Key elements
Dynamic Distributed MILS platform
Dynamic MILS platform with deterministic networking
Mechanisms for dynamic reconfiguration and configuration introspection
Declarative dynamic architecture modeling and verification
Language to describe reconfigurable systems architecture, component models, failure models and fault propagation
Theory and framework for dynamic reconfiguration
Theory and framework for adaptation
Language to express critical properties to be verified
Compositional verification framework
Monitoring, Adaptation, Configuration, & Certification Assurance Planes
Assurance-based security evaluation methodology and runtime mechanisms for just-in-time certification of adaptive systems
Cristel Joy P. Rodriguez is seeking a position where she can utilize her skills and experience in professional growth and development. She has over 5 years of experience in the tourism industry, having worked as a travel consultant, tour coordinator, and events specialist. She is proficient in customer service, event planning, and tour operations. Rodriguez holds a Bachelor's degree in Tourism from Central Philippine University and has attended numerous seminars related to tourism, customer service, and business.
Anisa completed an internship at PT. MetraPlasa, an e-commerce company in Indonesia. During her internship, she worked in both the Business Operations and Human Resources departments. In Business Operations, her tasks included checking product shipments, managing refunds, and selecting products for rotation on the company website. In Human Resources, she updated employee data, arranged interviews, and provided support to other interns. Through these varied activities, Anisa gained valuable experience in customer service, data management, and human resources. She learned skills like time management and communication that will help her career. Overall, the internship provided Anisa with hands-on work experience and personal development.
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.Manas Saha
The document provides an overview of Delta Life Insurance Company Ltd., including its history, vision, goals, products and services. Some key points:
- Delta Life was established in 1986 as one of the first private life insurance companies in Bangladesh. It introduced innovative microinsurance products to serve low-income customers.
- The company's vision is to be the premier life insurance company in Bangladesh and serve customers with respect by providing the best solutions.
- Its goals include maximizing value for policyholders and shareholders. Core values focus on trust, understanding, respect, excellence and teamwork.
- Products include ordinary life insurance, Gono Grameen Bima (microinsurance), group life insurance, and health
Christian Bocalan completed a 240-hour on-the-job training internship at Harada Automotive Antenna (Philippines) Inc. in their Import/Export department. During the 5-week period, he learned how to use office equipment like printers and fax machines. He also sorted documents, prepared bills and invoices, and counted inventory in the warehouse. The training provided valuable experience in applying his classroom knowledge in a real work environment.
This document provides an overview of Sharekhan Ltd., including:
- It describes Sharekhan as a leading retail brokerage firm in India with over 80 years of experience in stock broking.
- The company offers equity trading, investment advice, online trading platforms, and depository services to retail customers.
- It discusses Sharekhan's parent company, SSKI Group, and SSKI's experience in institutional broking and corporate finance.
- The document also provides brief descriptions of Sharekhan's areas of investment, use of technology, and business vision and mission.
The document discusses how MongoDB helped Kixeye solve data scaling problems for analytics of game play data. MongoDB provided fast reads and writes needed to power applications like a cheater detection engine. It processed large volumes of click data from games to find the small percentage of cheaters in under 5 minutes. MongoDB was a good fit because it is schema-less, supports indexing of nested data, and provides features like auto-sharding and TTL collections. The use of MongoDB helped Kixeye efficiently ban over 100 cheaters per hour and improve game balancing.
The document summarizes the student's 8-week industrial attachment at the Kenya Forest Service Headquarters. The student was attached to the Information Center department, which handles GIS and IT functions. During the attachment, the student digitized forest maps, created a spatial database of forest information, helped implement a new Forest Management Information System, and verified data using satellite imagery. The student gained experience applying GIS skills and found the attachment reinforced their interest in pursuing a career in geomatics engineering. Some challenges included learning new software and limited computer access, but these were overcome through observation, participation, and discussion with officers. Overall, the attachment was a success in providing real-world work experience relevant to the student's field of study.
Cristel Joy P. Rodriguez is seeking a position where she can utilize her skills and experience in professional growth and development. She has over 5 years of experience in the tourism industry, having worked as a travel consultant, tour coordinator, and events specialist. She is proficient in customer service, event planning, and tour operations. Rodriguez holds a Bachelor's degree in Tourism from Central Philippine University and has attended numerous seminars related to tourism, customer service, and business.
Anisa completed an internship at PT. MetraPlasa, an e-commerce company in Indonesia. During her internship, she worked in both the Business Operations and Human Resources departments. In Business Operations, her tasks included checking product shipments, managing refunds, and selecting products for rotation on the company website. In Human Resources, she updated employee data, arranged interviews, and provided support to other interns. Through these varied activities, Anisa gained valuable experience in customer service, data management, and human resources. She learned skills like time management and communication that will help her career. Overall, the internship provided Anisa with hands-on work experience and personal development.
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.Manas Saha
The document provides an overview of Delta Life Insurance Company Ltd., including its history, vision, goals, products and services. Some key points:
- Delta Life was established in 1986 as one of the first private life insurance companies in Bangladesh. It introduced innovative microinsurance products to serve low-income customers.
- The company's vision is to be the premier life insurance company in Bangladesh and serve customers with respect by providing the best solutions.
- Its goals include maximizing value for policyholders and shareholders. Core values focus on trust, understanding, respect, excellence and teamwork.
- Products include ordinary life insurance, Gono Grameen Bima (microinsurance), group life insurance, and health
Christian Bocalan completed a 240-hour on-the-job training internship at Harada Automotive Antenna (Philippines) Inc. in their Import/Export department. During the 5-week period, he learned how to use office equipment like printers and fax machines. He also sorted documents, prepared bills and invoices, and counted inventory in the warehouse. The training provided valuable experience in applying his classroom knowledge in a real work environment.
This document provides an overview of Sharekhan Ltd., including:
- It describes Sharekhan as a leading retail brokerage firm in India with over 80 years of experience in stock broking.
- The company offers equity trading, investment advice, online trading platforms, and depository services to retail customers.
- It discusses Sharekhan's parent company, SSKI Group, and SSKI's experience in institutional broking and corporate finance.
- The document also provides brief descriptions of Sharekhan's areas of investment, use of technology, and business vision and mission.
The document discusses how MongoDB helped Kixeye solve data scaling problems for analytics of game play data. MongoDB provided fast reads and writes needed to power applications like a cheater detection engine. It processed large volumes of click data from games to find the small percentage of cheaters in under 5 minutes. MongoDB was a good fit because it is schema-less, supports indexing of nested data, and provides features like auto-sharding and TTL collections. The use of MongoDB helped Kixeye efficiently ban over 100 cheaters per hour and improve game balancing.
