 ed/x2 ed/ys y2 x2 div 1 max def/xs x2 y2 div 1 max def/y1 exch ys div def/x1 exch xs div def/y0 exch ys div def/x0 exch xs div def/r2 x2 y2 min def xs ys scale x0 x1 add 2 div y0 M x1 y0 x1 y1 r2 arcto 4{pop}repeat x1 y1 x0 y1 r2 arcto 4{pop}repeat x0 y1 x0 y0 r2 arcto 4{pop}repeat x0 y0 x1 y0 r2 arcto 4{pop}repeat m sm cp}ifelse}ifelse}bd/PP{{rlt}repeat}bd/OB{gs 0 ne{7 3 roll/y ed /x ed x y translate ULesc rotate x neg y neg translate x y 7 -3 roll}if sc B fill gr}bd/B{M/dy ed/dx ed dx 0 rlt 0 dy rlt dx neg 0 rlt cp}bd /CB{B clip n}bd/ErrHandler{errordict dup maxlength exch length gt dup{errordict begin}if/errhelpdict 12 dict def errhelpdict begin/stackunderflow(operand stack underflow)def /undefined(this name is not defined in a dictionary)def/VMerror(you have used up all the printer's memory)def /typecheck(operator was expecting a different type of operand)def /ioerror(input/output error occured)def end{end}if errordict begin /handleerror{$error begin newerror{/newerror false def showpage 72 72 scale/x .25 def/y 9.6 def/Helvetica findfont .2 scalefont setfont x y moveto(Offending Command = )show/command load{dup type/stringtype ne{(max err string)cvs}if show}exec/y y .2 sub def x y moveto(Error = )show errorname{dup type dup( max err string )cvs show( : )show/stringtype ne{( max err string )cvs}if show}exec errordict begin errhelpdict errorname known{x 1 add y .2 sub moveto errhelpdict errorname get show}if end /y y .4 sub def x y moveto(Stack =)show ostack{/y y .2 sub def x 1 add y moveto dup type/stringtype ne{( max err string )cvs}if show}forall showpage}if end}def end}bd end %%EndResource /SVDoc save def %%EndProlog %%BeginSetup Win35Dict begin ErrHandler %%EndSetup SS 0 0 25 25 798 1100 300 SM 32 0 0 42 42 0 0 0 38 /Helvetica /font12 ANSIFont font 0 0 0 fC gs 23 48 2077 3027 CB 2077 3028 23 (1) 23 SB gr 32 0 0 50 50 0 0 0 46 /Times-Bold /font29 ANSIFont font 846 286 708 (Section.??.?. Technical Rationale) 708 SB 300 404 1355 (Secure/Survivable Distributed Execution Environment Concept) 1355 SB 32 0 0 50 50 0 0 0 45 /Times-Roman /font32 ANSIFont font 300 522 1737 (Our approach to implementing dynamic instantiation of virtual enclaves based on global) 1737 SB 300 581 1732 (security policy and QoS \(QoS\) metrics \(e.g. performance, dependability, dynamic route) 1732 SB 300 640 1681 (costs, etc.\), in a network and operating system independent fashion, based on overall) 1681 SB 300 699 1579 (security policy, depends on a stepwise integration and refinement of several key) 1579 SB 300 758 1638 (technologies applied against stressing programs e.g. AEGIS and SC-21 \(shipboard) 1638 SB 300 817 1688 (applications\), LAMPS \(littoral warfare application\) and CORPS SAM \(global mobile) 1688 SB 300 876 1766 (application\). The table below summarizes the key technologies that will contribute to our) 1766 SB 300 935 1681 (Secure/Survivable Distributed Execution Environment Concept. The paragraphs that) 1681 SB 300 994 1644 (follow will better describe the problems we are trying to solve and our approach to) 1644 SB 300 1053 617 (deriving an integrated solution.) 617 SB 0 0 0 fC /fm 256 def 5 5 274 1169 B 1 F n /fm 256 def 5 5 274 1169 B 1 F n /fm 256 def 448 5 280 1169 B 1 F n /fm 256 def 5 5 729 1169 B 1 F n /fm 256 def 1658 5 735 1169 B 1 F n /fm 256 def 5 58 274 1175 B 1 F n /fm 256 def 2 58 729 1175 B 1 F n gs 449 65 280 1169 CB 300 1177 394 (Contributing Group) 394 SB gr /fm 256 def 393 1 300 1227 B 1 F n gs 1662 65 732 1169 CB 754 1177 328 (Key Technology) 328 SB gr /fm 256 def 327 1 754 1227 B 1 F n /fm 256 def 5 2 274 1234 B 1 F n /fm 256 def 448 2 280 1234 B 1 F n /fm 256 def 2 2 729 1234 B 1 F n /fm 256 def 1661 2 732 1234 B 1 F n /fm 256 def 5 176 274 1237 B 1 F n /fm 256 def 2 176 729 1237 B 1 F n gs 449 62 280 1234 CB 300 1239 279 (Sanders/MSU) 279 SB gr gs 1662 62 