280 likes | 466 Views
Supported by the DARPA CoABS Program. CoAX - Coalition TIE Briefing DARPA CoABS PI Meeting AFRL Rome, AIAI, Boeing, Dartmouth, DERA Malvern, Lockheed Martin ATL, Michigan, MIT Sloan, Stanford, USC/ISI, UWF/IHMC Support from GITI, ISX, Mitre Coalition Agents eXperiment (CoAX)
E N D
Supported by the DARPA CoABS Program CoAX - Coalition TIE Briefing DARPA CoABS PI Meeting AFRL Rome, AIAI, Boeing, Dartmouth, DERA Malvern, Lockheed Martin ATL, Michigan, MIT Sloan, Stanford, USC/ISI, UWF/IHMC Support from GITI, ISX, Mitre Coalition Agents eXperiment (CoAX) http://www.aiai.ed.ac.uk/project/coax/
Briefing Outline • Overview • Key Coalition and Technical Drivers • Binni Scenario • CoAX Components • Domain Management • Demonstrations • 6 Month Demonstration Report • 9, 18 and 30 Month Demonstration Plans • Status and Next Steps
Aim of Coalition TIE • Aim: • Address unique aspects of coalition operations through the development and evaluation of agent domain and task management services. • Aim will be met through delivery of: • Phased technical demonstrations of increasing complexity • Technical reports and research papers • Coalition-oriented grid services • Requirements • Use of existing military applications (MBP, CAMPS) • Use of heterogeneous set of both domain-aware and ‘come-as-you-are’ grid agents
Key Coalition Drivers • Different doctrine, decision making, rules of engagement and, in general, mission “agendas”. • Different technology skill and equipment levels. • Different cultures and languages. • Questionable compatibility of respective national information systems. • Limited models for coalition force operations. • Command authorities - agreement and transfers. • Variable reliability of components and infrastructures. • Information systems resource sharing agreements and capacity. • Different interpretation of situational information. • Lack of compatible security architectures. From LeRoy Pearce (Canadian MOD), 1999
Key Technical Drivers • Working with agents in multiple dynamic domains. • Need for partial (secure) sharing and visualization of processes, data and facilities. • Need flexible interagent task and process management. • Unclear and/or emerging objectives and tasking. • Cannot assume compatibility or complete reliability of functional capabilities, communications, security arrangements or information resources. • Need to integrate and use legacy systems. • Need for rapid formation and management of agent relationships. • Need to respect national concerns, limitations, cultural and political differences, etc.
Binni - Gateway to theGolden Bowl of Africa Rathmell, R.A. (1999) A Coalition Force Scenario 'Binni - Gateway to the Golden Bowl of Africa', in Proceedings of the International Workshop on Knowledge-Based Planning for Coalition Forces, (ed. Tate, A.) pp. 115-125, Edinburgh, Scotland, 10th-11th May 1999.
