|
Frequently Asked Questions |
|
What are the Cougaar security services? The security services for the Cougaar platform provide mechanisms to enable security in large-scale distributed agent-based applications. They allow Cougaar users and components to share sensitive data safely and effectively. The users and components have assurance that their computing environment is secure and does not allow unauthorized disclosure or modification of their data. Who are the Cougaar security services developers? The Cougaar security services have been developed by Sebastien Rosset, Timothy Redmond, Michael Luu, Richard Liao, Rakesh Tripathi, and George Mount. What is the license for the Cougaar security services? The security services are released under the BSD-based license. Where can I download the package? You can obtain it from the CVS repository in cougaar.org or as a standalone package also in cougaar.org. How do I build the Cougaar security services myself? The security services are composed of multiple CVS modules. You must have ant 1.6.3 or above installed, and you must have a valid Cougaar installation. Then, checkout the “installer” module from CVS: cvs -d :pserver:anonymous@cougaar.org:/cvsroot/securitycore checkout installer Build the security services: ant interactive Select option 5, “Update, build and install the modules listed above”. This will checkout all the required CVS modules, build and install the security services. What operating systems are supported? The Cougaar security services have been tested on Windows 2000, Windows XP, Linux RedHat 8, SE Linux, Fedora 2 and Fedora 3. What JVM is supported by the Cougaar security services? The Cougaar security services are tested and supported on Sun JDK 1.4.2 and 5.0. Where can I report bugs or problems? Please report bugs or problems to the bug reporting system at http://cougaar.org/tracker/?atid=272&group_id=55&func=browse. See also the Cougaar FAQ at http://cougaar.org/docman/view.php/17/55/FAQ.html |
|
General Information |
|
Cougaar Security Services |
|
Adaptive security services for the Cougaar platform |
|
ACME/Ruby questions |
|
What is Ruby? Ruby is an interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). For more information, visit http://www.ruby-lang.org. What is Ruby used for? Ruby is used as a scripting language to configure security-enabled Cougaar societies. It is also used to build and execute an extensive set of experiments to test the correctness of the security services. What version of Ruby should I use? You should install Ruby version 1.8.2 provided with the Cygwin package. Note: The Ruby Windows installer is not supported yet. What is ACME? The Automated Configuration Management Environment (ACME) is a distributed systems control and test framework. It is designed to automate the testing and control of distributed environments, specifically Cougaar agent societies, through the use of scripting and messaging technologies. For more information, visit http://acme.cougaar.org What version of ACME should I use? You should use ACME version 1.6 which you can download from http://cougaar.org/frs/?group_id=43&release_id=127.
|
|
Cygwin questions |
|
The scripts provided in the Cougaar security services package do not work properly under Cygwin. What is the problem? This is one of the most often reported problem and is almost always a problem in setting path names. Cygwin supports multiple path name conventions, such as /cygdrive/c/cougaar, c:\cougaar, c:/cougaar, etc. However, few programs under Windows recognize all of these formats. For example, the SUN JDK java program does not recognize the “cygdrive/c/” format. This means you cannot set the COUGAAR_INSTALL_PATH environment variable to “/cygdrive/c/cougaar” and have a script that use COUGAAR_INSTALL_PATH to start a Cougaar node. Similarly, the ruby program installed through the Ruby Windows installer does not recognize the “/cygdrive/c/” format. Another issue is the improper use of backslash in scripts under Cygwin. For example, if you set COUGAAR_INSTALL_PATH to “c:\cougaar”, a bash shell script interprets ‘\’ as an escape character.
|
|
Security-enabled PING society |
|
I launch a node using the provided cygwin script but I get the following error. How do I fix this problem? sh NodeA-cygwin.sh NodeA-cygwin.sh: 6: Syntax error: Bad fd number The cygwin scripts are supposed to run under the bash shell, not sh. On cygwin, the sh and bash shells are different. sh is an old shell and does not parse the file redirection as expected. Either run: bash NodeA-cygwin.sh Or type: chmod 755 NodeA-cygwin.sh ./NodeA-cygwin.sh In what directory should I start the security-enabled PING nodes? Run the scripts under the $COUGAAR_INSTALL_PATH/configs/ping/society_config directory. After getting the script ASMT-TRANSFORM.rb to run, I run NodeA.bat and I get the following exception. What is the problem? java.io.FileNotFoundException: NodeA.prop (The system cannot find the file specified) See previous question. You should run the scripts under the $COUGAAR_INSTALL_PATH/configs/ping/society_config directory. I double-click on the “.bat” file from Windows Explorer and I get run-time exceptions. What is the problem? The startup directory should be set to the $COUGAAR_INSTALL_PATH/configs/ping/society_config directory. I run NodeA.bat and get the following exceptions in the nodeA-stderr.log file. What is wrong? java.lang.Error: Failed to launch org.cougaar.core.node.Node ... Caused by: org.cougaar.core.security.securebootstrap.CertificateVerificationException: Archive C:\Cougaar\lib\core.jar cannot be trusted This is likely due do a jar file signature verification issue. Make sure all the files under $COUGAAR_INSTALL_PATH/lib and $COUGAAR_INSTALL_PATH/sys have been signed properly. The JAR file signature verifier generates log files under $COUGAAR_INSTALL_PATH/log/bootstrap. The symptom may also be a “NoClassDefFoundError” or “ClassNotFoundException” log statement. You can sign a JAR file using the $COUGAAR_INSTALL_PATH/operator/security/signSingleJar script: bash $COUGAAR_INSTALL_PATH/operator/security/signSingleJar myFile.jar
How do I sign all the JAR files under $COUGAAR_INSTALL_PATH/lib and $COUGAAR_INSTALL_PATH/sys? Run the signJars script under $COUGAAR_INSTALL_PATH/operator/security. This script will sign all the JAR files.
I get the following exception when starting a node. Why? java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:5300 connect,resolve) ... Edit the loggingConfig.conf file under the $COUGAAR_INSTALL_PATH/configs/common directory and comment out the following lines: #log4j.appender.EVENT=org.cougaar.tools.jabberlogger.SocketAppender #log4j.appender.EVENT.layout.ConversionPattern=%d{ABSOLUTE} %-5p - %c{1} - %m%n The society behaves differently when comparing the first society run and the second time. Why? The Cougaar nodes store data on persistence storage in the $COUGAAR_INSTALL_PATH/workspace directory. In particular, the following data is persisted: ¨ Blackboard data in $CIP/workspace/P sub-directories, ¨ Audit logs in the $CIP/workspace/auditlogs directory, ¨ Jar files in the $CIP/workspace/jarfiles directory, ¨ Log files in the $CIP/workspace/log4jlogs and $CIP/workspace/nodelogs directories, ¨ Cryptographic keys in the $CIP/workspace/security directory. You should remove those directories each time you restart the society if you want to get a clean environment. |
|
Projects and modules |
|
What is the relationship between the projects in Cougaarforge: ¨ Security bootstrapper ¨ Security utilities ¨ Security services core ¨ Security monitoring The secure bootstrapper provides a jar signature verifier, a Java security manager and a few other secure bootstrap services. Its use is optional. The security utilities project provides common classes used by the security services core project and the security monitoring project. This project must always be installed. The security services core project provides services such as access control, PKI, and user identification. This project must always be installed. The security monitoring project provides a framework to detect, collect, analyze and correlate security-related events. This project is optional. |