732 1234 CB 754 1239 1558 (Applied SHARE and HPSC technologies, dynamic routing, dynamic discovery) 1558 SB gr gs 1662 62 732 1293 CB 754 1298 1640 (based on capability, network/OS independent secure message passing and message) 1640 SB gr gs 1662 62 732 1352 CB 754 1357 1072 (passing parallel interface and high speed cryptography) 1072 SB gr /fm 256 def 5 2 274 1414 B 1 F n /fm 256 def 448 2 280 1414 B 1 F n /fm 256 def 2 2 729 1414 B 1 F n /fm 256 def 1661 2 732 1414 B 1 F n /fm 256 def 5 176 274 1417 B 1 F n /fm 256 def 2 176 729 1417 B 1 F n gs 449 62 280 1414 CB 300 1419 405 (LMT/V-ONE/UMD) 405 SB gr gs 1662 62 732 1414 CB 754 1419 1552 (Dynamic security policy and dynamic application handling support, high speed) 1552 SB gr gs 1662 62 732 1473 CB 754 1478 1635 (authentication, addition of secure association in network object broker \(please add) 1635 SB gr gs 1662 62 732 1532 CB 754 1537 414 (to this list - Andrew\)) 414 SB gr /fm 256 def 5 2 274 1594 B 1 F n /fm 256 def 448 2 280 1594 B 1 F n /fm 256 def 2 2 729 1594 B 1 F n /fm 256 def 1661 2 732 1594 B 1 F n /fm 256 def 5 117 274 1597 B 1 F n /fm 256 def 2 117 729 1597 B 1 F n gs 449 62 280 1594 CB 300 1599 172 (Stanford) 172 SB gr gs 1662 62 732 1594 CB 754 1599 1612 (Expansion of security mediator concept to share secure messages in a network of) 1612 SB gr gs 1662 62 732 1653 CB 754 1658 296 (this proportion) 296 SB gr /fm 256 def 5 2 274 1715 B 1 F n /fm 256 def 448 2 280 1715 B 1 F n /fm 256 def 2 2 729 1715 B 1 F n /fm 256 def 1661 2 732 1715 B 1 F n /fm 256 def 5 235 274 1718 B 1 F n /fm 256 def 2 235 729 1718 B 1 F n gs 449 62 280 1715 CB 300 1720 259 (Northeastern) 259 SB gr gs 1662 62 732 1715 CB 754 1720 1472 (High speed, large, time-dependent behavioral simulation, QoS metrics and) 1472 SB gr gs 1662 62 732 1774 CB 754 1779 1425 (application-negotiated trade-off control based on QoS metrics, adaptive) 1425 SB gr gs 1662 62 732 1833 CB 754 1838 1581 (programming, real-time resource management based on improved network time) 1581 SB gr gs 1662 62 732 1892 CB 754 1897 697 (synchronization and fault-tolerance) 697 SB gr /fm 256 def 5 2 274 1954 B 1 F n /fm 256 def 448 2 280 1954 B 1 F n /fm 256 def 2 2 729 1954 B 1 F n /fm 256 def 1661 2 732 1954 B 1 F n /fm 256 def 5 117 274 1957 B 1 F n /fm 256 def 5 5 274 2075 B 1 F n /fm 256 def 5 5 274 2075 B 1 F n /fm 256 def 448 5 280 2075 B 1 F n /fm 256 def 2 117 729 1957 B 1 F n /fm 256 def 5 5 729 2075 B 1 F n /fm 256 def 1658 5 735 2075 B 1 F n gs 449 62 280 1954 CB 300 1959 81 (IDS) 81 SB gr gs 1662 62 732 1954 CB 754 1959 1577 (Incorporation of next generation improvements to application control of group) 1577 SB gr gs 1662 62 732 2013 CB 754 2018 636 (level message passing into ISIS.) 636 SB gr 300 2142 1709 (The current state-of-the-art in secure distributed systems is that a physical system area) 1709 SB 300 2201 1325 (networks \(SANs\) is associated with a singular level of security and) 1325 SB 300 2260 1703 (authentication/encryption/decryption is performed on packets that move from SAN to) 1703 SB 300 2319 1661 (SAN. Dynamically instantiated virtual enclaves mandate association of nodes within) 1661 SB 300 2378 1683 (different SANs to form a enclave that can be associated with a security level and that) 1683 SB 300 2437 1741 (enclave members can change with time. Furthermore, one needs, locally at each node to) 1741 SB 300 2496 1654 (have the ability to negotiate/process a wide variety of policies, to have the ability to) 1654 SB 300 2555 1267 (interoperate, compose and dynamically discover security policy.) 1267 SB 300 2673 1622 (The security policies of particular network environments/dynamically instantiated) 1622 SB 300 2732 1550 (enclaves do not always integrate and interface with easy to administer security) 1550 SB 300 2791 1688 (hardware/software applications. Most security policies inherently provide difficult or) 1688 SB 300 2850 1749 (cumbersome interfaces for users trying to access Trusted/Secure network environments.) 