The document summarizes the student's 8-week industrial attachment at the Kenya Forest Service Headquarters. The student was attached to the Information Center department, which handles GIS and IT functions. During the attachment, the student digitized forest maps, created a spatial database of forest information, helped implement a new Forest Management Information System, and verified data using satellite imagery. The student gained experience applying GIS skills and found the attachment reinforced their interest in pursuing a career in geomatics engineering. Some challenges included learning new software and limited computer access, but these were overcome through observation, participation, and discussion with officers. Overall, the attachment was a success in providing real-world work experience relevant to the student's field of study.
This document provides an overview of state monitoring in the context of the CITADEL project. It discusses the monitoring plane and how it is used to monitor components in the operational plane and resources in the foundational plane. It also describes how the Kaspersky Security System can be used for state monitoring by specifying monitoring policies and integrating them with the system modeling framework. The document outlines different sources of monitoring data and policies and how a layered implementation approach separates concerns between the monitoring, operational, and foundational planes.
The Capabilities Integration Environment (CIE):
- Provides a production-compliant environment for development, integration, and testing of information technology solutions and standardized DoD infrastructures.
- Offers an efficient solution for Air Force mission application testing and development needs, providing support from end-to-end through assigned teams.
- Emulates deployment environments like Air Force bases, DISA, and GCSS-AF using standardized desktops, servers, and network configurations to allow testing with production-like conditions and data.
SLTS kernel and base-layer development in the Civil Infrastructure PlatformYoshitake Kobayashi
The Civil Infrastructure Platform (CIP) is creating a super long-term supported (SLTS) open source "base layer" for industrial grade software. We have been working on security fixes and some backported features since the moment we decided that Linux kernel v4.4 would be the first SLTS version. In this talk, we will describe the current development status of the SLTS kernel and testing environment. First, we'll explain our kernel development policy. Then, we'll describe the functionality that has been backported. Second, we'll talk about testing before using our base-layer on real products. We have been developing a test framework to collect and share test results. To build it, we don't want to duplicate existing work such as KernelCI, Fuego and others. For that reason, we are trying to collaborate and contribute to such projects. And finally, we'll discuss the future roadmap.
Update CMDB Using Discovery Topology (BMC ADDM) Vyom Labs
Atrium Discovery and Dependency Mapping automatically discovers physical and virtual IT assets, applications, and the relationship between them. Learn how to keep CMDB updated.
MILS is a component-based approach to secure and dependable systems design and implementation that encourages a marketplace of general-purpose commercial components, leading to lower development cost
MILS is a two phase approach (John Rushby’s “Modern MILS”):
Design a Policy Architecture
Abstract architecture diagram represented by “boxes and arrows”
Operational components and architecture achieve system purpose
Assumes the architecture (components and connectors) will be strictly enforced in the implementation
Implement the policy architecture on a robust resource-sharing platform
MILS foundational components (FCs) enable sharing of physical resources, creating strongly separated “exported resources”
FCs should be individually developed and assured according to standardized specifications
FCs compose “additively” to form a distributed trusted sharing substrate, the MILS Platform
MILS provides a compositional approach to construction, assurance, and system certification
Linux has become one of the most important software to run the civil infrastructure systems such as power plants, water distribution, traffic control and healthcare. From computer system viewpoint, the systems require a very high level of quality on real-time performance, reliability and security to avoid serious failure. To overcome the issues to apply Linux on such systems, as the first step, we need to gather the actual requirements. Past few months, some companies who are interested in this area actually got together and discussed to put those requirements together. In this talk, we would like to share the current status of this requirement discussion and our future collaboration plan. Please join us to improve Linux together and make the world better place!
The document summarizes the evolution of avionics architectures from first to fourth generation designs. First generation architectures were either disjoint, with independent systems, or centralized with a main computer. Second generation introduced federated, distributed, and hierarchical architectures with standardized digital interfaces. Third generation designs included the Pave Pillar architecture used in fighters like the F-22. Fourth generation architectures are more open and modular like the Pave Pace design for the F-35. Integrated modular avionics consolidate functionality across computing modules.
Enhancement of ARINC 653 for Multi-core Hardware.pptxAbrar Hafiz
The document discusses the enhancement of ARINC 653 for multi-core hardware. It provides an overview of industry trends driving more functionality and connectivity in aerospace and defense systems. This is creating challenges around safety, security, and certification. The presentation then describes ARINC 653 and its role in integrated modular avionics, and some of the issues that arise in multi-core systems. It outlines the capabilities of the VxWorks 653 single-core and multi-core editions for addressing these issues and supporting certification. Use cases are presented for migrating existing systems to multi-core and expanding functionality.
The document provides a summary of Michael Joshua S's professional experience and skills. It summarizes over 12 years of experience in embedded systems testing and validation across various industries. Key roles included consulting test engineer, team lead, and project engineer. Technical skills include test automation using National Instruments hardware and software, system engineering, verification and validation, and embedded software development.
The document provides an introduction to CITADEL, which aims to develop an innovative platform for adaptive systems based on the Multiple Independent Levels of Security (MILS) architectural approach. CITADEL builds upon previous research in static and distributed MILS and aims to extend MILS to support dynamic and distributed adaptive systems while maintaining assurability through design-time analysis and runtime assurance. The CITADEL framework adds new planes such as monitoring, adaptation, and certification assurance to the MILS platform to enable closed-loop control of dynamic reconfiguration. The project team for CITADEL includes experts in MILS, separation kernels, and other relevant areas from previous MILS research projects.
The document discusses COTS FACE solutions from RTI and Wind River that can help address challenges in developing airborne systems. It describes how the FACE initiative uses standardized interfaces and layered architectures to enable software reuse and reduce costs. RTI provides a Transport Services Segment that uses DDS for loose coupling between applications. Wind River offers FACE-aligned operating systems like VxWorks 653 that achieve safety certifications. Together these COTS solutions form a partner stack that delivers FACE-compliant capabilities to warfighters faster and at lower cost.
SysML for embedded system engineering - Academy Camp 2015Régis Castéran
Presentation held during the Berner and Mattner Academy Camp 2015 about SysML usage for requirement specification and architecture description applied to embedded system engineering
A Decentralized Reference Architecture for Cloud-native Applications V2.0Asanka Abeysinghe
This document summarizes Asanka Abeysinghe's career and introduces the concept of cell-based architecture. It discusses the motivation for a new decentralized architecture pattern and describes cell-based architecture, where cells are self-contained units of enterprise architecture that contain components and communicate with each other. The key aspects are that it is decentralized, microservices-based, cloud-native, technology neutral, and human-centric.
