1 010/02 aspect-oriented interceptors pattern 1/4/2016 acp4is 2003john zinky bbn technologies...
TRANSCRIPT
![Page 1: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/1.jpg)
1 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Aspect-Oriented Interceptors PatternDynamic Cross-Cutting
Using Conventional Languages
ACP4IS 2003
March 17, 2003
John Zinky
Richard Shapiro(jzinky,[email protected])
BBN Technologies DARPAQuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.
This work was sponsored by the DARPA Ultralog Program under Contract MDA972-01-C-0025http://ultralog.net http://cougaar.org
![Page 2: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/2.jpg)
2 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Problem: Add Denial of Service (DOS) Protection to the Cougaar Distributed Agent Middleware
• DOS Sub-system is developed and modified by multiple groups
• DOS Sub-systems must be removable at config-time
• DOS Sub-systems dynamically changes defenses at run-time
SensorsSocket FuseCPU Capacity DetectionBandwidth Detection
Defenses CompressionBandwidth ReservationEncryptionTraffic Masking
PolicyExternal Threat LevelNetwork Properties
Host
NodeNode
AgentAgent
AgentAgent
AgentAgentMessageTransport
ThreadService
Links
IntrusionDetection
Links
DOSPolicy
Firewall
SecurityPolicy
![Page 3: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/3.jpg)
3 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
DOS Protection Must be Inserted in Multiple Places in the Message Processing Flow
• DOS functionality cross-cuts the decomposition based on processing messages
Node Message Transport Service (Send-side)
Agent
BB LogicProvider
MessageManager
Agent
BB LogicProvider
MessageManager
SendQueue Router
Destination Queue
Email Link ProtocolDestinationTransportDestination
Transport
RMI Link Protocol
DestinationLink
DestinationTransportDestination
TransportDestinationLink
NodeMessage Transport Service (Receive-side)Agent
BB LogicProvider
MessageManager
Agent
BB LogicProvider
MessageManager
Deliverer
RMI Link Protocol
Email Link Protocol
MTImpl
ReceivePort
RMI
RegistryName
Support Loop Back LP
Generic Link
AspectSupport
ReceiveLink
ReceiveLink
SendLink
SendLinkMT
RMI
Destination Queue
Destination Queue
LinkProtocolFactory
![Page 4: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/4.jpg)
4 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Aspect Component Inserts Itself into the Data Flow and Maintains its Own State and Services
Node
Agent
BB
Message Transport Service Provider
Link Protocol (e.g RMI)
ServiceBroker
RouteSend
Transport
Message Transport Receiver
Node
Agent
Receive
Deliver
Message Transport Sender
Agent Binder
Message Transport Service Provider
Service Broker
Agent Binder
LP
MM
SendQ
Route
DestQ
DestLink
BB
LP
MM
RecvL
Delivr
MTImpl
Hold
Forward RMIOutputStream
Deliver
Link Protocol
MTSPrx
Service Broker
Service Broker
Aspect
Aspect
Services
Services
MT
RM InputStream
![Page 5: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/5.jpg)
5 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
When A Station is Created, Aspects Are Allowedto Insert a Delegate into the Call Tree
• The Client is given a pointer to the Delegate,
not original Station
• The Delegate is usually an inner class of the Aspect
Client Station
SubstrateStation Factory
Create Station()
Service
Station
Initialize Station()
Enhanced Service Service
Delegate
Add Delegate()
Aspect
Initialize Delegate()
![Page 6: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/6.jpg)
6 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Multiple Aspects can be Inserted Each Handling Some Facet QoS Adaptation
• Interactions between Aspects is – Direct via services
– Indirect via delegate behavior
• Order may be important
Station
Aspect Object
QoS State
QoS Services
Work-flow between stations
Station Station Station
Aspect Object
QoS State
QoS Services
Aspect Delegates
![Page 7: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/7.jpg)
7 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Quality Objects (QuO) Can Be Used to Structure the Implementation of Aspects
• Delegates can be used to or observe or add behavior
• QuO uses Quality Description Languages to code generate Delegates and Contracts
QuO Delegate
QuO Delegate
Station
Sys Cond
QuOContract
QuOContract
external
Sys Cond
Sys Cond
external
StationStation
See Http://quo.bbn.com
Aspect
![Page 8: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/8.jpg)
8 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Example 1: Statistics can easily be collected between any of the Stations
• The Aspect Contains all statistics Processing and storage
• Statistics can be Correlated from multiple Stations– Delay measurements, Outstanding Messages, HeardFrom
Client Station
Aspect
Service
Station
Observed Service Statistics
Collection
StatisticStorage
StatisticProcessing
StatisticExport
External Service
![Page 9: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/9.jpg)
9 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Example 2: Multicast Aspect Implements Both the Sender and Receiver Sides of the Protocol
• The sender side transforms the clients multicast request into many copies addressed to all the nodes (in the group).
• The receiver side copy the message again and delivers it to all the local clients (in the group)
• While the code is in one place, the instances are distributed
Router DelivererSendLink
MessageCopy
MessageCopy
ReceiveLinkReceive
LinkReceive
Link
Remote NodeLookup
Local AgentLookup
Sender Receiver
![Page 10: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/10.jpg)
10 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Example 3: Message Compression Must Coordinate Processing on Both sides
• Compression is enable by considering the network bandwidth and CPU capacity.
• Attributes are added to the message, so the remote compression aspect can dynamically add a Delegate to decompress.
SerializeDe
Serialize
DestLink Compress
DeCompress
Deliverer
CompressPolicy
SenderReceiver
TagMessage
Metrics Service
In-band Meta Data added by Aspect
![Page 11: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/11.jpg)
11 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
At Config Time, Aspects are Mixed and Matched to Get the Desired Adaptive Behavior
Agent
BB
Message Transport Server Impl
Link Protocol Impl
RouteSend
Receive
Deliver
LP
MM
SendQ
Route
DestQ
DestLink
BB
LP
MM
RecvL
RecvQ
MTImpl
Hold
Forward
Deliver
MTSPrx
Statistic Signature TopologyOrder
NameSupport
Compress
![Page 12: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/12.jpg)
12 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Agent Technology is used to Distribute the Management of DOS Protection
![Page 13: 1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting](https://reader036.vdocuments.us/reader036/viewer/2022083009/5697c0071a28abf838cc60ca/html5/thumbnails/13.jpg)
13 010/02 Aspect-Oriented Interceptors Pattern 04/21/23 ACP4IS 2003 John Zinky BBN Technologies
Conclusions
1. The Aspect-oriented Interceptors Pattern allows the dynamic insertion of behavior using conventional programming language
2. 28 Aspects were use in the 2002 Ultralog assessment1. 100s Agent, 50 hosts and nodes =
2. Security, mobility, robustness, load balancing
3. The Aspects were developed by different groups
4. The Aspects can be mixed and matched to configure the desired behavior
1. Embedded Cougaar can remove 90% of code, run on iPAQ class processor
5. The DOS protection system changes its defenses based on the current running environment of the system
6. DOS Adaptive Behavior Injected at three Level1. Language Level -> Generation of QuO Delegates and Contracts
2. Component Level -> Aspect Interceptors Pattern
3. Agent Level -> Distributed DOS policy management