1749 SB EJ RS %%PageTrailer SS 0 0 25 25 798 1100 300 SM 32 0 0 42 42 0 0 0 38 /Helvetica /font12 ANSIFont font 0 0 0 fC gs 23 48 2077 3027 CB 2077 3028 23 (2) 23 SB gr 32 0 0 50 50 0 0 0 45 /Times-Roman /font32 ANSIFont font 300 227 1765 (Furthermore, desktop security applications are hard to implement and administer without) 1765 SB 300 286 1623 (supervision from a network engineer or systems administrator. In particular users) 1623 SB 300 345 1686 (requiring access to trusted/secure enclaves vary from project to project and therefore) 1686 SB 300 404 1706 (dynamical change security requirements for access to networks and particular services) 1706 SB 300 463 1683 (and servers. {action - back fit Gios research contributions. Given a secure system, he) 1683 SB 300 522 1665 (permits virtual sharing of messages in a way consistentent with our dynamic enclave) 1665 SB 300 581 206 (concept. }) 206 SB 300 699 1630 (We will integrate a seamless way of registering users over an "Intranet" or "Inter-) 1630 SB 300 758 1789 (networking" environment, allowing for the integration of {Fortezza/SmartCard} tokens to) 1789 SB 300 817 1689 (mutually authenticate client/server applications and allow for the encryption and non-) 1689 SB 300 876 1594 (repudiation of the communications between trusted and untrusted environments.) 1594 SB 300 935 1768 (Integrated in this revolutionary approach is the ability to predetermine the entitlements of) 1768 SB 300 994 1732 (trusted users to particular services/servers, IP addresses, objects, ports or in the case of) 1732 SB 300 1053 1494 (web services, particular URL pages. \(Fine Grain Access Control\) Dynamic) 1494 SB 300 1112 1504 (Reconfiguration provides a transparent means of verifying a users privileges) 1504 SB 300 1171 1748 (in a trusted/secure networking environment and provides the System administrator web-) 1748 SB 300 1230 1723 (based tools to edit or delete entitlements on a daily basis without any interface with the) 1723 SB 300 1289 1730 (client application at the desk-top. These administrative tasks can be performed securely) 1730 SB 300 1348 1713 (with encryption and token based mutual authentication from any location in the world.) 1713 SB 300 1466 1663 (Another limitation to network security is that security policies implemented by most) 1663 SB 300 1525 1715 (operating systems and network protocols are inflexible and do not address application) 1715 SB 300 1584 1766 (level security requirements. The operating system provides no assistance in implementing) 1766 SB 300 1643 1797 (such policies. {insert Robert\222s writeup here on the way MPI and PacketWay \(as a function) 1797 SB 300 1702 1433 (of SHARE\) will help us. Include the HORUS/ISIS part of the equation}) 1433 SB 300 1820 1717 (We have identified the following objectives that are largely not satisfied by present day) 1717 SB 300 1879 1796 (security technologies: Support for a broad range of security policies, Support for securing) 1796 SB 300 1938 1798 (application objects \(fine grained labeling and access control\), Support for dynamic security) 1798 SB 300 1997 1702 (associations. To use an object oriented framework and library of dynamically loadable) 1702 SB 300 2056 1590 (security components. Specific security components are implemented as concrete) 1590 SB 300 2115 1742 (subclasses which can be dynamically loaded and attached to the abstract interfaces. This) 1742 SB 300 2174 1770 (allows us to satisfy each of the objectives in the following way: A broad range of security) 1770 SB 300 2233 1732 (policies \(Mandatory Access Control, Role Based Access Control, Discretionary Access) 1732 SB 300 2292 