Authors: Helen J. Wang, Chuanxiong Guo, Daniel R

Slides:



Advertisements
Similar presentations
TCP/IP MODEL Maninder Kaur
Advertisements

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Guide to Network Defense and Countermeasures Second Edition
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Internet Networking Spring 2003
ITIS 6167/8167: Network and Information Security Weichao Wang.
Lecture 11 Intrusion Detection (cont)
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Network Management Concepts and Practice Author: J. Richard Burke Presentation by Shu-Ping Lin.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Presentation on Osi & TCP/IP MODEL
6.1. Transport Control Protocol (TCP) It is the most widely used transport protocol in the world. Provides reliable end to end connection between two hosts.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
Transport Layer OSI Model. The transport layer is responsible for the segmentation and the delivery of a message from one process to another.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Lecture91 Administrative Things r Return homework # 1 r Review some problems in homework # 1 r Questions about grading? Yona r WebCT for CSE245 is working!
Lecture 4 Overview. Ethernet Data Link Layer protocol Ethernet (IEEE 802.3) is widely used Supported by a variety of physical layer implementations Multi-access.
Institute of Technology Sligo - Dept of Computing Chapter 12 The Transport Layer.
Transport Layer3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley,
Mike Hsiao Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits Helen J. Wang, Chuanxiong Guo, Daniel R. Simon,
Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits By Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier.
Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits H. Wang, C. Guo, D. Simon, and A. Zugenmaier Microsoft Research.
1 Kyung Hee University Chapter 11 User Datagram Protocol.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
OSI Model OSI MODEL. Communication Architecture Strategy for connecting host computers and other communicating equipment. Defines necessary elements for.
OSI Model OSI MODEL.
CompTIA Security+ Study Guide (SY0-401)
Chapter 11 User Datagram Protocol
Working at a Small-to-Medium Business or ISP – Chapter 8
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
5. End-to-end protocols (part 1)
Module 4 Remote Login.
OSI Protocol Stack Given the post man exemple.
Error and Control Messages in the Internet Protocol
Understand the OSI Model Part 2
Introduction to Networking
Understanding the OSI Reference Model
File Transfer and access
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Client-Server Interaction
CompTIA Security+ Study Guide (SY0-401)
Transport Layer Unit 5.
Packet Switching To improve the efficiency of transferring information over a shared communication line, messages are divided into fixed-sized, numbered.
CSCI {4,6}900: Ubiquitous Computing
I. Basic Network Concepts
Dr. John P. Abraham Professor UTPA
Process-to-Process Delivery:
Dr. John P. Abraham Professor UTRGV, EDINBURG, TX
Authors: Helen J. Wang, Chuanxiong Guo, Daniel R
Dr. John P. Abraham Professor UTPA
Lecture 2: Overview of TCP/IP protocol
Lecture 3: Secure Network Architecture
Network Layer The network layer is responsible for the source-to-destination delivery of a packet, possibly across multiple networks (links). Whereas the.
CPEG514 Advanced Computer Networkst
OSI Model OSI MODEL.
Computer Networks Topic :User datagram protocol Transmission Control Protocol -Hemashree S( )
ITIS 6167/8167: Network and Information Security
Transport Layer 9/22/2019.
Presentation transcript:

Shield: Vulnerability Driven Network Filters for Preventing Known Vulnerability Exploits Authors: Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier Published: ACM SIGCOMM, 2004 Presented By: Anvita Priyam

S/W patches A patch is a small piece of software designed to update or fix problems with a computer program or its supporting data. Urgent security problem- threat of remote attacks, based on vulnerabilities in currently running S/W (specially worms) Repair the vulnerability before it can be exploited S/W vendors develop & distribute reparative patches ASAP after learning of a vulnerability

Overview Motivation for Shield Architecture Design Issues Analysis Evaluation Weaknesses Suggestions

Motivation for Shield- Problems with patches Administrators do not often implement patches immediately after they are made available Reasons for failure to install: > Disruption- installing requires rebooting > Unreliability- insufficient time to check patches before they are released > Irreversibility- no easy way of uninstalling > Unawareness- Administrator may miss it

Shield First line worm defense in n/w stack, filters traffic above transport layer Vulnerability specific, exploit generic Installed in end systems before a patch is applied

GOALS There are three goals for Shield design: > Minimize & limit the state maintained by Shield > Enough flexibility to support any application level protocol > Design fidelity

Vulnerability Modeling Embedded Application State Machine S0 VULNERABILITY STATE MACHINE S0 Message S1 S2 S3 V4 S4 S5 S5 Exploit Event V4 Protocol State Machine

Vulnerability Modeling Each application is a finite state machine- Application State Machine Protocol State Machine- transitions are application message arrivals Vulnerability Signature- describes Vulnerability State Machine & how to exploits Shield Policy- Vulnerability Signature + actions to take

Shield Policy Specifies: Application Identification- which packets are destined for which application Event Identification- how to extract message type from a message Session identification- which session a msg belongs to State Machine specification- states, machines, transitions

Shield Architecture New Policies Raw Bytes Port# SessionID location MessageType Location New Policies PER APP SPEC POLICY LOADER Exe-> Spec Id HandlerAt(state,event) How to parse msg & identify a session Event for session i Raw Bytes Port# STATE MACHINE ENGINE Raw bytes Spec ID SESSION DISPATCHER APPLICATION DISPATCHER curState Current State Interpret(Handler) ParsePayload SHIELD INTERPRETER SESSION STATE Drop TearDownSession SetNextState

Shield Modules Policy Loader: integrates new policy with an existing Spec ( or creates one) Application Dispatcher: forwards raw bytes and spec to the session dispatcher Session Dispatcher: recognizes the event & session ID & dispatches to corresponding state machine instance (SMI) SMI: asks Spec which event handler to invoke, calls the shield interpreter to interpret it

Design Issues Scattered arrivals Out-of-Order Arrivals Application level Fragmentation

Scattered arrivals Could be due to TCP congestion control or message handling implementations of an application Copy & wait for rest of data to arrive Index copy-buffers for putting in place the later arrivals Pre-session copying/in-session copying Copy-buffer is de-allocated when complete message is received.

Out-of-Order Arrivals When application level protocol runs on top of UDP, datagrams can arrive out of order Copies datagrams & passes to applications Sets the upper limit of the number of copied datagrams to be maximum out of order datagrams that application level protocol can handle

Application Level Fragmentation Some application level protocols use application data units & perform fragmentation & reassembly Spec needs to contain the location of fragment ID in the message Ensures that the fragment is not treated as the entire message event.

Analysis Scalability with Number of Vulnerabilities > number of shields should not grow very large > state machines modeling vulnerabilities should be merged into one > application throughput was halved at worst False Positives > Should have very low false positives > but may arise from incorrect policies

EVALUATION 6 24 Applicability of Shield Local No User-involved #of vulnerabilities Nature Wormable Shieldable 6 Local No 24 User-involved Usually Hard 12 Server Buffer over runs Yes Easy 3 Cross site scripting Hard Server DOS Varies

Application Throughput

Application Throughput

WEAKNESSES Vulnerabilities from bugs embedded in application’s logic are hard to defend against Simple vulnerabilities exploitable by malformed, n/w protocol independent application objects are difficult for shield to catch Application encryption poses a problem for Shield

Suggestions Applicability should be tested for more variety of vulnerabilities Testing shield should be made automated Applicability against virus problems should be tested Explore alternate deployment options other than the end hosts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.