Whats new in Enterprise 5.0 Product SuiteMicro Focus
This document summarizes new features across Micro Focus's Enterprise Product Suite version 5.0, including .NET Core support, Amazon Web Services Quick Start, COBOL formatting, code analysis views, Enterprise Server scale out architecture, common web administration, Application Workflow Manager improvements, AppMaster Builder data view changes, CICS and IMS support enhancements, COBOL and PL/I language additions, debugging upgrades, and more. Key areas of focus include multi-system administration of Enterprise Server, integration of mainframe workloads on modern platforms, and development productivity aids.
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeRobert van Mölken
As more and more application deployments move to the cloud the scale and complexity becomes harder to manage. Instead of a handful of large instances, you might have many smaller instances, so there are many more things you need to provision. Because of this cloud vendors provide API abstraction of their compute, storage, network and other platform services. In this talk I present a guide to provision these services, such as a Kubernetes cluster, using infrastructure as code and deploy your applications through cloud-native build pipelines. Get to know the concepts behind these DevOps practices and come hear which tools to use like Terraform and Oracle Container Pipelines to automate these laborious tasks on the Oracle Cloud Infrastructure.
Presented by: Mr Keith Smith, UK GVA Office, Defence Equipment and Support, UK MOD
A presentation on the progress, plans and development of the UK Generic Vehicle Architecture Programme, which underpins the integration of future UK military vehicle mission systems. The presentation will address the requirement to use DDS technology and an OMG Model Driven Architecture Approach for the data modeling aspects. It will also cover the creation of NATO GVA STANAG 4754 based on the UK GVA Approach.
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...Eric Sloof
IT is undergoing a transformation. The current ‘accidental architecture’ of IT today increases procurement, management costs, and complexity while making it difficult to meet customer service level agreements. This makes IT less responsive to the business and creates the perception of IT being a cost center. IT is now moving towards a ‘private cloud’ model, which is a new model for delivering IT as a service, whether that service is provided internally (IT today), externally (service provider), or in combination. This new model requires a new way of thinking about both the underlying technology and the way IT is delivered for customer success.
While the need for a new IT model has never been more clear, navigating the path to that model has never been more complicated. The benefits of private clouds are capturing the collective imagination of IT architects and IT consumers in organizations of all sizes around the world. The realities of outdated technologies, rampant incremental approaches, and the absence of a compelling end-state architecture are impeding adoption by customers.
This new ‘private cloud’ model, which is a new model for delivering IT as a service, whether that service is provided internally (IT today), externally (service provider), or in combination. This new model requires a new way of thinking about both the underlying technology and the way IT is delivered for customer success.
By harnessing the power of virtualization, private clouds place considerable business benefits within reach.
Cisco and EMC, together with VMware, are putting you on a new road to greater efficiency, control and choice. A faster road to unprecedented IT agility and unbounded business opportunities. With the Virtual Compute Environment’s Vblock experience.
The document provides an overview of the Department of Defense Architecture Framework (DODAF). DODAF defines a common approach for describing and comparing enterprise architectures across the DoD. It facilitates the use of common principles, assumptions, and terminology. DODAF consists of 26 products organized into four views - All Views, Operational View, Systems View, and Technical Standards View - to comprehensively document architectures. Future evolution areas include defining a DODAF object model and ontology to facilitate tool interoperability and sharing of architecture data.
The document outlines 19 potential project titles for a Cisco summer internship in 2011. The projects cover a wide range of topics including network performance testing, automation, monitoring, management, and security tools.
An assurance case provides an argument to justify certain claims about a system, based on evidence concerning both the system and the environment in which it operates.
The principal advance offered by assurance cases compared to other forms of assurance is provision of an explicit argument connecting evidence to claims.
The idea of structured argument is to facilitate modular comprehension and assessment of the case.
This material provides guidelines in form of a presentation of the Context Awareness - component of the Adaptation Plane.
The Context Awareness is a component which implements a mechanism to identify the current context under which the CITADEL framework as well as an application is used/operated.
To identify the current context, the Context Awareness will use run-time data provided by the Monitoring Plane as input on one hand and a pre-defined context model on the other hand.
This document provides an overview of state monitoring in the context of the CITADEL project. It discusses the monitoring plane and how it is used to monitor components in the operational plane and resources in the foundational plane. It also describes how the Kaspersky Security System can be used for state monitoring by specifying monitoring policies and integrating them with the system modeling framework. The document outlines different sources of monitoring data and policies and how a layered implementation approach separates concerns between the monitoring, operational, and foundational planes.
The Capabilities Integration Environment (CIE):
- Provides a production-compliant environment for development, integration, and testing of information technology solutions and standardized DoD infrastructures.
- Offers an efficient solution for Air Force mission application testing and development needs, providing support from end-to-end through assigned teams.
- Emulates deployment environments like Air Force bases, DISA, and GCSS-AF using standardized desktops, servers, and network configurations to allow testing with production-like conditions and data.
SLTS kernel and base-layer development in the Civil Infrastructure PlatformYoshitake Kobayashi
The Civil Infrastructure Platform (CIP) is creating a super long-term supported (SLTS) open source "base layer" for industrial grade software. We have been working on security fixes and some backported features since the moment we decided that Linux kernel v4.4 would be the first SLTS version. In this talk, we will describe the current development status of the SLTS kernel and testing environment. First, we'll explain our kernel development policy. Then, we'll describe the functionality that has been backported. Second, we'll talk about testing before using our base-layer on real products. We have been developing a test framework to collect and share test results. To build it, we don't want to duplicate existing work such as KernelCI, Fuego and others. For that reason, we are trying to collaborate and contribute to such projects. And finally, we'll discuss the future roadmap.
Update CMDB Using Discovery Topology (BMC ADDM) Vyom Labs
Atrium Discovery and Dependency Mapping automatically discovers physical and virtual IT assets, applications, and the relationship between them. Learn how to keep CMDB updated.
MILS is a component-based approach to secure and dependable systems design and implementation that encourages a marketplace of general-purpose commercial components, leading to lower development cost
MILS is a two phase approach (John Rushby’s “Modern MILS”):
Design a Policy Architecture
Abstract architecture diagram represented by “boxes and arrows”
Operational components and architecture achieve system purpose
Assumes the architecture (components and connectors) will be strictly enforced in the implementation
Implement the policy architecture on a robust resource-sharing platform
MILS foundational components (FCs) enable sharing of physical resources, creating strongly separated “exported resources”
FCs should be individually developed and assured according to standardized specifications
FCs compose “additively” to form a distributed trusted sharing substrate, the MILS Platform
MILS provides a compositional approach to construction, assurance, and system certification
Linux has become one of the most important software to run the civil infrastructure systems such as power plants, water distribution, traffic control and healthcare. From computer system viewpoint, the systems require a very high level of quality on real-time performance, reliability and security to avoid serious failure. To overcome the issues to apply Linux on such systems, as the first step, we need to gather the actual requirements. Past few months, some companies who are interested in this area actually got together and discussed to put those requirements together. In this talk, we would like to share the current status of this requirement discussion and our future collaboration plan. Please join us to improve Linux together and make the world better place!
