Intrusion Tolerant Systems Workshop: Anomaly Detection Group

Slides:



Advertisements
Similar presentations
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
Advertisements

Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.
© Copyright Richard W. Selby and Northrop Grumman Corporation. All rights reserved. 0 Process Synchronization and Stabilization February 2007 Rick.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Computer Security: Principles and Practice
Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
Stephen S. Yau CSE , Fall Security Strategies.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Lecture 11 Intrusion Detection (cont)
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Copyright Critical Software S.A All Rights Reserved. VAL-COTS Validation of Real Time COTS Products Ricardo Barbosa, Henrique Madeira, Nuno.
Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.
© DEEDS – OS Course WS11/12 Lecture 13 – OS Dependability and Fault Tolerance 1 Administrative issues Lab 5 Friday, Feb. 10 th 13:00-15:00 (and 15:00-17:00)
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
CSCE 548 Secure Software Development Risk-Based Security Testing.
COEN 252 Computer Forensics
IIT Indore © Neminah Hubballi
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
COEN 252 Computer Forensics Collecting Network-based Evidence.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
A Review by Raghu Rangan WPI CS525 September 19, 2012 An Early Warning System Based on Reputation for Energy Control Systems.
POLITECNICO DI MILANO Reconfiguration 4 Reliability design methodology for reliability assessment and enhancement of FPGA-based systems Dynamic Reconfigurability.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj
1 IA&S IA&S Roadmap and ITS Direction Dr. Jay Lala ITS Program Manager 23 February, 2000.
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”
Michael Oehler. This is Hard We are an equal opportunity intrusion detector. –Alerts occur irrespective of the mission impact. We are still incident focused.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Tuesday October 25, 2005 Preview SoBeNeT- II project.
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.
ESA Harwell Robotics & Autonomy Facility Study Workshop Autonomous Software Verification Presented By: Rick Blake.
Governance Orientation. Governance Model 1 Principles maintain future orientation and outcomes focus Board representing the ownership capture decisions.
Urban Infrastructure and Its Protection Responding to the Unexpected Interest Group Report.
Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.
11/03/2016.
Software Dependability
CSCE 548 Secure Software Development Risk-Based Security Testing
FAULT TOLERANT TECHNIQUES FOR WIRELESS AD HOC SENSOR NETWORKS
Cyber Resilient Energy Delivery Consortium
Security Engineering.
Wenjing Lou Complex Networks and Security Research (CNSR) Lab
Software Quality Engineering
Design for Quality Design for Quality and Safety Design Improvement
Intrusion Detection & Prevention
Shifting from “Incident” to “Continuous” Response
Soft Error Detection for Iterative Applications Using Offline Training
Software Verification and Validation
Architecture & System Performance
Software Verification and Validation
Hardware Counter Driven On-the-Fly Request Signatures
Speculative execution and storage
Co-designed Virtual Machines for Reliable Computer Systems
Software Verification and Validation
Luca Simoncini PDCC, Pisa and University of Pisa, Pisa, Italy
Presentation transcript:

Intrusion Tolerant Systems Workshop: Anomaly Detection Group Group Chair: Roy Maxion October 5-6, 1999 Williamsburg, VA

Group’s charter and response Can FT techniques be adapted to intrusion tolerance? Yes Does the use of these techniques introduce additional vulnerabilities that can be exploited by attackers? Sometimes, but not always How can these additional vulnerabilities be countered? Introduce randomness and redundancy Use watchdog timers Early warning indicators Data mining offline Collect data slowly Trend analysis Identify the right problem

Boundaries of ITS program Use existing intrusion detection components, including low-level correlaters Explore error-detection techniques Explore automated tolerance methods Explore correlation logic based on error detection and intrusion detection reports Deliver reports to an automated situation-assessment component (Cathy)

Goals Maintain shorter decision cycle than adversary Keep the system running despite attack

Stages of attack (& responses) Surveillance (trend analysis, early detection) Blitz (detect, tolerate, respond to, survive) Aftermath (attacker attempts to hide his tracks)

Stages of response Detect Assess React

Detection Out of band monitors and co-processors From outside (e.g. IDS program) From internal monitors Anomaly detection on local resources QOS violations, etc. Heartbeats Tripwires / self test Application specific (including OS) checks for timing, data, and control flow

Situation assessment Need models of attacks, missions, system resources Predict near-future outcomes, guard against them Report conditions to higher level (Cathy)

React Decide how to tolerate attack Pre-planned Adaptive Use of sparing, redundancy, fwd/bkwd recovery Use fault tolerance techniques to enhance survivability Respond based on a (dynamic) policy

Ideas for intrusion-tolerant architecture Integrity checking of critical files; compensate for unexpected events Out-of-band monitor for audit data Out-of-band processing/mining/trend analysis of audit data Enhancing the survivability of sensors who is monitoring the monitor, hard core (countering the added vulnerabilities)

Evaluation (incremental and operational) Incremental - marks progress Metrics Experiments Simulations Benchmarks Fault injection Taxonomy Operational - aids on-line decision Simulation Analytical methods - formal methods

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.