Middleware Policies for Intrusion Tolerance

Slides:

Advertisements

Similar presentations

1 12/16/98DARPA Intrusion Detection PI Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall

Advertisements

5-Network Defenses Dr. John P. Abraham Professor UTPA.

1 23 March 00 APOD Review Applications that Participate in their Own Defense (APOD) Review Meeting 23 March 00 Presentation by: Franklin Webber, Ron Scott,

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewalls and Intrusion Detection Systems

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

1 8/99 IMIC Workshop 6/22/2015 New Network ServicesJohn Zinky BBN Technologies The Need for A Network Resource Status Service IMIC Workshop 1999 Boston.

OPX PI Meeting 2002 February page 1 Applications that Participate in their Own Defense (APOD) QuO Franklin Webber BBN Technologies.

Lesson 19: Configuring Windows Firewall

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

1 4/20/98ISORC ‘98 BBN Technologies Specifying and Measuring Quality of Service in Distributed Object Systems Joseph P. Loyall, Richard E. Schantz, John.

1 05/01/02ISORC 2002 BBN Technologies Joe Loyall Rick Schantz, Michael Atighetchi, Partha Pal Packaging Quality of Service Control Behaviors for Reuse.

BBN Technologies Craig Rodrigues Gary Duzan QoS Enabled Middleware: Adding QoS Management Capabilities to the CORBA Component Model Real-time CCM Meeting.

1 21 July 00 Joint PI Meeting FTN Applications that Participate in their Own Defense (APOD) BBN Technologies Franklin Webber, Ron Scott, Partha Pal, Michael.

Intrusion Tolerance by Unpredictability and Adaptation Presented by: Partha Pal Ron Watro Franklin Webber Chris Jones William H. Sanders Michel Cukier.

1 Using Quality Objects (QuO) Middleware for QoS Control of Video Streams BBN Technologies Cambridge, MA Craig.

1 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Mechanisms and the APOD Red-team Experiments Chris Jones Michael Atighetchi, Partha Pal, Franklin.

MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,

1 06/00 Questions 10/6/2015 QoS in DOS ECOOP 2000John Zinky BBN Technologies ECOOP 2000 Workshop on Quality of Service in Distributed Object Systems

DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.

1 10/20/01DOA Application of the QuO Quality-of-Service Framework to a Distributed Video Application Distributed.

WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.

BBN Technologies a part of page 118 January 2001 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting January.

1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal,

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 06/ /21/2015 ECOOP 2000 Workshop QoS in DOSJohn Zinky BBN Technologies Quality Objects (QuO) Middleware Framework ECOOP 2000 Workshop QoS in DOS.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

2001 July page 1 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting 2001 July 30 Franklin Webber QuO.

Design and run-time bandwidth contracts for pervasive computing middleware Peter Rigole K.U.Leuven – Belgium

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

1 10/23/98Lunchtime Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall, Rick Schantz, Rodrigo Vanegas, James Megquier,

1 Applying Adaptive Middleware, Modeling, and Real-Time CORBA Capabilities to Ensure End-to- End QoS Capabilities of Video Streams BBN Technologies Cambridge,

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

2001 November13 -- page 1 Applications that Participate in their Own Defense (APOD) Project Status Review Presentation to Doug Maughan Presentation by.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

1 BBN Technologies Quality Objects (QuO): Adaptive Management and Control Middleware for End-to-End QoS Craig Rodrigues, Joseph P. Loyall, Richard E. Schantz.

Complementary Methods for QoS Adaptation in Component-based Multi-Agent Systems MASS 2004 August 30, 2004 John Zinky, Richard Shapiro, Sarah Siracuse BBN.

1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting.

Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

Automating Cyber- Defense Management By: Zach Archer COSC 316.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

1 Distributed Systems Architectures Distributed object architectures Reference: ©Ian Sommerville 2000 Software Engineering, 6th edition.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Exploiting Layer 2 By Balwant Rathore.

CONNECTING TO THE INTERNET

Managing Secure Network Systems

Definition of Distributed System

Intrusion Tolerance by Unpredictable Adaptation

Introduction to Networking

Security in Networking

QoS-Enabled Middleware

Mark Feldman, Lee Badger, Steve Kiernan, Larry Spector,

Knowledge Byte In this section, you will learn about:

Middleware in Context Prof. Dave Bakken Cpt. S 464/564 Lecture

Advanced Operating Systems

Component-Based Software Engineering: Technologies, Development Frameworks, and Quality Assurance Schemes X. Cai, M. R. Lyu, K.F. Wong, R. Ko.

Firewalls Routers, Switches, Hubs VPNs

By Krishnamurthy et Al. Presented by David Girsault

Firewalls Jiang Long Spring 2002.