The document summarizes the evolution of avionics architectures from first to fourth generation designs. First generation architectures were either disjoint, with independent systems, or centralized with a main computer. Second generation introduced federated, distributed, and hierarchical architectures with standardized digital interfaces. Third generation designs included the Pave Pillar architecture used in fighters like the F-22. Fourth generation architectures are more open and modular like the Pave Pace design for the F-35. Integrated modular avionics consolidate functionality across computing modules.
Enhancement of ARINC 653 for Multi-core Hardware.pptxAbrar Hafiz
The document discusses the enhancement of ARINC 653 for multi-core hardware. It provides an overview of industry trends driving more functionality and connectivity in aerospace and defense systems. This is creating challenges around safety, security, and certification. The presentation then describes ARINC 653 and its role in integrated modular avionics, and some of the issues that arise in multi-core systems. It outlines the capabilities of the VxWorks 653 single-core and multi-core editions for addressing these issues and supporting certification. Use cases are presented for migrating existing systems to multi-core and expanding functionality.
The document provides a summary of Michael Joshua S's professional experience and skills. It summarizes over 12 years of experience in embedded systems testing and validation across various industries. Key roles included consulting test engineer, team lead, and project engineer. Technical skills include test automation using National Instruments hardware and software, system engineering, verification and validation, and embedded software development.
The document provides an introduction to CITADEL, which aims to develop an innovative platform for adaptive systems based on the Multiple Independent Levels of Security (MILS) architectural approach. CITADEL builds upon previous research in static and distributed MILS and aims to extend MILS to support dynamic and distributed adaptive systems while maintaining assurability through design-time analysis and runtime assurance. The CITADEL framework adds new planes such as monitoring, adaptation, and certification assurance to the MILS platform to enable closed-loop control of dynamic reconfiguration. The project team for CITADEL includes experts in MILS, separation kernels, and other relevant areas from previous MILS research projects.
The document discusses COTS FACE solutions from RTI and Wind River that can help address challenges in developing airborne systems. It describes how the FACE initiative uses standardized interfaces and layered architectures to enable software reuse and reduce costs. RTI provides a Transport Services Segment that uses DDS for loose coupling between applications. Wind River offers FACE-aligned operating systems like VxWorks 653 that achieve safety certifications. Together these COTS solutions form a partner stack that delivers FACE-compliant capabilities to warfighters faster and at lower cost.
SysML for embedded system engineering - Academy Camp 2015Régis Castéran
Presentation held during the Berner and Mattner Academy Camp 2015 about SysML usage for requirement specification and architecture description applied to embedded system engineering
A Decentralized Reference Architecture for Cloud-native Applications V2.0Asanka Abeysinghe
This document summarizes Asanka Abeysinghe's career and introduces the concept of cell-based architecture. It discusses the motivation for a new decentralized architecture pattern and describes cell-based architecture, where cells are self-contained units of enterprise architecture that contain components and communicate with each other. The key aspects are that it is decentralized, microservices-based, cloud-native, technology neutral, and human-centric.
Whats new in Enterprise 5.0 Product SuiteMicro Focus
This document summarizes new features across Micro Focus's Enterprise Product Suite version 5.0, including .NET Core support, Amazon Web Services Quick Start, COBOL formatting, code analysis views, Enterprise Server scale out architecture, common web administration, Application Workflow Manager improvements, AppMaster Builder data view changes, CICS and IMS support enhancements, COBOL and PL/I language additions, debugging upgrades, and more. Key areas of focus include multi-system administration of Enterprise Server, integration of mainframe workloads on modern platforms, and development productivity aids.
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeRobert van Mölken
As more and more application deployments move to the cloud the scale and complexity becomes harder to manage. Instead of a handful of large instances, you might have many smaller instances, so there are many more things you need to provision. Because of this cloud vendors provide API abstraction of their compute, storage, network and other platform services. In this talk I present a guide to provision these services, such as a Kubernetes cluster, using infrastructure as code and deploy your applications through cloud-native build pipelines. Get to know the concepts behind these DevOps practices and come hear which tools to use like Terraform and Oracle Container Pipelines to automate these laborious tasks on the Oracle Cloud Infrastructure.
Presented by: Mr Keith Smith, UK GVA Office, Defence Equipment and Support, UK MOD
A presentation on the progress, plans and development of the UK Generic Vehicle Architecture Programme, which underpins the integration of future UK military vehicle mission systems. The presentation will address the requirement to use DDS technology and an OMG Model Driven Architecture Approach for the data modeling aspects. It will also cover the creation of NATO GVA STANAG 4754 based on the UK GVA Approach.
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...Eric Sloof
IT is undergoing a transformation. The current ‘accidental architecture’ of IT today increases procurement, management costs, and complexity while making it difficult to meet customer service level agreements. This makes IT less responsive to the business and creates the perception of IT being a cost center. IT is now moving towards a ‘private cloud’ model, which is a new model for delivering IT as a service, whether that service is provided internally (IT today), externally (service provider), or in combination. This new model requires a new way of thinking about both the underlying technology and the way IT is delivered for customer success.
While the need for a new IT model has never been more clear, navigating the path to that model has never been more complicated. The benefits of private clouds are capturing the collective imagination of IT architects and IT consumers in organizations of all sizes around the world. The realities of outdated technologies, rampant incremental approaches, and the absence of a compelling end-state architecture are impeding adoption by customers.
This new ‘private cloud’ model, which is a new model for delivering IT as a service, whether that service is provided internally (IT today), externally (service provider), or in combination. This new model requires a new way of thinking about both the underlying technology and the way IT is delivered for customer success.
By harnessing the power of virtualization, private clouds place considerable business benefits within reach.
Cisco and EMC, together with VMware, are putting you on a new road to greater efficiency, control and choice. A faster road to unprecedented IT agility and unbounded business opportunities. With the Virtual Compute Environment’s Vblock experience.