1777 (Control\) can be supported by developing abstract interfaces that capture the commonality) 1777 SB 300 2351 1793 (across various types of security policies. By developing the security components as object) 1793 SB 300 2410 1753 (classes, it is possible to embed these objects in application programs as well as operating) 1753 SB 300 2469 1725 (systems or middleware. This allows applications to provide fine grained access control) 1725 SB 300 2528 1652 (and labeling on application objects. Security policies can be dynamically established) 1652 SB 300 2587 1788 (between a client and a server by dynamically loading the appropriate security components.) 1788 SB 300 2646 1745 (This canbe done as part of negotiating an overall QoS between the client and the server.) 1745 SB 300 2764 1744 (Other technologies that can aid in solving these include code signing and Authentication) 1744 SB 300 2823 1761 (Brokering. Code signing is a technology invented and patented by LMFS-G in August of) 1761 SB EJ RS %%PageTrailer SS 0 0 25 25 798 1100 300 SM 32 0 0 42 42 0 0 0 38 /Helvetica /font12 ANSIFont font 0 0 0 fC gs 23 48 2077 3027 CB 2077 3028 23 (3) 23 SB gr 32 0 0 50 50 0 0 0 45 /Times-Roman /font32 ANSIFont font 300 227 1740 (1994. Thistechnology allows code modules to be digitally signed through the use of any) 1740 SB 300 286 1757 (public key encryption algorithm. The digital signature can be used to insure the integrity) 1757 SB 300 345 1796 (of the code module as well as to identify the actual source of the module when a module is) 1796 SB 300 404 1678 (delivered over an open network. Authentication Brokering can be used to establish a) 1678 SB 300 463 1731 (single sign-on capability in a heterogeneous network. User's log into an Authentication) 1731 SB 300 522 1720 (Broker once, and then the Authentication Broker transparently manages the process of) 1720 SB 300 581 1711 (logging the user into other network services requiring various forms of authentication.) 1711 SB 300 699 1760 (In a real-time distributed system, QoS can vary significantly due to dynamically changing) 1760 SB 300 758 1712 (characteristics of the computing system. Those characteristics can be of two types: \(1\)) 1712 SB 300 817 1679 (structural changes \(some nodes fail, some protocols fail, packets are delivered out of) 1679 SB 300 876 1736 (sequence, data types are inconsistent, software-hardware incompatibility\), \(2\) analytical) 1736 SB 300 935 1786 (changes \(due to either the above structural changes, or due to increased load, the dynamic) 1786 SB 300 994 1791 (characteristics change: throughput, delays, and other dynamics related\). These two groups) 1791 SB 300 1053 1772 (are related, but both need to be addressed to provide timely and reliable service under the) 1772 SB 300 1112 409 (changing conditions.) 409 SB 300 1230 1775 (To develop a closed-loop adaptive system that monitors QoS and controls it according to) 1775 SB 300 1289 1751 (a prespecified control goal through the utilization of a number of techniques that include) 1751 SB 300 1348 1781 (adaptation \(both structural and analytical\) of its processing in response to faults, changing) 1781 SB 300 1407 1510 (loads, requirements and capabilities, or through dynamic re-negotitation and) 1510 SB 300 1466 832 (reconfiguration of its processing shcemes.) 