You are now leaving the DARPA.mil website that is under the control and management of DARPA. The appearance of hyperlinks does not constitute endorsement by DARPA of non-U.S. Government sites or the information, products, or services contained therein. Although DARPA may or may not use these sites as additional distribution channels for Department of Defense information, it does not exercise editorial control over all of the information that you may find at these locations. Such links are provided consistent with the stated purpose of this website.

After reading this message, click to continue immediately.

Go Back

/ Information Innovation Office (I2O)

Mission-oriented Resilient Clouds (MRC)

The Mission-oriented Resilient Clouds (MRC) program is addressing some of the security challenges facing cloud computing by developing technologies to detect, diagnose and respond to attacks in the cloud, with the goal of effectively building a 'community health system' for the cloud. MRC is also developing technologies intended to enable missions that are supported by cloud computing and other networked systems to continue functioning while under cyberattack.

Program Manager: Dr. Stuart Wagner

Contact: Stuart.Wagner@darpa.mil

The content below has been generated by organizations that are partially funded by DARPA; the views and conclusions contained therein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government.

Report a problem: opencatalog@darpa.mil

Last updated: November 13, 2015

TeamProjectCategoryCodeDescriptionLicense
Johns Hopkins University (publications) Spines Cloud Computing, Messaging Systems http://www.dsn.jhu.edu/download/download_spines.cgi Spines is a generic messaging infrastructure that provides transparent unicast, multicast and anycast communication over dynamic, multi-hop networking environments without the need for expensive router programming environments or low level router coding. It provides automatic reconfiguration and network flexibility required for research and production deployments. BSD-like
Johns Hopkins University (publications) Prime Cloud Computing, Replication Engine http://dsn.jhu.edu/download/download_prime_MZceyx.cgi Prime is a Byzantine fault-tolerant replication system whose goal is to provide a meaningful level of performance even after some of the replication servers have been compromised. Prime meets Safety (consistency of the correct replicas) and Liveness (the eventual execution of each update) constraints as long as no more than f out of 3f+1 replicas are compromised and the network is sufficiently stable. Prime also meets a stronger, Bounded-Delay, performance guarantee that limits the amount of performance degradation that can be caused by malicious servers. BSD-like
Cornell University (publications) Isis2 Distributed Computing, Cloud Computing http://isis2.codeplex.com/downloads/get/772418 Isis2 is a new option for cloud computing that can enable reliable, secure replication of data even in the highly elastic first-tier of the cloud. Isis2 is a project of Ken Birman at Cornell University. Although the system started out as a data replication technology (groups of programs that can share updates), in 2013 Isis2 became much more big-data oriented. BSD
Cornell University (publications) TCPR High Assurance Computing, Network Protocols https://github.com/rahpaere/tcpr/ TCPR can turn one or both of the endpoints of a TCP connection in to a long-lived one, surviving both migration and failure+recovery events, transparently to the other endpoint. This version should be used for standard TCP connections. BSDv3
Cornell University (publications) TCPR-SSL High Assurance Computing, Network Protocols https://github.com/rvanren/TCPR-SSL TCPR can turn one or both of the endpoints of a TCP connection in to a long-lived one, surviving both migration and failure+recovery events, transparently to the other endpoint. This release has been integrated with OpenSSL. BSDv3
Cornell University (publications) Live Distributed Objects Cloud Computing, Collaboration, Mashups https://liveobjects.codeplex.com Live Distributed Objects is a visualization technology for creating collaborative shared applications (live objects) where any change made by any user is immediately mirrored to all other users. The technology is cloud-based but can operate without any central server or data center if desired, making it feasible to use it in a forward mission situation where back-connectivity to the data center is disrupted. BSDv3
Cornell University (publications) Live Distributed Objects integrated with Isis2 Cloud Computing, Collaboration, Mashups https://ldo4gridcloud.codeplex.com Live Distributed Objects is a visualization technology for creating collaborative shared applications (live objects) where any change made by any user is immediately mirrored to all other users. The technology is cloud-based but can operate without any central server or data center if desired, making it feasible to use it in a forward mission situation where back-connectivity to the data center is disrupted. The original Live Distributed Objects technology doesn't compile on the most recent Windows 8 release from Microsoft, and lacked a driver to integrate it with Isis2. This code base resolves both issues, but the main documentation remains unchanged and should be accessed on the Live Distributed Objects release site. BSDv3
Cornell University (publications) ShadowDB High Assurance Computing, Database https://github.com/nschiper/ShadowDB A replicated database built from ODBC-compatible databases and synthesized 'correct-by-construction' consensus code. BSDv3
SRI International (publications), University of Cambridge (publications) Mirage Operating System Security, Operating Systems, Programming Languages http://openmirage.org/wiki/install Mirage is a unikernel for constructing secure, high-performance network applications across a variety of cloud computing and mobile platforms. Code can be developed on a normal OS such as Linux or MacOS X, and then compiled into a fully-standalone, specialised kernel that runs under the Xen hypervisor. The framework is fully event-driven, with no support for preemptive threading. ISC, GPLv2