The document provides an overview of the Department of Defense Architecture Framework (DODAF). DODAF defines a common approach for describing and comparing enterprise architectures across the DoD. It facilitates the use of common principles, assumptions, and terminology. DODAF consists of 26 products organized into four views - All Views, Operational View, Systems View, and Technical Standards View - to comprehensively document architectures. Future evolution areas include defining a DODAF object model and ontology to facilitate tool interoperability and sharing of architecture data.
The document outlines 19 potential project titles for a Cisco summer internship in 2011. The projects cover a wide range of topics including network performance testing, automation, monitoring, management, and security tools.
An assurance case provides an argument to justify certain claims about a system, based on evidence concerning both the system and the environment in which it operates.
The principal advance offered by assurance cases compared to other forms of assurance is provision of an explicit argument connecting evidence to claims.
The idea of structured argument is to facilitate modular comprehension and assessment of the case.
This material provides guidelines in form of a presentation of the Context Awareness - component of the Adaptation Plane.
The Context Awareness is a component which implements a mechanism to identify the current context under which the CITADEL framework as well as an application is used/operated.
To identify the current context, the Context Awareness will use run-time data provided by the Monitoring Plane as input on one hand and a pre-defined context model on the other hand.
This material provides a description of assurance cases, a key element in the
CITADEL System Assurance and Certification. In addition, it also includes a
set of assurance case argument patterns that can be used to develop these
assurance cases. The assurance case patterns are instantiated by using
AM-ETB and the system model in the CITADEL modeling language. As
regards to the evaluation of Adaptive MILS assurance cases. it involves the
analysis of the soundness of the assurance case, the integrity of the evidence
supporting the claims made in the assurance case, and the certification of the
Adaptive MILS system.
CITADEL configuration and reconfiguration synthesisRamnGonzlezRuiz2
This material provides a thorough presentation of the CITADEL Reconfiguration Plane, hereafter denoted XP, from high-level design to low-level implementation and deployment on the CITADEL platform.
The document discusses the Adaptive MILS Evidential Tool Bus (AM-ETB) which is used to create and maintain certification evidence for adaptive MILS systems. The AM-ETB uses assurance case patterns to develop modular assurance cases. It coordinates the execution of verification tools to generate evidence and update assurance cases. The AM-ETB implementation includes a pattern repository, evidence repository, workflow engine, tool agents, and assurance case repository.
This document discusses configuring communications monitoring by implementing features and signatures from network traffic and learning a white-box model. It describes extracting feature values from packet fields using Python expressions and gathering them in a feature file. Signatures are defined as Python boolean expressions mapped to alert IDs. A white-box model is learned from a training set and stored in a histograms file, which can be tuned by adjusting likelihood values and bins. The steps are demonstrated on a bottle filling plant use case monitoring Modbus traffic.
This document provides an overview of communications monitoring within the CITADEL framework. It discusses various monitoring methods including signature-based monitoring, white-box anomaly detection, and association rules. Signature-based monitoring specifies known malicious situations as signatures to detect. White-box anomaly detection learns a model of normal communications and flags deviations as anomalous. The document also describes how monitoring interacts with the specification and other CITADEL planes.
This document discusses the configuration of a state monitoring module. It describes generating monitors for components, sensors for input ports, and converting monitoring properties into policies. The document also outlines the monitoring library generator, generic and CITADEL APIs, supported SLIM types and operators, and examples of initialization and monitoring loops.
This document discusses software modeling and verification using formal methods. It provides an introduction to formal methods, their motivation and applications. It then discusses the role of formal methods in the CITADEL project, including modeling dynamic architectures, specification of monitors and properties, verification, monitor synthesis, adaptation and assurance case generation. Key aspects of modeling dynamic architectures in CITADEL are parametrized architecture modeling, dynamic architecture modeling, specification of monitors and properties.
This document describes the modeling, testing, and verification of system models which are used by
the MILS Adaptation System. Several example models are provided in this document, with one of
them developed in a step-by-step manner. Video demonstrations which accompany this document
demonstrate the use of supporting tools.
This training module overviews the role, interfaces, structure and functionality of the Adaptation Plane, and explains how to start the components which comprise the Adaptation Plane. The module focuses on the information necessary to understand the start-up and operation of the Adaptation
Plane, which is needed in order to deploy the Adaptation Plane as part of the CITADEL Platform.
In this training submodule we outline the core workings of the MILS Adaptation System (for details please refer to the project deliverable D4.3 [1]) and we describe how to create the artifacts which are taken as input by the MILS Adaptation System. Specifically, we focus on the Adaptation Engine, the core component of the MILS Adaptation System.
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...University of Maribor
Slides from talk presenting:
Aleš Zamuda: Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapter and Networking.
Presentation at IcETRAN 2024 session:
"Inter-Society Networking Panel GRSS/MTT-S/CIS
Panel Session: Promoting Connection and Cooperation"
IEEE Slovenia GRSS
IEEE Serbia and Montenegro MTT-S
IEEE Slovenia CIS
11TH INTERNATIONAL CONFERENCE ON ELECTRICAL, ELECTRONIC AND COMPUTING ENGINEERING
3-6 June 2024, Niš, Serbia
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSIJNSA Journal
The smart irrigation system represents an innovative approach to optimize water usage in agricultural and landscaping practices. The integration of cutting-edge technologies, including sensors, actuators, and data analysis, empowers this system to provide accurate monitoring and control of irrigation processes by leveraging real-time environmental conditions. The main objective of a smart irrigation system is to optimize water efficiency, minimize expenses, and foster the adoption of sustainable water management methods. This paper conducts a systematic risk assessment by exploring the key components/assets and their functionalities in the smart irrigation system. The crucial role of sensors in gathering data on soil moisture, weather patterns, and plant well-being is emphasized in this system. These sensors enable intelligent decision-making in irrigation scheduling and water distribution, leading to enhanced water efficiency and sustainable water management practices. Actuators enable automated control of irrigation devices, ensuring precise and targeted water delivery to plants. Additionally, the paper addresses the potential threat and vulnerabilities associated with smart irrigation systems. It discusses limitations of the system, such as power constraints and computational capabilities, and calculates the potential security risks. The paper suggests possible risk treatment methods for effective secure system operation. In conclusion, the paper emphasizes the significant benefits of implementing smart irrigation systems, including improved water conservation, increased crop yield, and reduced environmental impact. Additionally, based on the security analysis conducted, the paper recommends the implementation of countermeasures and security approaches to address vulnerabilities and ensure the integrity and reliability of the system. By incorporating these measures, smart irrigation technology can revolutionize water management practices in agriculture, promoting sustainability, resource efficiency, and safeguarding against potential security threats.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
