8.1 DISTRIBUTED COMPUTER SECURITY Dr. Yanqing Zhang, CSc 8320 Presented by Kireet Kokala © 2009 Georgia State University

O UTLINE P ART I : I NTRODUCTION o Brief Overview of Fundamentals P ART II : C URRENT R ESEARCH o Types of Attacks o Botnet Attack: detection and capacitance P ART III : F UTURE C YBER W ARFARE o Compromising Super-Grid computing security R EFERENCES Q & A 2 © 2009 Georgia State University

I : I NTRODUCTION [R. Chow & T. Johnson, 1997] Distributed System Security Dependable, robust, and secure systems uphold:  Secrecy – protection from unauthorized disclosure (info. leakage).  Integrity – protection from illegal access by unauthorized users.  Availability – system resources and functionality remain active for authorized users.  Reliability/Safety – fault tolerance mechanisms (i.e. both system and user) 3 © 2009 Georgia State University

I : I NTRODUCTION [R. Chow & T. Johnson, 1997] Distributed System Representation  Subjects: active entities that access objects  Objects: passive entities that must be protected Governed by  Access Control Policy: describes how objects are accessed by subjects  Flow Control Policy: regulates info flow between objects & subjects Basic Intrusion types: Denial of Service (DoS), Masquerading attack. Important step  packet and sensitive data sniffing. Ex: get started with Knoppix  Hakin9  PHLAK 4 © 2009 Georgia State University

I : I NTRODUCTION [Packet Analyzer, Wiki, 2009] Sniffing Overview 5 © 2009 Georgia State University

“The unexamined life is not worth living.” –Socrates “The examined life is painful.” –Malcolm X © 2009 Georgia State University

II : C URRENT R ESEARCH [R. Chow & T. Johnson, 1997] COMMON ATTACK TYPES [Botnets, Wiki, 2009]  Denial of Service: bombard the target machine with external communication requests  slow it down or make it ineffective.  Masquerading: one person or program successfully masquerades as another by falsifying data and gaining illegitimate access.  Botnet: network of compromised computers using distributed computing software. Botnet  Ex: Conficker targeted Windows machines server service. Detected in 2008 and growing well past 5 million PCs.  Est# bots is 10, 000, 000+ [Conficker, Wiki, 2009] 7 © 2009 Georgia State University

II : C URRENT R ESEARCH [] II : C URRENT R ESEARCH [Zhichun Li et. al, 2009] Botnet Detection  Still isn’t an exact science, but has large academic value and preventive measures that rise out of studying how the nodes connect and work.  Alarmingly large number of viruses, attacks, and security breaches are done via malware bots [ Brett Gross et. al, 2006 ].  Keep tabs on probing activities on websites to observe host-level of single instances of bot activities.  Their method requires local info and analytical knowledge about botnet properties and behavior. ***Detection comes with the caveat that with the click of a button, the botmaster/Bot herder/Warlock can switch bot routes or change probe patterns to blend in. © 2009 Georgia State University

II : A PPROACH [] II : A PPROACH [Zhichun Li et. al, 2009] 1. Statistical approaches to assess attributes of large-scale probing events— hit list detection. a.Subnet detection b.Dependency checking 2. Employ 2 algorithms: based on some assumptions, but allow them to infer the global scanning scope of a probing event. a.analysis of 293GB of Honeynet traffic data. © 2009 Georgia State University [Hiroshi Takemiya] [Hiroshi Takemiya et. al, 2006]Hiroshi TakemiyaHiroshi Takemiya et. al, 2006

II : A PPROACH [] II : A PPROACH [Zhichun Li et. al, 2009] Graphical overview of system architecture and results: distribution of malicious payload in scans. © 2009 Georgia State University

III : F UTURE P OTENTIAL A system is as strong as its weakest link. Analysis via simulation and practical experiments is key to facilitating system evolution! 11 © 2009 Georgia State University

III : F UTURE P OTENTIAL Ideas on how to compromise Super-Grid security? 12 © 2009 Georgia State University

III : F UTURE P OTENTIAL © 2009 Georgia State University Security Distributed systems laid across a heterogeneous array of hardware will help in the anti-malware initiative. Centralized Firewalls with real-time monitoring. Upgrading several W3 & IETF standards: TCP/IP, MIME type issues, etc. point to removing redundant ID misuse for transactions. Academic study of cyber-specific development helps understand the nature of complicated threats (viz. botnet). Attacks Attacks are moving away from known exploit-routes to taking on trusted sources for DoS type attacks. Dormant botnets evolve with time while awaiting instructions—an alarmingly growing number [Conficker, Wiki, 2009]. Consider mobile-botnets that are only limited to the number of devices allowed by IPv6 inception.

R EFERENCES [1] “Distributed Operating Systems & Algorithms”, Randy Chow and Theodore Johnson, [2] “Your Botnet is My Botnet: Analysis of a Botnet Takeover,” Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna, ACM, , [3] “A formal protection model of security in centralized, parallel, and distributed systems,” Glenn S. Benson, Ian F. Akyildiz, William F. Appelbe. ACM Transactions on Computer Systems, Vol 8, Issue 3, Pages: , [4] “Automating analysis of large-scale botnet probing events”, Zhichun Li, Anup Goyal, Yan Chen, Vern Paxson, ASIAN ACM Symposium on Information, Computer and Communications Security, pages: 11-22, [5] “Sustainable adaptive grid supercomputing: multiscale simulation of semiconductor processing across the pacific,” Hiroshi Takemiya, Yoshio Tanaka, Satoshi Sekiguchi, Shuji Ogata, Rajiv K. Kalia, Aiichiro Nakano, Priya Vashishta, Conference on High Performance Networking and Computing archive Proceedings of the ACM, No. 106, [6] “Botnet”, [7] “Conficker”, 14 © 2009 Georgia State University

Q&AQ&AQ&AQ&A 15 © 2009 Georgia State University