Home > Dynamic System Reconfiguration

Project Overview

I worked closely with Dr. Amy Babay on the design and implementation of a fully dynamic reconfiguration system for a multi-site distributed network system called Spire. The system allows runtime updates to topology, cryptographic keys, and component roles without downtime, enabling robust response to failures and temporary deployments like mobile control centers.

Workflow

• Config Manager: Converts a high-level YAML configuration into a complete, signed configuration, generating all necessary cryptographic keys.
• Config Disseminator: Reliably transmits the signed configuration to all participating hosts, handling large configurations via fragmentation.
• Config Agent: Runs on each host, receives and verifies the configuration, applies updates to local components, and triggers reloads or restarts to activate changes.

Technical Achievements

• Replaced hard-coded system constants with a human-readable YAML configuration model.
• Designed a hybrid cryptography system (AES-256 + RSA-OAEP) with digital signatures to secure sensitive keys and configuration integrity.
• Refactored core applications to dynamically load network addresses, keys, and threshold cryptography shares at runtime.
• Implemented reliable multicast delivery with message fragmentation and version tracking.
• Validated the system in a 26-node Docker environment with multiple failure and recovery scenarios.

Key Technical Challenges and Resolutions

• Legacy Static Configuration Dependencies
  • Challenge: Components relied on compile-time constants and hardcoded arrays, making runtime reconfiguration impossible without risking inconsistencies or crashes.
  • Resolution: Performed a full audit of static constants, replaced them with dynamic initialization functions, and refactored core subsystems to read values from the unified YAML file at startup.
• Cryptographic Key Management
  • Challenge: Integrating a secure key distribution and storage mechanism into a system with multiple key types while ensuring confidentiality and integrity.
  • Resolution: Implemented a hybrid encryption scheme combining AES-256 for bulk data and RSA-OAEP for key protection. Automated key generation and YAML population ensured secure and reproducible configuration artifacts.
• Reliable Network Dissemination of Large Configurations
  • Challenge: Configuration payloads could exceed a single network message size, requiring reliable delivery to many hosts.
  • Resolution: Designed a message fragmentation and reassembly protocol over Spines multicast. Agents verified completeness and signatures before applying configurations, preventing partial updates or replay attacks.
• Host Identification and Environment Ambiguity
  • Challenge: Determining which host an agent was running on was error-prone when relying solely on IP address parsing.
  • Resolution: Config_agent now accepts the host's unique hostname as a command-line argument, providing a deterministic and unambiguous host identification mechanism.
• Integration Bugs from Extensive Refactoring
  • Challenge: Refactoring core components to remove static dependencies introduced subtle bugs, including segmentation faults and mismatched key sizes.
  • Resolution: Built a comprehensive containerized test harness to simulate all sites. Incremental validation, detailed logging, and automated cryptography verification allowed systematic bug identification and resolution.

Skills Developed

• Advanced C/C++ systems programming and network protocol design
• Cryptography and key management with OpenSSL
• Distributed system design and reliable multicast communication
• Configuration management and automated deployment
• Research-driven problem solving and large-scale system integration

Impact

The project produced a resilient distributed system capable of live, dynamic reconfiguration, validating that research-driven engineering can directly deliver operational, deployable outcomes.