Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon,

Slides:



Advertisements
Similar presentations
Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Advertisements

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Bus Architectures for Satety- Critical Embedded Systems --by Harit Desai.
1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.
Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.
SECURE AND FAULT TOLERANT VOTING IN DISTRIBUTED INFORMATION SYSTEMS 14 September 2001 Shambhu Upadhyaya SPIDER Lab CSE Department University at Buffalo.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Copyright ©2009 Opher Etzion Event Processing Course Engineering and implementation considerations (related to chapter 10)
Applied Cryptography for Network Security
Towards Application Security On Untrusted OS
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
1 Reliable Adaptive Distributed Systems Armando Fox, Michael Jordan, Randy H. Katz, David Patterson, George Necula, Ion Stoica, Doug Tygar.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Network Topologies.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Langley Research Center SPIDER Formal Models–Where are we now? Paul S. Miner In collaboration with: Alfons Geser (NIA), Jeff Maddalon,
1 A Modular Approach to Fault-Tolerant Broadcasts and Related Problems Author: Vassos Hadzilacos and Sam Toueg Distributed Systems: 526 U1580 Professor:
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Fault Tolerance via the State Machine Replication Approach Favian Contreras.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
 Communication Tasks  Protocols  Protocol Architecture  Characteristics of a Protocol.
CSC8320. Outline Content from the book Recent Work Future Work.
Distributed Systems: Concepts and Design Chapter 1 Pages
Distributed System Models (Fundamental Model). Architectural Model Goal Reliability Manageability Adaptability Cost-effectiveness Service Layers Platform.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
ACM 511 Introduction to Computer Networks. Computer Networks.
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Building Dependable Distributed Systems Chapter 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Chapter 5 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.
CS551 - Lecture 5 1 CS551 Lecture 5: Quality Attributes Yugi Lee FH #555 (816)
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Prepared By: Md Rezaul Huda Reza
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Langley Research Center Why is SPIDER Design Assurance based on Formal Methods? Paul S. Miner NASA Langley Internal Formal Methods.
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
1 5/18/2007ã 2007, Spencer Rugaber Architectural Styles and Non- Functional Requirements Jan Bosch. Design and Use of Software Architectures. Addison-Wesley,
1 INTRUSION TOLERANT SYSTEMS WORKSHOP Phoenix, AZ 4 August 1999 Jaynarayan H. Lala ITS Program Manager.
Exercises for Chapter 2: System models From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4, © Pearson Education 2005.
Problem: Replication versus Confidentiality
1 The Formal Verification of SPIDER Lee Pike Department of Computer Science Indiana University, Bloomington
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.
Chapter 8 Fault Tolerance. Outline Introductions –Concepts –Failure models –Redundancy Process resilience –Groups and failure masking –Distributed agreement.
CCNA Exploration v4.0 Network fundamentals CCNA Exploration v4.0 Network fundamentals.
Intrusion Tolerant Architectures
Data Center Network Architectures
Albert M. K. Cheng Embedded Real-Time Systems
Outline Distributed Mutual Exclusion Distributed Deadlock Detection
INFORMATION SYSTEMS SECURITY and CONTROL
COMP28112 Lecture 2 A few words about parallel computing
Presentation transcript:

Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon, NASA Langley 22 Oct 2003

Langley Research Center SPIDER Intrusion Tolerance2

Langley Research Center SPIDER Intrusion Tolerance3

Langley Research Center SPIDER Intrusion Tolerance4 Desired Security Properties Confidentiality No unauthorized disclosure of information Integrity No improper alteration of data Availability System always completes authorized actions From Jean-Claude Laprie, Dependability - Its Attributes, Impairments, and Means, In Randell, et al. Eds., Predictably Dependable Computer Systems, Springer- Verlag, 1995

Langley Research Center SPIDER Intrusion Tolerance5 Intrusion Resilience Make the system difficult to enter –Firewalls, strong encryption, up-to-date security patches, etc. Add monitoring so intrusions can be handled quickly –Automated network monitoring, audits, network isolation, etc. Great techniques, but they are not enough…

Langley Research Center SPIDER Intrusion Tolerance6 System Protection Goals Attackers look for the weakest link, so we need not just strong barriers, but … strong barriers and redundancy

Langley Research Center SPIDER Intrusion Tolerance7 Intrusion Tolerance Ability to preserve Availability and Integrity, in presence of bounded number of compromised network nodes A compromised node may exhibit Crashed (unable to deliver any service) Unable to deliver timely service (e.g. Denial of Service) Uniformly corrupted data (consistent misinformation) Arbitrary behavior (includes malicious human-directed behavior)

Langley Research Center SPIDER Intrusion Tolerance8 Fault-Tolerance (FT) and Intrusion Tolerance (InT) Similar Worst case scenario in FT is arbitrary behavior – identical to InT worst case Easily detectable failures (crash, omission) are similar in both domains Different Fault arrival rates are not comparable – In FT: independence of failure exponential fault arrival rate multiple fault scenarios are rare – In InT: expect coordinated attack potential for simultaneous arrival of multiple faults

Langley Research Center SPIDER Intrusion Tolerance9 What is SPIDER? A family of fault-tolerant architectures –Scalable Processor-Independent Design for Electromagnetic Resilience (SPIDER) A system built using SPIDER can continue to operate with –arbitrary malicious failures –many easy-to-detect failures –multiple simultaneous failures

Langley Research Center SPIDER Intrusion Tolerance10 ROBUS Topology PE 1 PE 2 PE 3 PE N BIU N BIU 3 BIU 2 BIU 1 ROBUS N,M RMU M RMU 2 RMU 1

Langley Research Center SPIDER Intrusion Tolerance11 SPIDER Fault Tolerance ROBUS Guarantees –All processors attached to a good port will observe identical message streams –All processors attached to a good port will by synchronized within a bounded amount of time –All processors attached to a good port will have correct and consistent diagnostic information From these guarantees SPIDER can provide –Interactive Consistency (Distributed Agreement) –Distributed Diagnosis –Clock Synchronization

Langley Research Center SPIDER Intrusion Tolerance12 Intrusion Tolerance and SPIDER With enough good (not compromised) nodes, SPIDER can still provide service Standard versions of fault tolerant protocols that can withstand a bounded number of faulty nodes –deemed too expensive in both time and space to be of practical use –variant of SPIDER protocols might provide cost-effective Intrusion Tolerance Fault arrival rates are different between fault tolerant and intrusion tolerant systems –SPIDER architecture designed for multiple active faults

Langley Research Center SPIDER Intrusion Tolerance13 Arbitrary Network Structures? ROBUS can use a distributed implementation (not necessarily optical) Can generalize the bus-oriented structure to establish a intrusion tolerant version of classical network topologies –Rings –Hub and Spoke –For any particular network topology, there is a corresponding intrusion tolerant topology (at cost of adding redundant links and nodes, and ensuring independence of failure) Many existing network structures may include sub-networks capable of supporting this idea

Langley Research Center SPIDER Intrusion Tolerance14 Network Concept RMUs BIU/PEs

Langley Research Center SPIDER Intrusion Tolerance15 Formal Verification Sound concepts with poor designs can result in security issues A poor design of these protocols could cause security problems Solution: formal verification SPIDER fault tolerance properties have been formally verified We expect any modifications to provide intrusion tolerance will also be formally verified.

Langley Research Center SPIDER Intrusion Tolerance16 Summary Intrusion resilience vs. Intrusion tolerance Techniques from fault tolerance used to achieve intrusion tolerance The SPIDER fault tolerant architecture may be adapted for intrusion tolerance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.