Chapter 3 VLANs Chaffee County Academy

Middleware in Context Prof. Dave Bakken Cpt. S 464/564 Lecture

Introduction to Network Security

Quality-aware Middleware

Presentation transcript:

Middleware Policies for Intrusion Tolerance Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel BBN Technologies QuO

Outline Using middleware for defense against intrusions Defense mechanisms Parameterizing defense policies

A Distributed Military Application

A Cyber-Attack Hacked!

An Abstract View Data User Data Source Data Processing (Fusion, Analysis, Storage, Forwarding, etc.) Attacker

Traditional Security Application Attacker Trusted OSs and Network Private Resources Limited Sharing Private Resources

Most OSs and Networks In Common Use Are Untrustworthy Application Attacker OSs and Network Private Resources Limited Sharing Private Resources

Cryptographic Techniques Can Block (Most) Direct Access to Application Attacker OSs and Network OSs and Network Private Resources Limited Sharing Private Resources

Firewalls Block Some Attacks; Intrusion Detectors Notice Others y p t o Application Attacker OSs and Network IDSs Firewalls Raw Resources CPU, bandwidth, files...

Defense-Enabled Application Competes With Attacker for Control of Resources C r y p t o Attacker Application Middleware for QoS and Resource Management OSs and Network IDSs Firewalls Raw Resources CPU, bandwidth, files...

QuO QuO Adaptive Middleware Technology QuO is BBN-developed middleware that provides: interfaces to property managers, each of which monitors and controls an aspect of the Quality of Service (QoS) offered by an application; specifications of the application’s normal and alternate operating conditions and how QoS should depend on these conditions. QuO has integrated managers for several properties: dependability communication bandwidth real-time processing (using TAO from UC Irvine/WUStL) security (using OODTE access control from NAI) QuO

QuO adds specification, measurement, and adaptation into the distributed object model CLIENT Network operation() in args out args + return value IDL STUBS SKELETON OBJECT ADAPTER ORB IIOP (SERVANT) OBJ REF Application Developer CORBA DOC MODEL Mechanism Developer CLIENT Delegate Contract SysCond Network MECHANISM/PROPERTY MANAGER operation() in args out args + return value IDL STUBS SKELETON OBJECT ADAPTER ORB IIOP (SERVANT) OBJ REF Application Developer QuO Developer QUO/CORBA DOC MODEL Mechanism Developer 7

The QuO Toolkit Supports Building Adaptive Apps or Adding Adaptation to Existing Apps QoS Adaptivity Specification QuO Code Generator CORBA IDL Middleware for QoS and Resource Management

Implementing Defenses in Middleware for simplicity: QoS concerns separated from functionality of application. Better software engineering. for practicality: Requiring secure, reliable OS and network support is not currently cost-effective. Middleware defenses will augment, not replace, defense mechanisms available in lower system layers. for uniformity: Advanced middleware such as QuO provides a systematic way to integrate defense mechanisms. Middleware can hide peculiarities of different platforms. for reuseability Middleware can support a wide variety of applications.

Security Domains Limit the Damage From A Single Intrusion host host host router host router host host domain hacked domain

Replication Management Can Replace Killed Processes domain host host host router host router host host domain hacked domain application component replicas QuO replica management

Bandwidth Management Can Counter Flooding Between Routers domain host host host router host router host host domain hacked domain QuO bandwidth management RSVP reservation or packet-filtered link

Other Defensive Adaptations Dynamically configure firewalls to block traffic Dynamically configure routers to limit traffic Dynamically change communication ports Dynamically change communication protocols

Defense Strategy Use QuO middleware to coordinate all available defense mechanisms in a coherent strategy. Our best current strategy has two parts: “outrun”: move application component replicas off bad hosts and on to good ones “contain”: quarantine bad hosts and bad LANs by limiting or blocking network traffic from them and, within limits, shutting them down

Policy Issues for ‘Outrunning’ Where should new replicas be placed? Always in new security domain? Always on a new host? Unpredictably? Should number of replicas change under attack? Increase for protection against stealth? Decrease for more rapid response?

Policy Issues for ‘Containment’ Should quarantine be used? Or rely only on self-shutdown based on local sensors? When is a domain, LAN, or host judged bad? Depends on source of warning? Depends on repeated warnings? Depends on combination of warnings? Is agreement necessary before quarantine? Yes: local decisions are easier to spoof No: global decisions are impeded by flooding

Avoiding Self-Denial-of-Service How to prevent attacker from spoofing defense into quarantining all security domains? Limit number or fraction of quarantined domains? Limit rate of quarantining? Allow later reintegration of quarantined domains?

Conclusion The feasibility of adaptive cyber-defense is being explored. Adaptive cyber-defense is naturally implemented in middleware. A strategy for cyber-defense can be parameterized in several ways.