Research on Immunizing Embedded Linux Core Against Viruses and Software Faults Tao Gong1, 2, 3, Changxing Du1 1 College of Information S. & T., Donghua.

Slides:

Advertisements

Similar presentations

Collaborative Attacks on Routing Protocols in Ad hoc Networks Neelima Gupta University of Delhi India.

Advertisements

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

A New Household Security Robot System Based on Wireless Sensor Network Reporter :Wei-Qin Du.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

ZIGBEE PROTOCOL FOR WIRLEESS SENSOR NETWORK ZIGBEE PROTOCOL FOR WIRLEESS SENSOR NETWORK Research paper Lina kazem

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Information Systems Security Computer System Life Cycle Security.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Easwari Engineering College Department of Computer Science and Engineering IDENTIFICATION AND ISOLATION OF MOBILE REPLICA NODES IN WSN USING ORT METHOD.

EAACK—A Secure Intrusion-Detection System for MANETs

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Topic 5: Basic Security.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.

OCR Software Architecture for Embedded Device Seho Kim', Jaehwa Park Computer Science, Chung-Ang University, Seoul, Korea

Name Of The College & Dept

Energy Efficient Data Management for Wireless Sensor Networks with Data Sink Failure Hyunyoung Lee, Kyoungsook Lee, Lan Lin and Andreas Klappenecker †

Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Mobile Networks and Applications (January 2007) Presented by J.H. Su ( 蘇至浩 ) 2016/3/21 OPLab, IM, NTU 1 Joint Design of Routing and Medium Access Control.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

DETECTION OF WORMHOLE ATTACK IN MANET

Advanced Science and Technology Letters Vol.53 (AITS 2014), pp An Improved Algorithm for Ad hoc Network.

Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.

S URVIVABILITY A NALYSIS OF AD HOC NETWORK UNDER ATTACK Project Members S.Karthiga G.Asha J.Anusha Guided By Mrs. P.Prittopaul.

Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.

Understand Wireless Security LESSON Security Fundamentals.

The Internet of Things for Health Care

Presented by Edith Ngai MPhil Term 3 Presentation

PATIENT HEALTH MONITORING AND ALARMING

Author：Zarei.M.；Faez.K. ；Nya.J.M.

INFORMATION SYSTEMS SECURITY AND CONTROL.

Ilija Jovičić Sophos Consultant.

Firmware threat Dhaval Chauhan MIS 534.

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Discovering Computers 2012: Chapter 8

MadeCR: Correlation-based Malware Detection for Cognitive Radio

Information System and Network Security

V. A. Memos and K. E. Psannis*

Lecture 8. Cyber Security, Ethics and Trust

Protect Your Computer Against Harmful Attacks!

A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.

Xixu Fu,Kai jun Wu,XiZhang Gong

Security in Networking

Malware, Phishing and Network Policies

The Internet of Unsecure Things

Home Internet Vulnerabilities

CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.

Artificial Immune System against Viral Attack

Types of Software.

– Communication Technology in a Changing World

Network Security Ola Flygt Växjö University

Operating System Concepts

Operating System Concepts

Network Security Mark Creighton GBA 576 6/4/2019.

Yining ZHAO Computer Network Information Center,

About Us Scanster is one of the leading IT security software company. Our Software's are well integrated system that simplify computer security management.

Presentation transcript:

Research on Immunizing Embedded Linux Core Against Viruses and Software Faults Tao Gong1, 2, 3, Changxing Du1 1 College of Information S. & T., Donghua University, Shanghai 201620, China 2 Engineering Research Center of Digitized Textile & Fashion Technology, Ministry of Education, Donghua University, Shanghai 201620, China 3 Department of Computer Science, Purdue University, West Lafayette 47907, USA taogong@dhu.edu.cn Abstract. Linux is more secure than other operation systems such as Windows, but the embedded Linux core need be more secure by its immunization against viruses and software faults. First, the embedded Linux is customized from the standard Linux by keeping the Linux core and deleting the unnecessary components. Immunization of the Linux core is designed into the process control, memory management, communication, driving programs, and file system. The artificial immune system of the embedded Linux core is built on the tri-tier immune model, and both viruses and software faults are detected as nonselfs. The selfs are the normal components and the nonselfs are foreign viruses, infected selfs, lost selfs and damaged selfs. This immunization technique will be tested on a prototype of embedded Linux core, by protecting the file system and repairing the damaged files. Keywords: Embedded system; Linux core; immunization; virus; software fault. 1 Introduction Unknown viruses are difficult to detect and learn in some security applications [1], and the operation systems such as Windows and Linux have vulnerability to the viruses and attacks. To repair the vulnerability, users need update the operation systems online to set up some new security patches. This updating often provides a new chance for the viruses and attacks to spread the damage through the network. So threat modeling is used to expose some circumstances or events having the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service, and results in a vulnerability assessment. Similar to the threat model, the immune danger theory was proposed by Matzinger [2], and in this danger theory immune response distinguishes the danger signals that are generated by damaged cells. In the embedded Linux core, the threats are the damaged selfs and the foreign non-selfs such as the blackhole attacks and the virus-based wormhole attacks [3], so the threats are the non-selfs in nature. First, the blackhole attacks can transmit malicious broadcast information from a node that the node has the shortest path to the destination aiming to intercept messages. And the wormhole attacks can record 206