2. Top-level architecture of an
adaptive CITADEL system
The Open Group Training - Context - CITADEL platform architecture 2
Concept of operation
of the CITADEL platform
3. CITADEL Adaptive MILS Framework
Key elements
Dynamic Distributed MILS platform
● Dynamic MILS platform with deterministic networking
● Mechanisms for dynamic reconfiguration and configuration introspection
Declarative dynamic architecture modeling and verification
● Language to describe reconfigurable systems architecture, component
models, failure models and fault propagation
● Theory and framework for dynamic reconfiguration
● Theory and framework for adaptation
● Language to express critical properties to be verified
● Compositional verification framework
Monitoring, Adaptation, Configuration, & Certification Assurance Planes
Assurance-based security evaluation methodology and runtime
mechanisms for just-in-time certification of adaptive systems
The Open Group Training - Context - CITADEL platform architecture 3
4. CITADEL
property spec
language
Language
translation
Dynamic
Separation
kernel
Dynamic
TTEthernet
Configuration
Change
Monitor Adaptive MILS
Evidential Tool
Bus
Static
Config
Tools
Configuration
Change Agent
Dynamic MILS
Platform
CITADEL
modeling
language Offline
Verification
Framework
Runtime
Monitoring
plug-in
framework
Offline
Configuration
Synthesis
Online
config’n
synth
Adaptive MILS
Runtime
Adaptation
System
Monitoring
System
Online
Verification
Framework
Dynamic
MNS
Certification
Assurance
Artefact
Repository
Config
Dynamic Config’n Primitives
Config
Chg
Policy
Adaptive MILS
Evidential Tool
Bus
CITADEL MILS Platform with Adaptation
The Open Group Training - Context - CITADEL platform architecture 4
5. Top-level architecture of an
adaptive CITADEL system
The Open Group Training - Context - CITADEL platform architecture 5
The Planes of the CITADEL Framework
6. The Open Group Training - Context - CITADEL platform architecture 6
Planes of the CITADEL Framework
Separation Kernel FOUNDATIONAL PLANE
OPERATIONAL PLANE(S)
MONITORING PLANE / FW
MFS
MNS
MEA MCS
Fault Diagnoser
COMMSTATE
RESOURCE
P 1
P 2
P 3
P 5
P 4
MILS Platform
MILS Platform
CONFIGURATION
ADAPTATIONPLANE(S)
Target
Config
(RE-)CONFIGURATIONPLANE
Config
Cmds
Config
Cmds
Config
Cmds
FDI
Exceptions
Exceptions
Exceptions
Exceptions
Introspection
Observations & Events
Certification
Assurance
Artifact
7. Schematic of CITADEL Framework
Plane interactions and system Model
The Open Group Training - Context - CITADEL platform architecture 7
The central formal artifact is the system model
The CITADEL Framework uses the system model for
various purposes
Parametrized
architecture
Properties
Reconfiguration
transitions
Certification
Assurance Plane
Model
Operational Plane
(dynamic application)
Foundational Plane
(dynamic platform)
Analysis
tools
Engineer
represents
specifies
is used by
Monitoring Plane
Configuration Plane
Adaptation Plane
FBK Software Modeling and Verification 13
Detailed training on each of the CITADEL Framework planes
are provided in the respective CITADEL training modules.
8. Introduction to the
CITADEL components
The Open Group Training - Context - CITADEL platform architecture 8
The Operational Plane(s)
9. MILS Policy Architecture:
“Boxes and Arrows Diagram”
Showing System Decomposition
C2
C4C1
C3
C5
Circles represent
subjects or objects
Arrows represent
information flow
Trusted
Subject
Represents logical structure
abstracted from physical resources
“Boxes” represent logical
or physical resources
Untrusted
Subjects
The Open Group Training - Context - CITADEL platform architecture 9
10. MILS Platform – Provides Straightforward
Realisation of Policy Architecture
Architecture
Realisation
SK, with other MILS
foundational components,
form the MILS Platform
allowing operational
components to share
physical resources while
enforcing Isolation and
Information Flow Control
Validity of the architecture
assumes that the only
interactions of the circles
(operational components)
is through the arrows
depicted in the diagram
R 1
R 2
R 3
R 5
R 4
MILS Platform
The Open Group Training - Context - CITADEL platform architecture 10
11. Policy Architecture with Isolated Subsystems
R 1
R 2
MILS Platform
R 3
R 5
R 4
Q 2
Q 5 R 3Q1
R 4
The Open Group Training - Context - CITADEL platform architecture 11
12. MILS Platform
Q 2
Q 5
R 4
The Open Group Training - Context - CITADEL platform architecture 12
Isolated Subsystems as Distinct “Operational” Planes
R 1
R 2
R 3
R 5
R 4
Q 2
Q 5 R 3Q1
R 4
MILS PlatformOPERATIONAL PLANE
R 1
R 2
R 3
R 4
R 5
MILS PlatformOPERATIONAL PLANE Q1 R 3
The two disconnected
components of this policy
architecture represent
distinct subsystems or
applications …
… and may be
thought of as distinct
operational planes.
… and may be
considered as distinct
operational planes.
Planes can be used as a convenient
organisational principle to facilitate
conceptual understanding or graphical
representation of complex systems
13. Introduction to the
CITADEL components
The Open Group Training - Context - CITADEL platform architecture 13
The Foundational Plane
14. Foundational Plane:
the MILS Platform definition
The minimal MILS platform is a separation kernel
The separation kernel idea was introduced by Rushby in
1981, and subsequently elaborated in the Separation Kernel
Protection Profile (SKPP)
A separation kernel includes all of the hardware, firmware
and software that are required to satisfy the SKPP
A MILS platform consists of a separation kernel plus zero
or more of the other MILS foundational components
The MILS platform is defined by the MILS Platform Protection
Profile (MPPP)
Each MILS foundational component includes all of the
hardware, firmware and software required to satisfy its PP
14The Open Group Training - Context - CITADEL platform architecture 14
15. The MILS Platform: Components
A MILS separation kernel (SK) is the base component of the MILS platform
Provides shared use of processor resources, memory, and device I/O spaces
Making these available in the form of “exported resources”
While permitting only explicitly permitted information flow among exported resources
The SK is the combination of the physical resources represented by the hardware,
and the firmware and software that is used to manage it securely
Additional MILS foundational components compose with the SK and each other
Each providing shared use of another kind of physical resource
Making these available as additional types of exported resources
Also managing information flow among the created resource abstractions
Each foundational component is the combination of physical resources represented
by hardware, firmware, and software.
MILS Network System (MNS), MILS Console System (MCS), MILS File System
(MFS), MILS Extended Attributes (MEA), MILS Audit System (MAS)
These foundational components combine to seamlessly provide a diverse
collection of exported resources from which systems may be constructed.
