PASIS: Perpetually Available and Secure Information Systems Greg Ganger, Pradeep Khosla, Chenxi Wang, Mehmet Bakkaloglu,

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Security Life Cycle for Advanced Threats

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Deciding when to forget in the Elephant file system Douglas S. Santry Michael J. Feeley Norman C. Hutchinson Alistair C. Veitch Ross W. Carton Jacob Ofir.

Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

Access Control Chapter 3 Part 5 Pages 248 to 252.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

System and Network Security Practices COEN 351 E-Commerce Security.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Lecture 11 Reliability and Security in IT infrastructure.

Security administrators The experts need better tools too!

Week:#14 Windows Recovery

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge

Michael Niehaus OS DeploymentApp Deployment Infrastructure Deployment.

®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Module 13: Configuring Availability of Network Resources and Content.

Implementing Dynamic Host Configuration Protocol

Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Week 7 Objectives Installing a DHCP Server Role Configuring DHCP Scopes Managing a DHCP Database Securing and Monitoring DHCP.

© 2001 by Prentice Hall11-1 Local Area Networks, 3rd Edition David A. Stamper Part 4: Installation and Management Chapter 11 LAN Administration: Backup.

Selective Versioning in a Secure Disk System Swaminathan Sundararaman University of Wisconsin-Madison Gopalan Sivathanu Google Inc. Erez Zadok Stony Brook.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.

Week #3: Configuring and Troubleshooting DHCP

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

PARALLEL DATA LABORATORY Carnegie Mellon University An Architecture for Self-  Storage Systems Andrew Klosterman, John Strunk Greg Ganger.

Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Module 4: Configuring and Troubleshooting DHCP

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.

Understanding Backup and Recovery Methods Lesson 8.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.

2007/5/ Digital Forensic Research Workshop (DFRWS) New Orleans, LA 1 Data Hiding in Journaling File Systems Knut Eckstein, Marko Jahnke 報告人：陳晉煒.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

Role Of Network IDS in Network Perimeter Defense.

Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.

HAMILTON VENUS Security Settings. Security Settings are set in the System Configuration Editor.

Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.

Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.

Self-Securing Devices: Better Security via Smarter Devices Greg Ganger Director, Parallel Data Lab.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

SIEM Rotem Mesika System security engineering

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Working at a Small-to-Medium Business or ISP – Chapter 8

Outline Introduction Characteristics of intrusion detection systems

Backtracking Intrusions

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Database Backup and recovery

6. Application Software Security

Presentation transcript:

PASIS: Perpetually Available and Secure Information Systems Greg Ganger, Pradeep Khosla, Chenxi Wang, Mehmet Bakkaloglu, Michael Bigrigg, Garth Goodson, Semih Oguz, Vijay Pandurangan, Craig Soules, John Strunk, Ken Tew, Cory Williams, Ted Wong, Jay Wylie Carnegie Mellon University

Greg Ganger January 2002http:// Create information storage systems that are Perpetually Available Information should always be available even when some system components are down or unavailable Perpetually Secure Information integrity and confidentiality should always be enforced even when some system components are compromised Graceful in degradation Information access functionality and performance should degrade gracefully as system components fail Assumptions – Some components will fail, some components will be compromised, some components will be inconsistent, BUT………. surviving components allow the information storage system to survive PASIS Objective

Greg Ganger January 2002http://  Surviving “server-side” intrusions  decentralization + data distribution schemes  provides for availability and security of storage  Surviving “client-side” intrusions  server-side data versioning and request auditing  enables intrusion diagnosis and recovery  Tradeoff management balances availability, security, and performance  maximize performance given other two Survivable Storage Systems

Greg Ganger January 2002http:// Self-Securing Storage Storage that protects itself prevents destruction of stored data prevents undetectable modifications looks for suspicious storage activity Effective tool for intrusion survival Detection: watches storage events and triggers alarms Diagnosis: provides info for administrators to analyze Recovery: provides complete history of data versions

Greg Ganger January 2002http:// Step #1: Additional Security Perimeter File System Application Host Operating System System Calls Storage Requests Insecure RPC or Device Driver RPC or Device Driver Storage protected by device Secure New security perimeter S4S4  Exploit storage device properties – Establish security perimeter around the device