Binni - All Features KEY Tarmac roads Heights (metres) Railways To Cecil × Population centres Military airfields Gravel roads N 37E Q Q Ports Ports Civilian Airfields Civilian Airfields Tracks Tracks 21N To Segumbo Cape Amstado To Pample Kaso Lagoon 34E 35E 36E 33E GAO To Tifillo W E 175 876 613 527 175 613 123 788 752 588 268 775 482 390 436 707 542 20N To Cunmege 32E Akwapim-Gao Range Q CACA REGION 38E Jacal S Caca 31E LAKE CACA 19N Q Q Q × Daka Gambaga Escarpment CACA REGION EASTERN REGION 18N BANDAR REGION SIKASSO COSTA DEL MARIA LAKI UGWULU BANDAR BANDAR Gambaga Gamba Kwanabouri Brongo Brongo Aida Epidurango Nedalla Langford Slafito Libretto Zingato Lissa Kingtown Sellerham Asoba Wampimba Sago- town Biloo Belucar Higgville Libar Zatu Salisbury Dinga Anala St Andrews Wazilla Masembi Bisa Kamongo Jinja Brongo Laval Sagiba Bisha Antok Dado Slabo Donga Kutchi Akimbo Laponga Elmina Jamestown Suthertown Esuko Nanga Grandville Kaso Minga Hakkali Caca Dam Polia Anguiba Gonobo Kolla Sonara Zaribe Grandvache Tonka Saltpond Achobo Adaido Bonrope Bave Wonka Deanville Diplombo Sandosta Blackman Komenda Atewa Ranga Mawli Kwahu Plateau 19N × 39E 17N NORTHERN REGION Q Amisa ASHANTI REGION White Caca Afram 18N CENTRAL REGION × 16N Pra Q × Ofin Kapowa AGADEZ 17N UPPER REGION Cape Vincent Ankobra × 15N WESTERN REGION Tana 16N Black Caca 36E 37E 38E 39E 31E 32E 33E 34E 35E To Falo AGADEZ To Harra To Petit Paris 15N To Escallope LAYERS: Setting Geography Transport Water Names Lat / Long Return
N Cape Amstado Kaso Lagoon W E Jacal S Caca LAKE CACA Daka Mawli Amisa White Caca Afram Pra Ofin Kapowa Cape Vincent Ankobra Tana Black Caca Forces separated by fire storm Gao forces Agadez forces Fire Storm
N Cape Amstado Kaso Lagoon W E Jacal S Caca LAKE CACA Daka Mawli Amisa White Caca Afram Pra Ofin Kapowa Cape Vincent Ankobra Tana Black Caca Gao deception is intended to displace firestorm: separation fails. Gao forces False Gao forces Agadez Forces Fire Storm False Agadez forces
CoAX Components • Agent management services • KAoS domain and resource management (Boeing, IHMC) • Exception handling (MIT) • Task management services • Task and process management (AIAI) • Plan deconfliction (Michigan) • Market-based incentive management (Stanford) • Domain-aware grid agents • MBP (DERA) • CAMPS (AFRL) • Malicious agents (IHMC, Boeing) • Various information, monitoring, visualization, and observer agents • “Come-as-you-are” grid agents • EMAA/CAST AODB info agent (LM-ATL) • Ariadne Web-enabled weather agent (USC/ISI) • Observer agents (Dartmouth)
Briefing Outline • Overview • Key Coalition and Technical Drivers • Binni Scenario • CoAX Components • Domain Management • Demonstrations • 6 Month Demonstration Report • 9, 18 and 30 Month Demonstration Plans • Status and Next Steps
Agent Domains DM An agent domain consists of one or more agents registered with a common Domain Manager which provides for common administration and enforcement of domain-wide, VM-specific, and agent-specific policies.
Agent Domain Management in CoAX • Broadens typical distributed security concerns to include: • Communication and access management: Who can communicate with whom for what services? • Registration management: Who can join the domain under what circumstances? • Resource management: Who can have which kind and how much of a given computing resource? • Mobility management: Who can move where under what circumstances? • Conversation management: What constraints govern interaction between conversing agents? • Obligation management: Who is not meeting commitments? Initial capability shown in six-month demo Initial capability slated for nine-month demo Initial capability slated for 2001-2002 demos
Policy Admin Tool Policy Management Framework Authorized user makes changes over the Web KAoS Domain Manager 1. Ensures policy consistency at all levels 2. Stores policy changes 3. Notifies guards HTTP RMI Servlet Event-driven policy changes RMI JNDI Policy Directory Other Guard Aroma VM Guard Java VM Guard Agent Native Mech Agent Agent Agent Agent Agent Native Mech 1. Abstract, mechanism- neutral representation/XML syntax (DAML collaboration) 2. Distributed networked availability 3. Secure Guard is responsible for: 1. Interpreting policy 2. Enforcing with appropriate native mechanism