The Open Group Training - Context - CITADEL platform architecture 15
16. The MILS Platform: a Composition of
Foundational (resource-sharing) Components
SW
HW
SW
MP
SW
HW
SW
HW
SK
(MSK)
Network
(MNS)
Console
(MCS)
File
(MFS)
Exported
Resources
Additive
Composition
Extended
Attributes
(MEA)
Audit
(MAS)
SW
HW
SW
MP
additive compositionality – e.g., a
Partitioning Kernel Partitioning Net
= Partitioning (Kernel + Net)
MP = MILS Platform
The Open Group Training - Context - CITADEL platform architecture 16
17. The Distributed MILS Platform
SW
HW
SW
HW
SK MNS MCS
Exported
Resources
Additive
Composition
SW
HW
additive compositionality property – e.g., a
Partitioning kernel Partitioning network system
= Partitioning (kernel + network system)
MNS = MILS Network System
MCS = MILS Console System
Console for
some AppsDistributed MILS nodes
The minimal MILS platform is SK alone.
The Distributed MILS Project (EC FP7)
implemented Distributed MILS nodes
with SK and MILS Network System (MNS)
(MNS) using Time-Triggered Ethernet,
and one of the D-MILS demonstrators
implemented a special-purpose
MILS Console System (MCS).
CITADEL implements a new MNS
using Time-Sensitive Networking (TSN)
with a new SK.
An updated version of the D-MILS
MCS was developed for CITADEL.
The Open Group Training - Context - CITADEL platform architecture 17
Min
18. The MILS Platform: Assurance Ambitions
Security assurance requirements as found in MPPP, SKPP, MNSPP, and MCSPP
Formal specification and verification required to achieve a high Evaluation Assurance Level
(EAL) according to the International Common Criteria
Additional MILS-specific assurance requirements
Explicit assurance case, formal specification encouraged in PP/ST (Security Target)
Compositional assurance
Composability of components assured by separation kernel functions/properties
Additive compositionality of components implies
● MSK + foundational component acts as a separation kernel with added resource type
● Configuration-time cross-component configuration data coordination
● Initialization-time sequencing of component initialization
● Runtime independence of physical resource managing components
● MSK provides global resource identifiers for all exported resources
● Simple dependence by MILS Extended Attributes on memory and file storage to provide
a binding of extended attributes to exported resources of other foundational components
Abstract specification of platform components must be satisfied by refined component
specifications in component PPs and STs
Consistency and proper refinement demonstrated when PPs and STs are evaluated
Internal consistency and well-formedness of specs checked in each document
The Open Group Training - Context - CITADEL platform architecture 18
19. The MILS Platform (MP) Assurance Case
Compose assurance cases using Assume-Guarantee Reasoning
Assumptions of the MP assurance case are obligations on the MSK, MNS and MCS
components’ assurance cases
Assured Claims from component assurance cases become evidence for MP assurance case
MP
Claims
Sub-case
Sub-case
Sub-case
Inference rule
Inference rule
MILS Platform
Assurance Argument
MSK
Claims
MNS
Claims
MCS
Claims
Inference rule
Inference rule
Inference rule
Inference rule
Inference rule
Inference rule
MSK Assurance
Argument
MNS Assurance
Argument
MCS Assurance
Argument
Assume GuaranteeGuarantee
The Open Group Training - Context - CITADEL platform architecture 19
Evidence
Evidence
Evidence
20. Introduction to the
CITADEL components
The Open Group Training - Context - CITADEL platform architecture 20
The Configuration Plane
21. In the CITADEL framework, the configuration plane (XP),
plays an executive role which is to reconfigure the
Adaptive MILS system.
Reconfiguration performed by XP covers mainly:
The MILS policy architecture:
● subjects,
● communication between subjects, and
● the deployment of subjects.
The MILS monitoring system:
● monitor applications, and
● monitoring virtual sensors.
To achieve reconfiguration, XP interacts with other
planes of the CITADEL framework, namely the
Adaptation Plane (AP), the Monitoring Plane (MP), the
Operational Plane (OP) and the Foundational Plane (FP)
as shown in the next slide.
(Re-)Configuration Plane (XP)
The Open Group Training - Context - CITADEL platform architecture 21
22. XP Interactions with other planes
22
Adaptation Plane
(AP)
1- target
configurationnotification
2- reconfiguration
step
notification
2- reconfiguration
step
notification
Foundational (FP)/Operational Planes (OP)
…
Reconfiguration Plane
(XP)
Monitoring Plane (MP)
Node 1
S1 Si
…
TSN
Net.
PikeOS
Node M
Si+1 SN
…
PikeOS
1. XP receives a target configuration
from AP, i.e. the new system
configuration to reach.
2. Based on that, XP issues
reconfiguration commands to
reconfigure MP and OP.
3. XP always expects a
notification back from
the reconfigured
planes.
Training - Context - CITADEL platform architecture
4. Notification back to AP.
The Open Group 22
23. Reconfiguration operation: overview
23
Configuration
Plane
Operational/Foundational Planes
Curent intermediate
Configuration
Target intermediate
Configuration
…
Intermediate Abstract Configurations
Current Concrete
Configuration
…
Small Step
Small Steps
Primitive Primitives
Target Concrete
Configuration
…Primitives
Current Architecture
(SLIM Model + Parameter Vector1)
Adaptation
Plane
Target Architecture
(SLIM Model + Parameter Vector2)
Big Step
XP proceeds by refining a high-level reconfiguration objective (big step) into
an intermediate plan (small steps) then into low-level primitives.
Training - Context - CITADEL platform architectureThe Open Group 23
24. The Configuration plane is designed as
a back-end and a front-end
The back-end
● encompasses the Reconfiguration
Planner and the Reconfiguration State
Controller
The front-end
● consists of multiple instances of
Configuration Change Agents
XP Overall design
The Open Group Training - Context - CITADEL platform architecture 24
25. Deployment of new configuration by the XP
The Open Group Training - Context - CITADEL platform architecture 25
reconfiguration
commands
Foundational (FP)/Operational Planes (OP)
…
XP back-end
Node 1
S1 Si
…
TSN
Net.
PikeOS
Node M
Si+1 SN
…
PikeOS
Planner
Controller
Reconfig.
planNotification
XP
front
-end
XP
front
-end
Notification
Notification
The XP back-end is to be deployed on the same node as
the other CITADEL framework components. It is
deployed as a partition on PikeOS.
The front-end is deployed on the different nodes of the
distributed MILS Platform. Each node of the system
hosts an XP front-end Configuration Change Agent
(CCA).
