HACQIT
Hierarchical Adaptive Control for QoS Intrusion Tolerance


Research Goals

HACQIT aims to 1) deliver critical user services for four hours while under active attacks with no more than 25% degradation in user performance; 2) build a working prototype "system" while concentrating resources on new capabilities and minimizing unnecessary duplication; 3) understand the "design space" of intrusion tolerant systems designed for real world use with consumer-off-the-shelf and government-off-the-shelf hardware and software.

 

Approach

A phased approach will be used.

Phase 1: 1) Build a series of demo prototypes and explore "space." 2) Analyze more formal models. 3) Refine architecture and implementation plan.

Phase 2: 1) Incrementally deliver new capabilities. 2) Add more types of critical applications. 3) Continue analysis of more formal models. 4) Validate via Internet exposure, Red Team, new attacks, and analysis.

 

Expected Results

• Intrusion tolerant architecture that stops many common attacks, but still allows access to critical services

• Specification based approach to defining proper behavior of the HACQIT components

• Rapid failover of applications via process-pair architecture with time delay (to avert common mode failures)

• Random rejuvenation at various levels

• Forensics and learning to stop unknown attacks

• Continual recovery

• Execution monitoring (or plan checking) approach

Funding

DARPA / Teknowledge