March 17, 2003 John Zinky Richard Shapiro (jzinky,rshapiro@bbn) BBN Technologies

1. Aspect-Oriented Interceptors PatternDynamic Cross-Cutting Using Conventional LanguagesACP4IS 2003 March 17, 2003 John Zinky Richard Shapiro (jzinky,rshapiro@bbn.com) BBN Technologies This work was sponsored by the DARPA Ultralog Program under Contract MDA972-01-C-0025 http://ultralog.net http://cougaar.org

2. Problem: Add Denial of Service (DOS) Protection to the Cougaar Distributed Agent Middleware • Sensors • Socket Fuse • CPU Capacity Detection • Bandwidth Detection • Defenses • Compression • Bandwidth Reservation • Encryption • Traffic Masking • Policy • External Threat Level • Network Properties Host • DOS Sub-system is developed and modified by multiple groups • DOS Sub-systems must be removable at config-time • DOS Sub-systems dynamically changes defenses at run-time Intrusion Detection Security Policy Node DOS Policy Firewall Agent Message Transport Links Agent Links Thread Service Agent

3. Node Message Transport Service (Send-side) Email Link Protocol Destination Transport Agent Destination Queue Destination Transport SendLink Message Manager BB Logic Provider Destination Link Destination Queue Send Queue Router RMI Link Protocol Agent Destination Transport Destination Queue SendLink Message Manager BB Logic Provider Destination Transport Destination Link R M I M T Aspect Support Registry Link Protocol Factory Name Support Loop Back LP Node Generic Link Message Transport Service (Receive-side) Agent RMI Link Protocol Message Manager BB Logic Provider Receive Link R M I MTImpl Deliverer Email Link Protocol Agent Message Manager Receive Link BB Logic Provider Receive Port DOS Protection Must be Inserted in Multiple Places in the Message Processing Flow • DOS functionality cross-cuts the decomposition based on processing messages

4. Aspect Component Inserts Itself into the Data Flow and Maintains its Own State and Services Message Transport Sender M T S P r x Forward Dest Link S e n d Q MT D e s t Q R o u t e RMIOutput Stream M M L P B B Hold Route Send Link Protocol (e.g RMI) Message Transport Service Provider Aspect Transport Agent Services ServiceBroker Agent Binder Node Service Broker Message Transport Receiver D e l i v r R e c v L Deliver RM Input Stream MTImpl L P M M B B Receive Deliver Link Protocol Message Transport Service Provider Aspect Agent Services Agent Binder Service Broker Node Service Broker

5. When A Station is Created, Aspects Are Allowedto Insert a Delegate into the Call Tree • The Client is given a pointer to the Delegate, not original Station • The Delegate is usually an inner class of the Aspect Client Station Enhanced Service Service Station Service Delegate Initialize Delegate() Aspect Create Station() Add Delegate() Station Factory Initialize Station() Substrate

6. Multiple Aspects can be Inserted Each Handling Some Facet QoS Adaptation • Interactions between Aspects is • Direct via services • Indirect via delegate behavior • Order may be important Work-flow between stations Station Station Station Station Aspect Delegates Aspect Object Aspect Object QoS State QoS State QoS Services QoS Services

7. Quality Objects (QuO) Can Be Used to Structure the Implementation of Aspects • Delegates can be used to or observe or add behavior • QuO uses Quality Description Languages to code generate Delegates and Contracts Station Station Station QuO Delegate QuO Delegate QuO Contract QuO Contract Sys Cond Sys Cond Sys Cond Aspect external external See Http://quo.bbn.com

8. Example 1: Statistics can easily be collected between any of the Stations • The Aspect Contains all statistics Processing and storage • Statistics can be Correlated from multiple Stations • Delay measurements, Outstanding Messages, HeardFrom Client Station Observed Service Service Station Statistics Collection Statistic Processing Statistic Storage Statistic Export Aspect External Service

9. Example 2: Multicast Aspect Implements Both the Sender and Receiver Sides of the Protocol • The sender side transforms the clients multicast request into many copies addressed to all the nodes (in the group). • The receiver side copy the message again and delivers it to all the local clients (in the group) • While the code is in one place, the instances are distributed Receive Link Receive Link Send Link Message Copy Router Deliverer Receive Link Message Copy Remote Node Lookup Local Agent Lookup Sender Receiver

10. Example 3: Message CompressionMust Coordinate Processing on Both sides • Compression is enable by considering the network bandwidth and CPU capacity. • Attributes are added to the message, so the remote compression aspect can dynamically add a Delegate to decompress. Dest Link Tag Message Serialize Compress De Compress De Serialize Deliverer In-band Meta Data added by Aspect Compress Policy Receiver Sender Metrics Service

11. At Config Time, Aspects are Mixed and Matched to Get the Desired Adaptive Behavior Forward M T S P r x S e n d Q Dest Link D e s t Q R o u t e Hold Route Send M M L P B B Link Protocol Impl Message Transport Server Impl Name Support Agent Order Statistic Compress Signature Topology L P R e c v L M M B B R e c v Q MTImpl Receive Deliver Deliver

12. Agent Technology is used to Distribute the Management of DOS Protection

13. Conclusions • The Aspect-oriented Interceptors Pattern allows the dynamic insertion of behavior using conventional programming language • 28 Aspects were use in the 2002 Ultralog assessment • 100s Agent, 50 hosts and nodes = • Security, mobility, robustness, load balancing • The Aspects were developed by different groups • The Aspects can be mixed and matched to configure the desired behavior • Embedded Cougaar can remove 90% of code, run on iPAQ class processor • The DOS protection system changes its defenses based on the current running environment of the system • DOS Adaptive Behavior Injected at three Level • Language Level -> Generation of QuO Delegates and Contracts • Component Level -> Aspect Interceptors Pattern • Agent Level -> Distributed DOS policy management