Athith Amarnath, graduate Student Database and Security Research Group

Slides:



Advertisements
Similar presentations
Secure Mobile IP Communication
Advertisements

By Md Emran Mazumder Ottawa University Student no:
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Access Control Chapter 3 Part 5 Pages 248 to 252.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Applied Cryptography for Network Security
Bazara Barry1 Security on Networks and Information Systems Bazara I. A. Barry Department of Computer Science – University of Khartoum
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Storage Security and Management: Security Framework
MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
X-Road – Estonian Interoperability Platform
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Presented by: Sanketh Beerabbi University of Central Florida.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Standardisation and regulation on information security Margus Püüa Head of Department Department of State Information Systems Ministry of Economic Affairs.
Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending Non-repudiation E-commerce.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
SensorWare: Distributed Services for Sensor Networks Rockwell Science Center and UCLA.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
Network Security Celia Li Computer Science and Engineering York University.
Module 7: Designing Security for Accounts and Services.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Online Security Myths & Challenges HIGHER COLLEGES OF TECHNOLOGY Abeer Nijmeh Account Manager April 14, 2002.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Towards a High Performance Extensible Grid Architecture Klaus Krauter Muthucumaru Maheswaran {krauter,
Presented by Edith Ngai MPhil Term 3 Presentation
Web Applications Security Cryptography 1
Security of Digital Signatures
Intrusion Tolerant Architectures
Implementing Network Access Protection
Cryptographic Hash Functions
Detection and Analysis of Threats to the Energy Sector (DATES)
Information and Network Security
Cryptographic Hash Functions
Computer Security Security Concepts September 20, 2018
How to Mitigate the Consequences What are the Countermeasures?
Operating System Security
Distributed Computing:
Erica Burch Jesse Forrest
Autonomous Network Alerting Systems and Programmable Networks
A Model For Network Security
Presentation transcript:

Implementation of Access Control Reference Monitor Security using Moving Target Defense Athith Amarnath, graduate Student Database and Security Research Group Department of Computer Science

Problem Statement Security is a very serious concern in this era of digital world Access Control Enforcement with strong policies that ensures the confidentiality, availability and integrity of data of interest, protecting them is equally important Access Control Enforcement achieved by trusted computing base assumed to be tamper proof Difficult to achieve without fully implementing the security kernel in trusted hardware Single server hosting access control enforcement can be vulnerable Attacker can eavesdrop, spoof and finally gain access by exploiting vulnerabilities in the system

Proposed Solution – Moving Target Defense 1 2 3 4 Service Location Protocol L Implementation of Leader Election Protocol Extension of Byzantine Fault detection using Consensus Algorithm Time-Driven and Event- Driven Election strategy Usage of Selection Location Protocol to locate the leader Messages signed an verified using Digital Signature Algorithm (DSA)

Moving Target Defense Approach Group of nodes providing the service instead of a single node Election Term - a node chosen as a Leader providing Access Control Service for a fixed amount of time Leader – a node elected using the byzantine consensus algorithm providing service for an election term

Moving Target Defense Architecture UA – User Agent DA – Directory Agent FD – Fault Detector EM – Election Module MM – Migration Module

Leader Election Protocol Coordinator c is given by c = r mod n + 1 where r = number of election term, n = number of nodes This protocol can work with k byzantine nodes where k = (n – 1) / 3

Service Location Protocol

Result Nodes (n) No. of Max Faults (k) No. of LEP messages exchanged LEP time (s) Service Registration Time (s) Access respone time (s) User Agent Query Time (s) 5 1 130 2.16 0.012 0.095 21.043 8 2 328 3.389 0.2 0.062 24.05 10 3 510 4.261 0.034 0.074 24.054 13 4 858 6.08 0.07 21.053 15 1140 6.473 0.056 0.057 24.055 20 6 2020 8.694 0.045 0.078 24.045 25 3150 10.754 0.58 0.73 24.034

Problems with this Approach Leader Election protocol is Deterministic Fault Detector detects nodes that deviate from the algorithm or do not follow the message format

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.