2 Immunizing embedded Linux core packets at one location in the network, tunnel them to other locations, and retransmit them there into the network via viruses. In fact, the human immune system has another different and advanced security approach to protect the body [4], and this immunization approach emphasize more on selfs (i.e. normal components such as normal cells, immune cells, and antibodies) than the nonselfs such as viruses and cancer cells. Inspired from this natural powerful security system, a new idea of immunizing the embedded Linux core is proposed to build the normal models of selfs and defend this core against the viruses and software faults, in this paper. 2 Immunizing embedded Linux core Standard Linux is a complex operation system, which has too many components to be set up in embedded systems. So this standard Linux needs trimming to be customized in the embedded systems, and the Linux core should be revised and compiled. The embedded Linux core has some necessary files and directories. The immunization of the embedded Linux core is made in process control, memory management, communication, drivers and file system. The embedded Linux core utilizes various data structures to organize the system processes in different ways, according to various requirements of the process control sub-system. Each process has its unique identification number (PID), and the immunity of the process control protects the core data structures, which the processes use. Memory is one of the most important resources in control of the Linux core, and the memory management sub-system is the most important and difficult part of operation system. The root file system is a necessary file system for running the Linux operation system. Driver design is an important step to develop embedded systems, and the drivers provide the interfaces for the applications to control the hardware. The normal embedded systems are based on the normal states of the drivers. The immunity of the driver is used to monitor the normal state of the driver and assure the proper output of the diver. The embedded systems often communicate with other embedded systems or foreign networks, and the security is not only based on the security of the communication protocol, but also relative with the security of the Linux core. If the immune Linux core can detect the data packages with such nonselfs as viruses by detecting the selfs of this core first, this communication will be more secure. In many embedded systems, the data spaces of users are private, so the immunity of the Linux core protects this privacy. 3 Testing immune Linux core and NS2-based experiments The immune Linux core is compiled according to the regular compiling method, and the step for compiling the immune programs is just after the step for building the normal model of the embedded system. After the immune programs are compiled, the files Makefile and Konfig are revised and generated. The mirror of the Linux core 207

4 Conclusion References uses the zImage mirror, and this mirror can be downloaded into the development board to test. To validate the immunization approach for the embedded system, 2 embedded systems such as ARM9 and ARM11 and 3 notebooks build a real mobile ad hoc network. As one node was compromised by the blackhole attack, the routing table of this node was changed the attack, and so the client program of this node sent no any data to the other nodes. The wormhole attack changed the routing table of the compromised node, and spread the wormhole attack via the client program of this node into other nodes. Due to the amount limit of notebooks, ARMs and Zigbee devices, the node amount of the real ad hoc network was as small as five, but the node amount of the simulations with the Network Simulator 2.35 was expanded to as large as 20. Comparing with the packet delivery ratios (PDR) of the network under the collaborative attacks and the network based on the regular Intrusion Detection System (IDS) against the attacks, the packet delivery ratio of the network with cooperative immunization was higher. This result shows that the cooperative immunization is faster and more effective against the collaborative attacks than the regular IDS. 4 Conclusion The embedded Linux core is very important for many applications of the embedded systems, and the immunization of this embedded Linux core is important for its security. First, the normal model is useful to build the selfs and identify the normal state of this embedded system by the space-time properties. Then, based on this normal model, the viruses and software faults can be detected quickly and accurately, so the immunization can be created for the embedded system of such modules as process control, memory management, communication, drivers and file system etc. Acknowledgements. The work was supported by grants from Natural Science Foundation of Shanghai (08ZR1400400), the Shanghai Educational Development Foundation (2007CG42), the National Natural Science Foundation of China (60874113), and NSF-0242840. References Sukwong, O., Kim, H. S., Hoe, J. C.: Commercial antivirus software effectiveness: an empirical study. IEEE Computer, vol. 44, no. 3, pp. 63-70 (2011) Matzinger, P.: The danger model: a renewed sense of self. Science, vol. 12, 301-305 (2002) Wang, W., Bhargava, B., Lu, Y., Wu, X.: Defending against wormhole attacks in mobile ad hoc networks. Wireless Communications & Mobile Computing, 6(4): 483-503 (2006) Gong, T., Cai, Z. X.: Artificial immune system based on normal model and its applications. Beijing: Tsinghua University Press (2011) 208