SRI International (publications), University of Cambridge (publications) SE-Floodlight (SEK) Security, Software Defined Networking Please contact Phil Porras (SRI) SE-Floodlight is a software extension to the BigSwitch Floodlight controller, providing role-based authorization and strong security constraints enforcement. It is the first reference implementation of an SDN security policy enforcing mediation service in an OpenFlow stack. SRI no-cost research purposes license
SRI International (publications), University of Cambridge (publications) SDN Security Actuator Security, Software Defined Networking Please contact Phil Porras (SRI) The SDN Security Actuator is a middle-ware abstraction service that enables legacy INFOSEC security products and technology to easily integrate into an OpenFlow network stack. The Security Actuator enables security services to communicate high level threat response directives, which are then translated into stateful OpenFlow flow rule insertions to are sent to SE-Floodlight. These directives utilize SE-Floodlight's Alias Rule Reduction algorithm to ensure that all redirections and blocks cannot be circumvented by flow rules set actions that implement virtual tunnels that would otherwise violate the directive. SRI no-cost research purposes license
TeamTitleLink
Applied Communication Sciences Multi-Resource Allocation: Fairness-Efficiency Tradeoffs in a Unifying Framework
Applied Communication Sciences Autonomous, Collaborative Control for Resilient Cyber Defense
Adventium Enterprises Constraint-Based Allocation of Cloud Resources to Maximize Mission Effectiveness
BAE Systems, University of Pennsylvania, Portland State University Private and Verifiable Interdomain Routing Decisions
Columbia University, Symantec Cloudopsy: An Autopsy of Data Flows in the Cloud
Columbia University, Symantec Sound and Precise Analysis of Parallel Programs through Schedule Specialization
Columbia University, Symantec Concurrency Attacks
Columbia University, Symantec CleanOS: Limiting Mobile Data Exposure with Idle Eviction
Columbia University, Symantec Self-healing Multitier Architectures Using Cascading Rescue Points
Columbia University, Symantec Exploiting Split Browsers for Efficiently Protecting User Data
Columbia University, Symantec Adaptive Defenses for Commodity Software through Virtual Application Partitioning
Columbia University, Symantec Lost in Translation: Improving Decoy Documents via Automated Translation
Columbia University, Symantec Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud
Columbia University, Symantec Position Paper: The MEERKATS Cloud Security Architecture
Columbia University, Symantec Towards a Universal Data Provenance Framework using Dynamic Instrumentation
Cornell University Application-Driven TCP Recovery
Cornell University SoNIC: Precise Realtime Software Access and Control of Wired Networks
Cornell University Secure Abstraction with Code Capabilities
Cornell University Gecko: Contention-Oblivious Disk Arrays for Cloud Storage
Cornell University Byzantine Chain Replication
Cornell University A Diversified and Correct-by-Construction Broadcast Service
Cornell University ShadowDB: A Replicated Database on a Synthesized Consensus Core
Cornell University Live Network Streaming with Utilities and Cost
Cornell University The Xen-Blanket: Virtualize Once, Run Everywhere
Cornell University Overcoming CAP with Consistent Soft-State Replication
Cornell University Fact-based Inter-Process Communication Primitives for Programming Distributed Systems
Cornell University Virtually Synchronous Methodology for Dynamic Service Replication
Cornell University Routers for the Cloud. Can the Internet Achieve 5-Nines Availability?
Cornell University Plug into the Supercloud
Johns Hopkins University, Purdue University Intrusion-Tolerant Cloud Monitoring and Control
Johns Hopkins University, Purdue University Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes
Johns Hopkins University, Purdue University How to Catch L2-Heavy-Hitters on Sliding Windows
Johns Hopkins University, Purdue University How Hard is Counting Triangles in the Streaming Model
MIT Dancing with Uncertainty
MIT Automatic Input Rectification
MIT Bolt: On-Demand Infinite Loop Escape in Unmodified Binaries
Smart Information Flow Technologies, DOLL STRATUS: Strategic and Tactical Resiliency Against Threats to Ubiquitous Systems
Smart Information Flow Technologies, DOLL Adaptive Security and Trust
Smart Information Flow Technologies, DOLL The GoDeL Planning System: A More Perfect Union of Domain-Independent and Hierarchical Planning
SRI International, University of Cambridge FRESCO: Modular Composable Security Services for Software-Defined Networking
SRI International, University of Cambridge Unikernels: Library Operating System for the Cloud
SRI International, University of Cambridge Declarative, Temporal, and Practical Programming with Capabilities
SRI International, University of Cambridge AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks
SRI International, University of Cambridge Authentication for Resilience: The Case of SDN
SRI International, University of Cambridge Enabling Hardware Exploration in Software-Defined Networking: A Flexible Portable OpenFlow Switch
University of Illinois - Urbana-Champaign, Princeton University Scalable Network Virtualization in Software-Defined Networks
University of Illinois - Urbana-Champaign, Princeton University Live Migration of an Entire Network (And Its Hosts)
University of Illinois - Urbana-Champaign, Princeton University DEFINED: Deterministic Execution for Interactive Control-Plane Debugging
University of Illinois - Urbana-Champaign, Princeton University VeriFlow: Verifying Network-Wide Invariants in Real Time
University of Illinois - Urbana-Champaign, Princeton University Walk the Line: Consistent Network Updates with Bandwidth Guarantees
University of Illinois - Urbana-Champaign, Princeton University SybilControl: Practical Sybil Defense with Computational Puzzles
University of Illinois - Urbana-Champaign, Princeton University Tiresias: Online Anomaly Detection for Hierarchical Operational Network Data
University of Illinois - Urbana-Champaign, Princeton University SMOG: A Cloud Platform for Seamless Wide area Migration of Networked Games
University of Illinois - Urbana-Champaign, Princeton University Programmable Host/Network Traffic Management
University of Illinois - Urbana-Champaign, Princeton University Transparent, Live Migration of a Software-Defined Network
University of Illinois - Urbana-Champaign, Princeton University HotSwap: Correct and Efficient Controller Upgrades for Software-Defined Networks

Software

Publications