Policy EnforcementProblems and Solutions • Solution: Platform-based enforcement (e.g., Java 2 security) • Problem: Permissions granted statically according to code source (can’t have different permissions for two agent instances from same code base) • Problem: Enforcing policies on unmodified, potentially malicious agents • Solution: Hack JAAS (Java Authentication and Authorization Service) to allow dynamic permissions and instance-level authentication and authorization • Problem: High-level agent security requirements do not always map to low-level built-in Java security mechanisms • Solution: Lock down permissions of untrusted (agent) code and force agent to use a trusted privileged-code wrapper under control of the guard (eventually to be packaged as domain-aware “grid helper”) to perform selected actions • Problem: Fine-grained resource allocation and control and revocation of permissions in the face of denial-of-service attacks • Solution: Run agent under Java-compatible Aroma VM allowing dynamic fine-grained resource rate and quantity control • Problem: “Obligation policies” cannot be enforced by preventing actions in advance but only by monitoring and after-the-fact sanctions • Solution: Sentinel-based policy enforcement (relevant work in this area by MIT)
Briefing Outline • Overview • Key Coalition and Technical Drivers • Binni Scenario • CoAX Components • Domain Management • Demonstrations • 6 Month Demonstration Report • 9, 18 and 30 Month Demonstration Plans • Status and Next Steps
Demonstration Schedule • 1-month demo at kick-off in February 2000 showing direct connection between DERA MBP and LM ATL AODB. • 6-month demo (internal milestone) in July 2000 showing initial integration of selected CoAX components for 9-month demo. • 9-month demo (deliverable) in October 2000: • Brief the CoAX TIE and Binni scenario; • Show full integration of selected CoAX components; • Show that selected components interoperate in a Binni-based scenario and that a relevant 'story' can be told about agent functionality; • Additional stand-alone demos of other components. • 18-month demo in July 2001 showing full integration of all CoAX components in a rich coalition scenario: • Focal point to engage other nations and research teams. • 30-month demo in July 2002 showing dynamic aspects of domain management and tasking.
6-Month Demonstration Report • Overall Objective: • Integrated Binni scenario demonstration centered on MBP containing Process Panel monitoring and multiple information-providing agents showing dynamic communication policy management between three KAoS domains on the grid • Specific accomplishments: • Binni scenario information used to populate MBP, PP, and LM-ATL agents and shape storyboard • Domain-aware conversational grid agents registered in three separate KAoS-managed domains representing coalition function units and countries • KAoS matchmakers transparently federate across domain boundaries consistent with current domain policy • LM-ATL ‘come-as-you-are’ message-based grid agent interacts with domain-aware agents • Tasking and control across coalition functional units • Visualization of coalition C2 process via a simple process model • Use of simple web-based policy administration tool to change domain policies and update policy enforcement mechanisms to selectively block and unblock interdomain agent communication
Gao Intel Dbii DM2 Intel2 MM2 Dbi JFAC HQ JTF HQ PP' Intel1 MBP MM3 DM3 MM1 DM1 Domain-aware conversational grid agents LM-ATL ‘Come-as-you-are’ message-based grid agents AODB 6-Month IntegratedDemo Structure
9-Month Demonstration Plan • Overall Objective: • Integrated Binni scenario demonstration with MBP/CAMPS link containing PP monitoring, information-providing, and malicious agents, and showing dynamic task and communication, registration, and resource control policy management of ~25 agents in six KAoS domains (including a subdomain) on the grid • Stand-alone demonstrations of additional coalition-related capabilities • Specific additional objectives beyond the 6-month demonstration: • US domain with domain-aware AODB and CAMPS agents • Ariadne ‘come-as-you-are’ open source weather agent • Observer (Intel) domain containing surrogates for Dartmouth agents • Gao Observer subdomain containing malicious observer agent whose denial-of-service attack is countered by KAoS and NOMADS resource control mechanisms • Stand-alone demonstrations of: MIT ‘agent death’ exception handling, Stanford incentive management, U. Michigan plan deconfliction, and Dartmouth ‘observer agents’ • More powerful web-based policy administration tool administering communication, registration, and resource policies
