Configuration Hopping for Added
Data Integrity in SurveillanceBased Human Decision Support
Systems
Barry Horowitz & Rick A. Jones
University of Virginia
March 2010
Problem We are Addressing
• Threat of concern is the injection of a controlled trojan
horse to change critical data in a decision support
system that can result in important human decision
errors
• We provide an application layer of security to be applied
in addition to traditional defensive techniques, such as
access control, encryption and logging
• The new solutions are derived from specific knowledge
about the application and its unique attributes and
requirements, and are enabled by Cloud computing
capabilities
• Our initial focus is surveillance-based decision support
systems
2
Adding Diversity through Configuration
Hopping (1)
• Two types of Configuration Hopping Services
– Virtual
– Physical
• Hopping rates determined by human decision making
time constants based upon the actual applications
• What to hop is determined by
– Application security considerations
– Performance considerations
– Application development cost
– Cloud operating cost
3
Adding Diversity through Configuration
Hopping (2)
• Enabled through what could be readily available Cloud Services
that leverage the existing Cloud Infrastructure
– Hypervisor, Wide Area Infrastructure Redundancies
– Integrated management and control
– User demanded resource provisioning
• Our concept, as a general decision support solution, includes two
supplementary Cloud Services
– User defined / Cloud executed “data continuity agent”
• Relieves risks of confining the hopping to only certain
components
– Configuration hopped Networking as a Service (NaaS)
• Recognizes the potential vulnerabilities that can be exploited
in communications to and from the Cloud
4
Configuration Hopping Example
X
5
Data Continuity Agent Example
Continuity
Checking
Service
Service 2
Service 3
Service 1
6
High Level View of Decision
Support Through a Cloud
Collectors
Network
Network
Data Management
and Processing
Data
Distribution
User
x
User
y
...
Object
Detection
Tracking
Classification
Display
Support
User
z
7
Physical Hopping
California Cloud
Provider/Facility
Florida Cloud
Provider/Facility
8
Virtual Hopping
California Cloud
Provider/Facility
Florida Cloud
Provider/Facility
9
Continuity Checking
Service 1
Service 4
End User
Service 2
Service 3
Key
Service
Specific
Metadata
Continuity
Checking
Service
10
Networking as a Service
NaaS
11
Division of Implementation
Cloud
Provider
User
Hopping
Services
- Hopping Service
o Geographic
o Dynamic
Config. Control
- Services to Hop
- Hopping Rates/Method
- Type of Hopping
- Machine Configurations
Data
Continuity
Agent
- Cloud provider
agent service
- Specification of the
NaaS
- Radios/Network
Protocols
- Provisioning
- Management
Continuity Metadata
and Criteria
- Specification of the
desired agent outputs
- Information Collectors
- Compatible Radios and
Protocols
12
Ubuntu Enterprise Cloud
13
Scenario
• Surveillance application with Tracking and
Classification (STAC)
• Services/Functions
– Object Identifier
– Tracker
– Classifier
– Display
14
Development of Data Integrity
Techniques
Continuity
Checking
Service
Cloud 1
Application
Designer
Cloud 2
15
Development of Data Integrity
Techniques for STAC
Application
Continuity
Checking
Service
Classifier
Object
Detection
Display
End User
Tracking
Cloud 2
16
Design Evaluation: Complexity
and Performance
• Configuration Hopping
– Burst time
– Deallocation time
– Overlap time
– Latencies introduced
– Buffers introduced
• Data Continuity
– Bandwidth/Overhead requirements
– Configuration time
– Effects of Hopping
17