Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

Slides:

Advertisements

Similar presentations

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

Advertisements

Intrusion Tolerant Distributed Object Systems 2002 OASIS Winter PI Meeting Hilton Head, SC March 12, 2002 Gregg Tally Gregg Tally Brent Whitmore Brent.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.

Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York

Reliability on Web Services Presented by Pat Chan 17/10/2005.

Fundamentals of Computer Security Geetika Sharma Fall 2008.

WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.

Revision Week 13 – Lecture 2. The exam 5 questions Multiple parts Read the question carefully Look at the marks as an indication of how much thought and.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Distributed Information Systems - The Client server model

Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Stephen S. Yau CSE , Fall Security Strategies.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

23 September 2004 Evaluating Adaptive Middleware Load Balancing Strategies for Middleware Systems Department of Electrical Engineering & Computer Science.

Zoltán Mann: Tracing CORBA applications 1/22 Tracing CORBA applications using interceptors Zoltán Mann Supervisor: Dr. Károly Kondorosi Budapest University.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Intrusion Tolerance Based on Intelligent Compensating Middleware (July, 2001) F. Anjum A. Ghosh G. DiCrescenzo M. Rathi A. Umar R. Zbib DARPA BAA0015 Intrusion.

Fault and Intrusion Tolerant (FIT) Event Broker & BFT-SMaRt A. Casimiro, D. Kreutz, A. Bessani, J. Sousa, I. Antunes, P. Veríssimo University of Lisboa,

The Starfish System: Intrusion Detection and Intrusion Tolerance for Middleware Systems Kim Potter Kihlstrom Westmont College Santa Barbara, CA, USA Priya.

A Survivability Validation Framework for OASIS Program Technologies.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,

1 06/00 Questions 10/6/2015 QoS in DOS ECOOP 2000John Zinky BBN Technologies ECOOP 2000 Workshop on Quality of Service in Distributed Object Systems

Wireless Access and Terminal Mobility in CORBA Dimple Kaul, Arundhati Kogekar, Stoyan Paunov.

DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

ARMADA Middleware and Communication Services T. ABDELZAHER, M. BJORKLUND, S. DAWSON, W.-C. FENG, F. JAHANIAN, S. JOHNSON, P. MARRON, A. MEHRA, T. MITTON,

WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.

1 Introduction to Middleware. 2 Outline What is middleware? Purpose and origin Why use it? What Middleware does? Technical details Middleware services.

CS551 - Lecture 18 1 CS551 Object Oriented Middleware (VII) Advanced Topics (Chap of EDO) Yugi Lee STB #555 (816)

1 06/ /21/2015 ECOOP 2000 Workshop QoS in DOSJohn Zinky BBN Technologies Quality Objects (QuO) Middleware Framework ECOOP 2000 Workshop QoS in DOS.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Sunday, October 15, 2000 JINI Pattern Language Workshop ACM OOPSLA 2000 Minneapolis, MN, USA Fault Tolerant CORBA Extensions for JINI Pattern Language.

Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.

Intrusion Tolerant Distributed Object Systems OASIS PI Meeting Norfolk, VA February 12-16, 2001 Gregg TallyBrent Whitmore

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

An Adaptive Intrusion-Tolerant Architecture Alfonso Valdes, Tomas Uribe, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Josh Levy, Hassen.

Agile Survivable Store PIs: Mustaque Ahamad, Douglas M. Blough, Wenke Lee and H.Venkateswaran PhD Students: Prahlad Fogla, Lei Kong, Subbu Lakshmanan,

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

Fault Tolerance in CORBA and Wireless CORBA Chen Xinyu 18/9/2002.

CS551 - Lecture 11 1 CS551 Object Oriented Middleware (III) (Chap. 5 of EDO) Yugi Lee STB #555 (816)

Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications Doina Iepuras.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Comments on Networking and Security - Challenges for Environmental Observatories Arthur C. Sanderson Rensselaer Polytechnic Institute NSF Workshop on Cyberinfrastructure.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.

1 BBN Technologies Quality Objects (QuO): Adaptive Management and Control Middleware for End-to-End QoS Craig Rodrigues, Joseph P. Loyall, Richard E. Schantz.

INTRODUCTION Firewall is a concept which blocks unwanted traffic and passes desirable traffic to and from both sides of the network.

Networking Aspects in the DPASA Survivability Architecture: An Experience Report Michael Atighetchi BBN Technologies.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Session 1: Technology Development August 15 NSF Workshop.