832 SB 300 1584 1742 (Controlling structural changes: \(Insert Karl's stuff comes here - we already have inserts\)) 1742 SB 300 1702 889 (- Development of the network modeling tool) 889 SB 300 1820 490 (- Adaptive programming) 490 SB 300 1938 544 (- Synchronization of clocks) 544 SB 300 2056 524 (- Self-stabilizing protocols) 524 SB 300 2174 1572 (Controlling analytical changes: We propose to carry out research leading to the) 1572 SB 300 2233 1612 (satisfaction of the goal of controlling a distributed computing system so that QoS) 1612 SB 300 2292 1753 (specifications are met. The main premise of our approach is that a distributed computing) 1753 SB 300 2351 1634 (system is a dynamic system and thus needs to be modelled, designed, analyzed and) 1634 SB 300 2410 1677 (controlled from this perspective. We will develop monitoring policies, modelling and) 1677 SB 300 2469 1740 (designing approaches and finally control algorithms. Control algorithms will utilize both) 1740 SB 300 2528 1702 (traditional control approaches like adaptive control and robust control, as well as new) 1702 SB 300 2587 1792 (control paradigms that include restructurable control, gain scheduling, hybrid systems, and) 1792 SB 300 2646 1619 (intelligent control. To implement this kind of control, a revolutionary approach to) 1619 SB 300 2705 1643 (designing distributed systems is necessary. The system design needs to be based on) 1643 SB 300 2764 1525 (specifications that include not only functionality of the system but also all the) 1525 SB 300 2823 1766 (characteristics that affect the QoS measure. The design must incorporate not only the the) 1766 SB EJ RS %%PageTrailer SS 0 0 25 25 798 1100 300 SM 32 0 0 42 42 0 0 0 38 /Helvetica /font12 ANSIFont font 0 0 0 fC gs 23 48 2077 3027 CB 2077 3028 23 (4) 23 SB gr 32 0 0 50 50 0 0 0 45 /Times-Roman /font32 ANSIFont font 300 227 1792 (functions that are needed from the computational point of view, but also functions that are) 1792 SB 300 286 1745 (needed from the control point of view. The authors have conducted experiments in real-) 1745 SB 300 345 1788 (time adaptability of a distributed system to changing requirements and they will expand on) 1788 SB 300 404 1135 (this knowledge to achieve the objectives of this proposal.) 1135 SB 300 522 1778 (This task is closely related with the previous task. In one of the adaptive control schemes,) 1778 SB 300 581 1686 (called Model-Reference Adaptive Control \(MRAC\), a model needs to be designed to) 1686 SB 300 640 1681 (generate the desired behavior of the controlled system. In our approach, the network) 1681 SB 300 699 1780 (modelling tool of Task 1 will be used for this purpose. This tool will monitor the behavior) 1780 SB 300 758 1591 (of the network \(does it have this capability ?????????????\) and generate the QoS) 1591 SB 300 817 1737 (requirements for the adaptive controllers associated with particular nodes. Additionally,) 1737 SB 300 876 1769 (the tool will be augmented with the capability of assessing the stability of the network for) 1769 SB 300 935 1778 (structural changes that may occur during the network operation and with the capability of) 1778 SB 300 994 920 (assessing the quality of the control algorithms.) 920 SB 300 1112 1754 (We will apply the above technology against shipboard, littoral warfare and globle mobile) 1754 SB 300 1171 1776 (applications. For instance, in the shipboard case, the distributed heterogeneous laboratory) 1776 SB 300 1230 1492 (that models Navy combat system operation at NSWC uses a PC acting as a) 1492 SB 300 1289 1706 (Compartmented Mode Workstation to communicate between the secure and unsecure) 1706 SB 300 1348 1679 (modeling environments. The HiPer-D Program uses this testbed as the application to) 1679 SB 300 1407 1721 (insert technology and is used to support various application and network related trade-) 1721 SB 300 1466 1557 (offs. On the other hand, the SHARE Program has created secure and real-time) 1557 SB 300 1525 1683 (modifications to the MPI and PacketWay standards and a high speed network/crypto) 1683 SB 300 1584 1774 (design to support military/commercial applications. The problem is A\) the NSWC testbed) 1774 SB 300 1643 1671 (needs to support a more general secure message passing scheme that may be used in) 1671 SB 300 1702 1720 (wider-scale shipboard applications, e.g. SC-21, B\) the SHARE Program needs specific) 1720 SB 300 1761 1678 (application requirements to complete its detailed design and C\) the NSWC testbed is) 1678 SB 300 1820 1795 (planning to evolved to a highly interconnected testbed \(e.g. described in Quorum\) that will) 1795 SB 300 1879 1794 (mandate a revolutionary higher speed general purpose message passing, brokering existing) 1794 SB 300 1938 249 (applications.) 