Using an “Angel in the Box” to Secure MANETs

Slides:



Advertisements
Similar presentations
Security Issues In Mobile IP
Advertisements

Vpn-info.com.
1 Planetary Network Testbed Larry Peterson Princeton University.
Stealth Measurements for Cheat Detection in On-line Games Ed Kaiser Wu-chang Feng Travis Schluessler.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Moving Target Defense in Cyber Security
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
The Case for Network Witnesses Wu-chang Feng Travis Schluessler Supported by:
Network Attacks Mark Shtern.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely John Deere presents:
Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.
TUTORIAL # 2 INFORMATION SECURITY 493. LAB # 4 (ROUTING TABLE & FIREWALLS) Routing tables is an electronic table (file) or database type object It is.
Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely presents:
October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.
Software Security Testing Vinay Srinivasan cell:
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
VirtualBox What you need to know to build a Virtual Machine.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Dealing with Malware By: Brandon Payne Image source: TechTips.com.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Information Security 493. Lab # 4 (Routing table & firewalls) Routing tables is an electronic table (file) or database type object that is stored in a.
Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.
NADAV PELEG HEAD OF MOBILE SECURITY The Mobile Threat: Consumer Devices Business Risks David Parkinson MOBILE SECURITY SPECIALIST, NER.
VIRTUAL NETWORK COMPUTING SUBMITTED BY:- Ankur Yadav Ashish Solanki Charu Swaroop Harsha Jain.
Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Malware Removal Could Be the Toughest Computer Repair Job Computer owners are often shocked at the price of computer repair services to clean up a virus.
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.
Compilers and Security
Windows 10 Common VPN Error Tech Support Number
Computer safety Filip Hruby.
Palo Alto Networks Certified Network Security Engineer
Chapter 19: Network Management
Trusted Computing and the Trusted Platform Module
Chapter 6: Interoperability
SFS-HTTP: Securing the Web with Self-Certifying URLs
Critical Security Controls
Security Testing Methods
Secure Software Confidentiality Integrity Data Security Authentication
EN Lecture Notes Spring 2016
Outline What does the OS protect? Authentication for operating systems
Hardware Cryptographic Coprocessor
Information and Network Security
Outline What does the OS protect? Authentication for operating systems
TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh
Nessus Vulnerability Scanning
Protect Your Microsoft Azure Cloud Assets Against Inside and Outside Threats With Balabit’s Shell Control Box Privileged User Monitoring Solution Partner.
ITIS 6010/8010 Wireless Network Security
Reverse engineering through full system simulations
Intel Active Management Technology
A simple and secure single sign-in authentication service, designed to help businesses prove who they are when transacting with public services online.
Erica Burch Jesse Forrest
Mohammad Alauthman Computer Security Mohammad Alauthman
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
6. Application Software Security
Stefano Tempesta Secure Machine Learning with SQL Server Always Encrypted with Secure Enclaves.
Presentation transcript:

Using an “Angel in the Box” to Secure MANETs Wu-chang Feng, Ed Kaiser Nirupama Bulusu, Wu-chi Feng Jesse Walker, Erik Johnson

Angel in the Box A trusted, tamper-resistant processor that is hidden from the applications and operating system running on the host Ring “–1” Only runs code signed by appropriate authority Intel, DARPA, IETF Has access to key components of running system Paradigm Run anything you want on the untrusted part of the box, but the angel is watching Angel in the Box - Halevi 2004 DIMACS

Stopping unwanted traffic Authentic measurements Platform integrity Fail-safe operation Angel disables host when applications and/or OS are in an unknown state Adversary injects malware into application or disables security Angel quarantines entire system when integrity check fails Angel disables host when “captured” Adversary removes node from network to reverse engineer it Angel disables system upon losing contact with rest of network or when moved outside allowable geographic locations Stopping unwanted traffic Authentic measurements Angel provides data integrity for remote measurements Adversary modifies measurements sent in MANET Angel verifies and certifies data integrity for mission-critical measurements Angel drops unwanted traffic before it reaches the network Adversary floods network Angel tracks public proof-of-work in protocols, verifies that each request contains valid work, and drops those that do not Angel watches over host 2) Angel will self-destruct in 5 seconds 3) Angel will not talk when no one is listening (shade of gray access control) 4) Angel will tell no lies

Angel in the Box example Intel’s Active Management Technology platform Tamper-proof network access control at ingress based on security “posture” (i.e. hardware/software inventory)

Good hammer, looking for nails Detect cheating in online games Similar platform integrity issues as MANETs Adversary has physical control over target machine Extensions to AMTv2 to solve cheating problem Detect software injection of keyboard/mouse input IAMANETs Use existing AMTv2 to solve IAMANET problem Intel’s DTK http://www.intel.com/software Work on platform additions to AMTv2 to support new requirements Intel CTG http://www.intel.com/research

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.