INFORMATION SYSTEMS SECURITY AND CONTROL.

Intrusion Tolerant Architectures

Middleware Policies for Intrusion Tolerance

Chapter 17 Risks, Security and Disaster Recovery

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Inventory of Distributed Computing Concepts

Strayer University at Arlington, VA

Group Service in CORBA Xing Gang Supervisor: Prof. Michael R. Lyu

Presentation transcript:

Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

July 17-21, Motivation Mission critical applications being developed using CORBA on COTS platforms CORBA Security protects at middleware level, but applications vulnerable to O/S and network attacks Fault Tolerant CORBA does not protect against malicious faults

July 17-21, Technical Objectives Provide intrusion tolerance for CORBA applications System level approach – Middleware Eliminate reliance on any single server – secure, reliable group communication directly between clients and replicated servers Detect Byzantine (arbitrary) faults in servers Support heterogeneity (diversity of implementation) – Boundary controllers (firewalls) Protocol inspection End-to-end authentication between clients and servers

July 17-21, Existing Approaches OMG supports Fault Tolerance for CORBA – Not intrusion tolerant – Not fully interoperable – No firewall support Prior and Current Research – Avoided ORB changes by intercepting process level communications; forces homogeneous server implementation – Use of “primary” or “lead” server; cannot tolerate Byzantine faults – Ensemble, Maestro, AQuA, Rampart, Eternal, others

July 17-21, Technical Approach Leverage prior work on fault tolerant CORBA; secure, reliable, authenticated multicast; total ordering; Byzantine fault detection Active replication of servers with voting Protect client and server hosts with application proxy firewall; include firewall in multicast group Integrate with open-source ORB – Detect value faults above CDR encode/decode layer – Replace transport layer with secure, reliable, authenticated multicast – Handle duplicate requests and replies

July 17-21, Conceptual Overview Firewall Secure, Reliable, Auth. Multicast GIOP Proxy Client Application Code IT ORB Value Fault Detection / Voting Redundant Msg. Exclusion Encode/Decode Time, Crash, other Fault Detection Secure, Reliable, Auth. Multicast Firewall M-Cast GIOP Proxy Server Application Code IT ORB Server Application Code IT ORB Server Application Code IT ORB Firewall M-Cast GIOP Proxy Firewall M-Cast GIOP Proxy Client-Side Firewall Server-Side Firewalls Redundant Servers

July 17-21, Approach -- What’s Different ? All servers are equal – eliminate need for “primary” or “lead” server Detect value faults in the ORB – encoding of CORBA messages depends on the source platform (i.e, byte ordering) – permits heterogeneous implementations Application proxy firewall integrated into the architecture – better protection for COTS client and server hosts – end-to-end authentication of client and server – may have better performance than IIOP/SSL proxies

July 17-21, Risks and Mitigation Plans Performance of secure, reliable, authenticated multicast – Mitigation Plan: Evaluate and experiment with existing research prototypes Design replaceable transport layer Take advantage of research advances as they become available Defense against DoS attacks by compromised servers – Mitigation Plan: Rely on intruder tracing (IDIP?) to find source and block

July 17-21, Expected Achievements At least one implementation of an ORB on two more more heterogeneous platforms that tolerates Byzantine faults Integrated application proxy firewall support to protect COTS client and server hosts Understand trade-off between performance and degrees of intrusion tolerance

July 17-21, Metrics Cost/benefit of redundant servers – Tolerance of Byzantine faults (number of faulted servers) vs. impact on throughput due to additional replication – Throughput measured by operations per second Countermeasure Characterization using either IA or IASET methodology Experimentation at the TIC to validate countermeasure claims

July 17-21, Policy Issues Assumptions – Other mechanisms enforce QoS and QoP policies – CORBA Security could be added to architecture to provide other services (access control, audit, non-repudiation, etc.) – Can integrate with intruder tracing mechanisms (e.g., IDIP) to handle denial of service attacks Enforcement Mechanisms – Need policy for group membership: servers, clients, and firewalls – Standard firewall permit/deny policy extended for secure, reliable, authenticated multicast

July 17-21, Schedule

July 17-21, Technology Transfer Work with OMG to revise existing specifications, create new specifications – Fault Tolerance specification – Unreliable Multicast specification – Firewall specification Joint experimentation with other DARPA and DoD programs Conferences and workshops