Greg Ganger January 2002http:// Step #2: Internal Versioning & Auditing File 1 File 2 File (n-1) File n History pool 9/7/99 9:37:05 9/4/99 7:28:11... time

Greg Ganger January 2002http:// Step #2: Internal Versioning & Auditing File 1 File 2 File (n-1) File n Detection Window Expired versions History pool 9/7/99 9:37:05 9/4/99 7:28:11... time

Greg Ganger January 2002http:// Step #2: Internal Versioning & Auditing File 1 File 2 File (n-1) File n Detection Window Expired versions History pool 9/7/99 9:37:05 9/4/99 7:28:11... time  Storage device logs all requests –Audit log is externally read-only

Greg Ganger January 2002http:// Feasibility Evaluation (OSDI’00) Capacity requirements Question: Are large detection windows feasible? Conclusion: Weeks or months are possible Performance overheads Question: Are performance costs too high? Conclusion: Performance overhead is small … (<)<15% cost for versioning and auditing

Greg Ganger January 2002http:// Benefits of Self-Securing Storage Storage-based intrusion detection A new opportunity (and viewpoint) to observe Informed analysis of security compromises Log tampering is visible and recoverable Capture exploit tools stored on the target Faster, better recovery Earlier states still in history pool Legitimate changes still present in history pool also, recovery from accidental deletion

Greg Ganger January 2002http:// Storage-based Intrusion Detection Standard goal: Detect suspicious activity New opportunities to observe: 1.Changes to static files sshd, /bin/login, shell programs, config. files, etc. 2.Unexpected patterns of changes non-append changes to audit log, etc. 3.Corruption of well-understood files /etc/passwd, /var/log/wtmp, etc. 4.Suspicious content known viruses, hidden files or directories, etc.

Greg Ganger January 2002http:// for comparison... Stronger than current storage-related IDSs e.g., Tripwire or virus scanners These periodically run on host and compare filesystem state to reference database or known viruses Stronger because detection checks can be in real time they can’t be turned off in compromised host system they can’t be spoofed or filtered by intermediary they do not rely on reference database

Greg Ganger January 2002http:// Post-Intrusion Diagnosis Goal: Determine what/when it happened Self-securing storage informs key questions When did the intrusion happen? needed for recovery How did they get in? including capture of exploit tools for analysis What files were read, written, and seen tainted? damage estimation

Greg Ganger January 2002http:// For comparison: Conventional Diagnosis

Greg Ganger January 2002http:// Hardcore Conventional Diagnosis BIG forensics effort required before analysis discovering deleted evidence from deleted inodes unallocated blocks slack space in the final block of files problems that this causes incomplete info is difficult to analyze most evidence is completely gone Self-securing storage puts focus on analysis all storage actions and states are preserved

Greg Ganger January 2002http:// Post-Intrusion Recovery Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data

Greg Ganger January 2002http:// Post-Intrusion Recovery Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data

Greg Ganger January 2002http:// Restore pre-intrusion versions rapidly Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data Restoring pre-intrusion state

Greg Ganger January 2002http:// Copy-forward users’ work carefully Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data Restoring users’ work

Greg Ganger January 2002http:// Summary of self-securing storage Protect stored data and audit storage accesses even if client OS is compromised Can save and observe anything inside device retain all versions of all data collect audit log of all requests watch storage events and trigger alarms Self-securing storage enables: storage-based intrusion detection Informed analysis of security compromises faster, better recovery

Greg Ganger January 2002http:// Client Apps Local PASIS Agent PASIS Storage Nodes Tradeoff Management Multi-read/write Communication Encode & Decode Client Applications PASIS Storage Nodes System Characteristics User Preferences PASIS Agent Architecture

Greg Ganger January 2002http:// Trade-off space Scheme Selection Surface

Greg Ganger January 2002http://  Decentralization + data distribution schemes  provides for availability and security of storage  Tradeoff management balances availability, security, and performance  … and it is good engineering practice!  Data versioning to survive malicious users  enables intrusion diagnosis and recovery PASIS: Summary

For more information: Director, Parallel Data Lab