DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

Slides:



Advertisements
Similar presentations
Chapter 19: Network Management Business Data Communications, 5e.
Advertisements

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
System and Network Security Practices COEN 351 E-Commerce Security.
Randomized Failover Intrusion- Tolerant Systems (RFITS) Ranga Ramanujan, Maher Kaddoura, John Wu, Clint Sanders, Doug Harper, David Baca Architecture Technology.
IS Network and Telecommunications Risks
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Computer Security: Principles and Practice
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Risk Management.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Department Of Computer Engineering
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Storage Security and Management: Security Framework
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Honeypot and Intrusion Detection System
A Survivability Validation Framework for OASIS Program Technologies.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
DARPA OASIS PI Meeting – Norfolk – February 13-16, 2001Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
DARPA OASIS PI Meeting – Hilton Head – March 12-15, 2002Slide 1 Aegis Research Corporation KARMA Kinetic Application of Redundancy to Mitigate Attacks.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Computer Emergency Notification System (CENS)
DARPA OASIS PI Meeting – Santa Fe – July 24–27, 2001Slide 1 Aegis Research Corporation Not for Public Release Intrusion Tolerance Using Masking, Redundancy.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
ANKITHA CHOWDARY GARAPATI
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
OASI S ORGANICALLY ASSURED & SURVIVABLE INFORMATION SYSEMS PRINCIPAL INVESTIGATORS’ MEETING Santa Fe, NM 24 July 2001 Jaynarayan H. Lala Program Manger.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Architecture Technology Corporation Odyssey Research Associates DARPA OASIS PI.
Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Network Architecture Characteristics  Explain four characteristics that are addressed by.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
CompTIA Security+ Study Guide (SY0-401)
CSCE 548 Student Presentation By Manasa Suthram
Improving searches through community clustering of information
Secure Software Confidentiality Integrity Data Security Authentication
CONTRA Camouflage of Network Traffic to Resist Attack (Intrusion Tolerance Using Masking, Redundancy and Dispersion) DARPA OASIS PI Meeting – Hilton Head.
Security Engineering.
CompTIA Security+ Study Guide (SY0-401)
Security Securing IS.
IS4680 Security Auditing for Compliance
Intrusion Detection system
Presentation transcript:

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001 Janet Lepanto William Weinstein The Charles Stark Draper Laboratory, Inc. Aegis Research Corporation ® Aegis Research Corporation

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 2 Aegis Research Corporation Not for Public Release Overview Technology description and survivability problem addressed Assumptions Impairments: threats, attacks, vulnerabilities –Design/implementation –Configuration/operation Survivability attributes Comparison with other systems Survivability mechanisms Rationale –Goal vs. impairment matrix –Verification techniques Residual risks, limitations, caveats Cost/benefit analysis

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 3 Aegis Research Corporation Not for Public Release Technology Description and Survivability Problem Addressed Apply fault-tolerant design concepts to provide intrusion tolerance for a “service” site that supports external clients with web-based access to information, databases, and applications services Minimize loss of data confidentiality and integrity in the face of a successful attack on one of the servers Tolerate attacks whose specific signatures are not known a priori Employ only a small set of trusted components to protect a large set of untrusted unmodified COTS servers and databases Employ redundancy for both intrusion tolerance and performance

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 4 Aegis Research Corporation Not for Public Release Nominal Site Configuration External WAN External Firewall Data Base Transaction Mediator Gateway Switched IP Server (1) Server (N) Server (2) Configuration Manager Authenti- cation Server Switched IP COTS Trusted Other

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 5 Aegis Research Corporation Not for Public Release Technical Approach Mask fingerprints of gateway and origin servers so that an attacker cannot probe over network to determine –OS of gateway, or origin servers –Implementation of any origin server Distribute each client’s transactions among origin servers such that the client cannot predict which server will handle a transaction Periodically inspect each origin server for configuration anomalies that might indicate that attack transactions have occurred –Reconfigure server to “clean” state if anomalies are detected Log transactions to back-end database so that data written by a compromised origin server can be reconstructed

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 6 Aegis Research Corporation Not for Public Release Assumptions

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 7 Aegis Research Corporation Not for Public Release Impairments: Threats, Attacks, Vulnerabilities

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 8 Aegis Research Corporation Not for Public Release Survivability Attributes Protects the confidentiality (C) and integrity (I) of site data from stealthy attacks emanating from an external network Does not address authentication (AU) Does not address non-repudiation (NR) DoS attack considerations –Redundancy of Origin Servers provides a second order benefit –Taking servers off-line when an anomaly is detected creates a potential vulnerability (which is mitigated by smart configuration management)

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 9 Aegis Research Corporation Not for Public Release Comparison with Other Systems Existing systems/practices –Address known threats, attack profiles and vulnerabilities to achieve confidentiality, integrity, authentication and non-repudiation –Require significant/costly modifications to COTS systems, (e. g., operating system modifications, special network cards) –Do not address vulnerabilities or attacks that are unknown a priori

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 10 Aegis Research Corporation Not for Public Release Survivability Mechanisms

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 11 Aegis Research Corporation Not for Public Release Survivability Mechanisms (cont’d)

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 12 Aegis Research Corporation Not for Public Release Rationale: Goal vs. Impairment Matrix

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 13 Aegis Research Corporation Not for Public Release Rationale: Verification Verification techniques Subjecting the system to known scanning tools to determine if the mechanisms to thwart those scans are implemented properly Subjecting the system to known attacks to evaluate how it reacts to various types of attacks (e. g., measuring the relative time to success for an attack directly on server X vs. the same attack on server X operating in our OASIS architecture). Subjecting the system to modifications of known attacks developed to exploit knowledge of the architecture and operation of the system Metrics –Impact of Draper-Aegis OASIS mechanisms on resistance to attack –Relative time to achieve successful attacks

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 14 Aegis Research Corporation Not for Public Release Residual Risks, Limitations, Caveats Forms-based HTML provides external client access to back-end database, and also can move files between clients and back-end file systems, and support interactions between clients and back-end applications –S ignificant system functionality and flexibility can be provided by the HTTP protocol –Utility of dispersion w.r.t. other protocols is TBD Need to evaluate if/to what extent Gateway and the Transaction Mediator could be bottlenecks for high performance sites If rollback is done only for transactions from compromised server, no guarantee that information in the database will remain self-consistent

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 15 Aegis Research Corporation Not for Public Release Cost/Benefit Analysis Time –Attacker is delayed –Attacker must complete exploit within bounded window to avoid detection Development –One-time development cost of trusted elements and agent software for origin server platforms Implementation –Acquisition and implementation incur cost of redundant origin servers and trusted elements (compared to cost of functionally equivalent site without our mechanisms) Operation –Maintenance cost of maintaining redundant origin servers and trusted elements scales with number of redundant versions Functionality Impact –Development cost to accommodate additional protocols Responsiveness of system –Transaction delays induced by proxy operations have negligible impact due to hardware speed