1 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Aspect-Oriented Interceptors PatternDynamic Cross-Cutting

Using Conventional Languages

ACP4IS 2003

March 17, 2003

John Zinky

Richard Shapiro(jzinky,rshapiro@bbn.com)

BBN Technologies DARPAQuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.

This work was sponsored by the DARPA Ultralog Program under Contract MDA972-01-C-0025http://ultralog.net http://cougaar.org

2 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Problem: Add Denial of Service (DOS) Protection to the Cougaar Distributed Agent Middleware

• DOS Sub-system is developed and modified by multiple groups

• DOS Sub-systems must be removable at config-time

• DOS Sub-systems dynamically changes defenses at run-time

SensorsSocket FuseCPU Capacity DetectionBandwidth Detection

Defenses CompressionBandwidth ReservationEncryptionTraffic Masking

PolicyExternal Threat LevelNetwork Properties

Host

NodeNode

AgentAgent

AgentAgent

AgentAgentMessageTransport

ThreadService

Links

IntrusionDetection

Links

DOSPolicy

Firewall

SecurityPolicy

3 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

DOS Protection Must be Inserted in Multiple Places in the Message Processing Flow

• DOS functionality cross-cuts the decomposition based on processing messages

Node Message Transport Service (Send-side)

Agent

BB LogicProvider

MessageManager

Agent

BB LogicProvider

MessageManager

SendQueue Router

Destination Queue

Email Link ProtocolDestinationTransportDestination

Transport

RMI Link Protocol

DestinationLink

DestinationTransportDestination

TransportDestinationLink

NodeMessage Transport Service (Receive-side)Agent

BB LogicProvider

MessageManager

Agent

BB LogicProvider

MessageManager

Deliverer

RMI Link Protocol

Email Link Protocol

MTImpl

ReceivePort

RMI

RegistryName

Support Loop Back LP

Generic Link

AspectSupport

ReceiveLink

ReceiveLink

SendLink

SendLinkMT

RMI

Destination Queue

Destination Queue

LinkProtocolFactory

4 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Aspect Component Inserts Itself into the Data Flow and Maintains its Own State and Services

Node

Agent

BB

Message Transport Service Provider

Link Protocol (e.g RMI)

ServiceBroker

RouteSend

Transport

Message Transport Receiver

Node

Agent

Receive

Deliver

Message Transport Sender

Agent Binder

Message Transport Service Provider

Service Broker

Agent Binder

LP

MM

SendQ

Route

DestQ

DestLink

BB

LP

MM

RecvL

Delivr

MTImpl

Hold

Forward RMIOutputStream

Deliver

Link Protocol

MTSPrx

Service Broker

Service Broker

Aspect

Aspect

Services

Services

MT

RM InputStream

5 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

When A Station is Created, Aspects Are Allowedto Insert a Delegate into the Call Tree

• The Client is given a pointer to the Delegate,

not original Station

• The Delegate is usually an inner class of the Aspect

Client Station

SubstrateStation Factory

Create Station()

Service

Station

Initialize Station()

Enhanced Service Service

Delegate

Add Delegate()

Aspect

Initialize Delegate()

6 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Multiple Aspects can be Inserted Each Handling Some Facet QoS Adaptation

• Interactions between Aspects is – Direct via services

– Indirect via delegate behavior

• Order may be important

Station

Aspect Object

QoS State

QoS Services

Work-flow between stations

Station Station Station

Aspect Object

QoS State

QoS Services

Aspect Delegates

7 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Quality Objects (QuO) Can Be Used to Structure the Implementation of Aspects

• Delegates can be used to or observe or add behavior

• QuO uses Quality Description Languages to code generate Delegates and Contracts

QuO Delegate

QuO Delegate

Station

Sys Cond

QuOContract

QuOContract

external

Sys Cond

Sys Cond

external

StationStation

See Http://quo.bbn.com

Aspect

8 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Example 1: Statistics can easily be collected between any of the Stations

• The Aspect Contains all statistics Processing and storage

• Statistics can be Correlated from multiple Stations– Delay measurements, Outstanding Messages, HeardFrom

Client Station

Aspect

Service

Station

Observed Service Statistics

Collection

StatisticStorage

StatisticProcessing

StatisticExport

External Service

9 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Example 2: Multicast Aspect Implements Both the Sender and Receiver Sides of the Protocol

• The sender side transforms the clients multicast request into many copies addressed to all the nodes (in the group).

• The receiver side copy the message again and delivers it to all the local clients (in the group)

• While the code is in one place, the instances are distributed

Router DelivererSendLink

MessageCopy

MessageCopy

ReceiveLinkReceive

LinkReceive

Link

Remote NodeLookup

Local AgentLookup

Sender Receiver

10 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Example 3: Message Compression Must Coordinate Processing on Both sides

• Compression is enable by considering the network bandwidth and CPU capacity.

• Attributes are added to the message, so the remote compression aspect can dynamically add a Delegate to decompress.

SerializeDe

Serialize

DestLink Compress

DeCompress

Deliverer

CompressPolicy

SenderReceiver

TagMessage

Metrics Service

In-band Meta Data added by Aspect

11 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

At Config Time, Aspects are Mixed and Matched to Get the Desired Adaptive Behavior

Agent

BB

Message Transport Server Impl

Link Protocol Impl

RouteSend

Receive

Deliver

LP

MM

SendQ

Route

DestQ

DestLink

BB

LP

MM

RecvL

RecvQ

MTImpl

Hold

Forward

Deliver

MTSPrx

Statistic Signature TopologyOrder

NameSupport

Compress

12 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Agent Technology is used to Distribute the Management of DOS Protection

13 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies

Conclusions

1. The Aspect-oriented Interceptors Pattern allows the dynamic insertion of behavior using conventional programming language

2. 28 Aspects were use in the 2002 Ultralog assessment1. 100s Agent, 50 hosts and nodes =

2. Security, mobility, robustness, load balancing

3. The Aspects were developed by different groups

4. The Aspects can be mixed and matched to configure the desired behavior

1. Embedded Cougaar can remove 90% of code, run on iPAQ class processor

5. The DOS protection system changes its defenses based on the current running environment of the system

6. DOS Adaptive Behavior Injected at three Level1. Language Level -> Generation of QuO Delegates and Contracts

2. Component Level -> Aspect Interceptors Pattern

3. Agent Level -> Distributed DOS policy management