249 SB 300 2056 1666 (On the short term, we propose a coupling of technologies, currently evolving on the) 1666 SB 300 2115 1766 (NSWC testbed, with those developed under the SHARE Program, using an off-the-shelf,) 1766 SB 300 2174 1776 (NSA approved, crypto module as the heart of the SHARE secure router \(this is where V-) 1776 SB 300 2233 1645 (one comes in\) \(refer to figure\). This will permit an early demonstration of a secure,) 1645 SB 300 2292 1769 (network and operating system independent message passing. This system will provide for) 1769 SB 300 2351 1610 (authentication, independent of encryption, and will take advantage of the existing) 1610 SB 300 2410 1630 (centralized instrumentation. On the longer term, the goal is to A\) provide dynamic) 1630 SB 300 2469 1614 (discovery of routes and network participant permissions based on topology, node) 1614 SB 300 2528 1728 (capability and application negotiation, B\) add an object broker to provide a generalized) 1728 SB 300 2587 1635 (client/server model and interface language to better partition applications based on) 1635 SB 300 2646 1715 (workload and the overall network security methodology, C\) extend the above with the) 1715 SB 300 2705 1676 (more generalized, highly-interconnected NSWC laboratory evolution and D\) add the) 1676 SB 300 2764 879 (SHARE high-speed cryptography hardware.) 879 SB EJ RS %%PageTrailer SS 0 0 25 25 798 1100 300 SM 32 0 0 42 42 0 0 0 38 /Helvetica /font12 ANSIFont font 0 0 0 fC gs 23 48 2077 3027 CB 2077 3028 23 (5) 23 SB gr 32 0 0 50 50 0 0 0 45 /Times-Roman /font32 ANSIFont font 300 227 1698 (By establishing and adding secure extensions and a secure PacketWay interface to the) 1698 SB 300 286 1746 (current ISIS-based message passing system, the SHARE secure network routing system) 1746 SB 300 345 1762 (may be used with minimal impact to NSWC applications. The ISIS improvements will be) 1762 SB 300 404 1654 (woven into the fabric of the next generation ISIS product, HORUS, whose existing) 1654 SB 300 463 1711 (security architecture will be melded and implemented with the SHARE approach. This) 1711 SB 300 522 1609 (approach will achieve short-term operability, with ISIS/PacketWay providing OS) 1609 SB 300 581 1688 (independence and PacketWay providing network independence \(see figure\). Next, an) 1688 SB 300 640 1783 (ORBIX-ISIS product can be used for an interim object-broker, while more suitable object) 1783 SB 300 699 1706 (brokers are being traded, providing a baseline for these trades. Extensions to MPI will) 1706 SB 300 758 1632 (provide the dynamic discovery requirements described in the objectives. This early) 1632 SB 300 817 1741 (baseline, low risk, approach guarantees on-demand operable demonstrations that can be) 1741 SB 300 876 1770 (coupled with the HiPer-D demonstrations, and a feedforward of knowledge/requirements) 1770 SB 300 935 889 (to closely spaced incremental project phases.) 889 SB 300 1053 1094 ({refer to Corps SAM, SC-21 and LAMPS application}) 1094 SB EJ RS %%PageTrailer %%Trailer SVDoc restore end % TrueType font name key: % MSTT31c1aa = 0b7fDTimes New RomanF00000032000002bc0000 % MSTT31c1b7 = 0b7fDTimes New RomanF00000032000001900000 % MSTT31c18b = 0b7fDArialF0000002a000001900000 %%DocumentSuppliedResources: procset Win35Dict 3 1 %%DocumentNeededResources: font Helvetica %%+ font Times-Bold %%+ font Times-Roman %%EOF