Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Slides:



Advertisements
Similar presentations
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Advertisements

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/11/2011 Security and Privacy in Cloud Computing.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
LittleOrange Internet Security an Endpoint Security Appliance.
Authors: Thomas Ristenpart, et at.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Guidelines and Management
Chapter Nine Maintaining a Computer Part III: Malware.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
DARPA Challenges for Anomaly Detection of Program Exploits Anup K. Ghosh, Ph.D. DARPA/ATO JHU Workshop on Intrusion Detection Johns Hopkins University.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Hacker Zombie Computer Reflectors Target.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 6 03/22/2010 Security and Privacy in Cloud Computing.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
CS 1308 Computer Literacy and the Internet. Introduction  Von Neumann computer  “Naked machine”  Hardware without any helpful user-oriented features.
Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.
COEN 252 Computer Forensics Collecting Network-based Evidence.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Authors:Jon Oberheide, Kaushik Veeraraghavan, Evan Cooke, Jason Flinn, Farnam Jahanian Electrical Engineering and Electrical Engineering and Computer Science.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 4 09/10/2013 Security and Privacy in Cloud Computing.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Getting it Done: Understanding the Security Features of Windows Vista Kai Axford, CISSP, MCSE-Security.
Advanced Anti-Virus Techniques
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
TECHDOTCOMP SUPPORT TECHDOTCOMP nd Ave, Seattle, WA 98122, USA Phone:
©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.
CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department, University.
PDF Recovery Tool Fix Portable Document File Format.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Mapping/Topology attacks on Virtual Machines
Unit 3 Virtualization.
Threat Modeling for Cloud Computing
Chapter 6: Securing the Cloud
CloudAV N-Version Antivirus in the Network Cloud
V. A. Memos and K. E. Psannis*
Secure Software Confidentiality Integrity Data Security Authentication
Protecting your mobile devices away from virus by a cloud-based approach Wei Wu.
Cloud computing Technology: innovation. Points  Cloud Computing and Social Network Sites have become major trends not only in business but also in various.
Cloud computing Technology: innovation. Points  Cloud Computing and Social Network Sites have become major trends not only in business but also in various.
ONLINE SECURE DATA SERVICE
Cybersecurity Simplified: Ransomware
Presentation transcript:

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing

Malware and Clouds Goal: To explore how clouds can be used in malware detection, and how malware can use clouds. Review Assignment #9: – CloudAV: N-Version Antivirus in the Network Cloud, USENIX Security, /18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan2

Cloud-AV: Putting the Antivirus on Clouds Main premise: – Executable analysis currently provided by host- based antivirus software can be more efficiently and effectively provided as an in-cloud network service. – Or – Anti-Virus-as-a-service 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan3

Problems with host-based Anti-Virus Vulnerability window: – There is a significant vulnerability window between when a threat first appears and when antivirus vendors generate a signature. Undetected malware: – a substantial percentage of malware is never detected by antivirus software Vulnerable Anti-Virus: – Malware is actually using vulnerabilities in antivirus software itself as a means to infect systems 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan4

Solution Approach Antivirus as a network service: – Run the Anti-virus on a cloud, while running a lightweight agent on user machines N-version protection – Run multiple versions/vendor Anti-Virus/scanners on the cloud to ensure better detection 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan5

N-version programming Idea: Generate multiple functionally equivalent programs independently (by different teams) from the same initial specifications – Goal: Reduce possibility of bugs N version protection: – Run multiple scanners in parallel, to increase detection rate 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan6

Advantages of cloud based anti-Virus Better detection of malicious software Enhanced forensics capabilities Retrospective detection Improved deployability and management No vendor lock-in … service is vendor agnostic 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan7

System Architecture 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan 3 major components: 1.a lightweight host agent run on end hosts 2.a network service that receives files from hosts and identifies malicious or unwanted content; and 3.an archival and forensics service that stores information about analyzed files and provides a management interface for operators. 8

Host agent A lightweight process running on host – Can be Implemented on Windows, Mac, Linux clients Tasks: – Capture accesses to executable files, – hashe files to extract unique ID, – check ID against local black/white lists, – send unknown executable files to network cloud service 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan9

Network service Consists of multiple Anti-Virus, scanners, and behavioral analysis tools – Behavioral analysis tools attempt to detect anomaly by analyzing app behavior in a sandbox Combines scan results from multiple tools and sends report to host agent 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan10

Forensic storage service Stores information about scan logs, hosts Can assist in forensic analysis and retroactive scans 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan11

Challenges Network latency: – unlike existing antivirus software, files must transported into the network for analysis; Analysis scheme: – an efficient analysis system must be constructed to handle the analysis of files from many different hosts using many different detection engines in parallel; and Comparison with local scanners: – the performance of the system must be similar or better than existing detection systems such as antivirus software. 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan12

Evaluations: Performance of multiple Anti-Virus engines 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan13

Disadvantages Disconnected operation: – Host agent can’t detect new malicious files without network connectivity Lack of context: – Scanners do not have access to large local context Handling new malware: – Difficult to detect non executable malware (e.g., malicious word documents) 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan14

Discussion What other services can be run on a cloud? 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan15

Using Clouds for Malware Clouds can be used by malicious parties Misuse can include: – Cloud based botnets – Cloud based spammers – Cloud based cracking services WPACracker.com – Claims to break WPA passwords for $17 in under 20 minutes, using a cloud 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan16

Discussion Is it realistic / feasible for a spammer to use a cloud? 4/18/2011en Spring 2011 Lecture 10 | JHU | Ragib Hasan17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.