26. Introduction to the
CITADEL components
The Open Group Training - Context - CITADEL platform architecture 26
The Monitoring Plane
27. Monitors components in the Operational Plane and
resources in the Foundational Plane, and generates alarms
when it detects specified patterns, and reports to the
Adaptation Plane
Monitors may be derived form the architectural model
properties and other security policy specifications
CITADEL MP performs both Network and State monitoring
Network monitoring extracts and analyses message
features
Strategies: signatures, white-box, learning, feature-binning
State monitoring is based on the flexible and extensible
Kaspersky Security System (KSS), which provides a
framework for the construction of monitoring applications
and the virtual sensors they need to detect network and
state events and changes
Allows specification of security and monitoring policies
distinct from the monitoring implementation and
applications
Monitoring Plane (MP)
The Open Group Training - Context - CITADEL platform architecture 27
28. Architectural Design Pattern
of the Kaspersky Security System
The Open Group Training - Context - CITADEL platform architecture 28
Detached Security System
Architectural Design
Kaspersky Lab UK Training – Advanced Technical Module – State Monitoring
29. The KSS architecture and its framework
are designed to provide support for
diverse security policies, including
monitoring policies
The specification framework consists of
● a set of policy templates for the security
server
● interface definition language (IDL)
● component definition language (CDL)
● entity definition language (EDL)
● security specification language (CFG)
● toolchain to translate CFG specification into
executable code
Monitoring Specification
The Open Group Training - Context - CITADEL platform architecture 29
30. KSS: Policy Definition Framework
The Open Group Training - Context - CITADEL platform architecture 30
KSS: Policy Definition Framework
33. Implementation scheme for
CITADEL state monitoring
The Open Group Training - Context - CITADEL platform architecture 33Kaspersky Lab UK Training – Advanced Technical Module – State Monitoring 37
Implementation Scheme
34. Introduction to the
CITADEL components
The Open Group Training - Context - CITADEL platform architecture 34
The Adaptation Plane
35. Adaptation Engine is the core component
of the AP
Evaluator is a helper component that
performs model-based reasoning to find
the next architectural configuration
Context Awareness provides a display of
current context on the MILS Console
System
The Adaptation Plane (AP)
The Open Group Training - Context - CITADEL platform architecture 35
38. Handling of alarms/commands by the
Adaptation Engine
The Open Group Training - Context - CITADEL platform architecture 38
39. Introduction to the
CITADEL components
The Open Group Training - Context - CITADEL platform architecture 39
The Certification Assurance Plane
40. Certification is a judgment that a system is
adequately safe/secure/whatever for a given
application in a given environment
Should be based on explicit credible evidence
Should be systematic and repeatable
CP builds a “Certification Assurance Artifact”
that can be presented on demand to a
certification authority
Adaptive MILS Evidential Tool Bus (AM-ETB)
is a subsystem that automates the building
and maintenance of an assurance case for
the current configuration of the system
The Certification Assurance Plane (CP)
The Open Group Training - Context - CITADEL platform architecture 40
41. Assurance case patterns are instantiated
to create a concrete assurance case
Patterns may be added to the library
Components in patterns may be
modified, added or deleted
Patterns developed for CITADEL
represent the top-level claims of the
system, the Adaptive MILS planes, and
the operational plane
Modular Assurance Cases
The Open Group Training - Context - CITADEL platform architecture 41
42. Top-level Adaptive MILS argument
The Open Group Training - Context - CITADEL platform architecture 42
43. Assurance case argument pattern
structure
The Open Group Training - Context - CITADEL platform architecture 43
44. instantiation of AC patterns
develop/instantiate recursively the pattern
goals for given parameters (system model
and properties, tools)
produce a flat assurance case
track errors
when evidence nodes are encountered
trigger evidence (re-)construction and (re-
)validation
AM-ETB Core Workflow
The Open Group
Training -
Context -
CITADEL44
45. AC Pattern Instantiation: Example
{P} is safe
{P} is deadlock-free
foreach standard {X} in iso-
xxx, iso-yyy
{P} conforms to {X}
{X} certificate for
{P}
S2S1
Policy architecture « A »
{P} is deadlock-free
foreach subject {S}
of {P}
{P} composition is
deadlock-free
{S} is deadlock-free
Proof-of-
deadlock-
freedom {S}
Deadlock-free
composition {P}
Top (main) AC pattern
The Open Group
Training -
Context -
CITADEL45
46. AC Pattern Instantiation: Example
{P} is safe
{P} is deadlock-free
foreach standard {X} in iso-
xxx, iso-yyy
{P} conforms to {X}
{X} certificate for
{P}
S2S1
Policy architecture « A »
A is safe
A is deadlock-free foreach standard
A conforms to iso-
xxx
A certificate for
iso-xxx
A conforms to iso-
yyy
A certificate for
iso-yyy
Pattern « call » needing to be
further instantiated…
The Open Group
Training -
Context -
CITADEL46
47. The Open Group Training -
Context -
CITADEL
47
AC Pattern Instantiation: Example
{P} is deadlock-free
foreach subject {S}
of {P}
{P} composition is
deadlock-free
{S} is deadlock-free
Proof-of-
deadlock-
freedom {S}
Deadlock-free
composition {P}
S2S1
Policy architecture « A »
A is deadlock-free
foreach subject S of
A
A composition is
deadlock-free
S1 is deadlock-free
Proof-of-
deadlock-
freedom S1
Deadlock-free
composition of A
S2 is deadlock-free
Proof-of-
deadlock-
freedom S2
48. The Open Group Training -
Context -
CITADEL
48
AC Pattern Instantiation: Example
A is deadlock-free
foreach subject S of
A
A composition is
deadlock-free
S1 is deadlock-free
Proof-of-
deadlock-
freedom S1
Deadlock-free
composition of A
S2 is deadlock-free
Proof-of-
deadlock-
freedom S2
S2S1
Policy architecture « A »
A is safe
A is deadlock-free foreach standard
A conforms to iso-
xxx
A certificate for
iso-xxx
A conforms to iso-
yyy
A certificate for
iso-yyy
Assurance Case for « A »
Current implementation available at svn/Tech-Notes/ETB1/code/v1/
49. Assurance cases for static MILS
Modular presentation of argumentation and
evidence for system properties
Structured according to system model
Dynamic assurance cases for the Adaptive
MILS Framework
Patterns to cover dynamic architectures
Just-in-time assurance case update for new
configuration
“Certifier-in-the-Box” – must successfully
create an assurance case for the next
configuration
The Open Group Training - Context - CITADEL platform architecture 49
MILS Assurance Cases