Gao Intel Dbii DM2 Intel2 MM2 Dbi JTF HQ JFAC HQ PP' US MM3 MBP DM3 Intel1 DM4 MM4 AL Plan Weather Viz Observers (Intel) AODB MM1 MM5 DM1 DGO DM5 DAO Gao Obs. LM-ATL CAMPS Ariadne GAO MM6 DM6 AODB Weather ALDB Subdomain of “Observers” 9-Month Integrated Demo Structure
18-Month Demonstration Plan • Overall Objective: • Integrated Binni scenario demonstration including all CoAX participants showing exception handling, incentive management, plan deconfliction services, and dynamic task and domain management of ~35 agents in nine KAoS domains (including a subdomain and agents with multiple domain membership) on the grid • Specific additional objectives beyond the 9-month demonstration: • Emphasis on execution phase of Binni scenario • Packaging of initial task and domain management capabilities as grid services • Separate UK and meteorology domains and coalition superdomain • Policy conflict resolution mechanisms in place for GAO agent registered as member of multiple domains • Use of MIT exception handling grid services • Use of Stanford to allocate tasks and computing resources and manage incentives • Use of Michigan services to identify and resolve plan conflicts • Use of Dartmouth ‘observer agents’ to feed coalition command • Management of mobility and conversation policies through policy admin. tool • Additional forms of attack by malicious agents countered by enhanced agent domain management mechanisms
Dbiii UK Observers (Intel) Coalition Intel3 MM7 MM5 DGO Intel1a DM5 DM7 DAO Gao Obs. MM8 DM8 Dbi GAO MM6 DM6 JFAC HQ US MBP MM2 DM4 DM1 MM4 MM1 AL Plan Intel2 DM2 AODB Gao Intel Dbii Intel1 MM3 Met. PP MM9 CAMPS LM-ATL DM3 Weather Viz JTF HQ DM9 AODB ALDB Weather Ariadne 18-Month Integrated Demo Structure Plan Dec. IM EH
30-Month Demonstration Plan • Overall Objective: • Integrated Binni scenario demonstration including CoAX participants showing dynamic creation and reconfiguration of agent domains, virtual organization, and overall coalition process • Specific additional objectives beyond the 18-month demonstration: • Demonstration includes all phases of Binni scenario • Possible participation of other nations (especially TTCP) and additional CoABS research teams • New coalition members and domains added on-the-fly • Generic task and process management facilities • Tailored visualizations • High-level task, process, and domain management tools • Management of obligation policies, and fleshing out set of communication, access control, resource management, conversation, and mobility policies
Briefing Outline • Overview • Key Coalition and Technical Drivers • Binni Scenario • CoAX Components • Domain Management • Demonstrations • 6 Month Demonstration Report • 9, 18 and 30 Month Demonstration Plans • Status and Next Steps
Status andNext Steps • 1-month and 6-month demo milestones successfully completed • 100+ page ‘living document’ describing CoAX and Binni ‘FLASH’ scenario delivered • Ongoing work with GITI on design for packaging of agent domain services for the grid • 9-month demonstration ready in October • Integrated demonstration • Stand-alone demonstrations • Sneak preview of progress on 9-month demonstration at Malvern TTCP meeting in September
Summary • Coalition operations is a matter of high concern for the military and a great proving ground for agent research • Binni provides mature rich source of realistic scenario data • Actual military tools used in true cross-national collaboration—hope to expand to additional nations in the not-too-distant future • Fourteen CoABS partners cooperating in phased technical integration • Grid provided necessary interoperability • Significant new research issues being addressed of both theoretical and practical significance
Further Information • See http://www.aiai.ed.ac.uk/project/coax/ • coax@aiai.ed.ac.uk, coax-info@aiai.ed.ac.uk • CoAX and Binni documentation available