Dissemination of Security Updates Jun Li Dissertation Proposal.

Slides:



Advertisements
Similar presentations
Universidade do Minho A Framework for Multi-Class Based Multicast Routing TNC 2002 Maria João Nicolau, António Costa, Alexandre Santos {joao, costa,
Advertisements

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
CCNA – Network Fundamentals
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
Reliability on Web Services Presented by Pat Chan 17/10/2005.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
15-441: Computer Networking Lecture 26: Networking Future.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.
Scalable Adaptive Data Dissemination Under Heterogeneous Environment Yan Chen, John Kubiatowicz and Ben Zhao UC Berkeley.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
CS218 – Final Project A “Small-Scale” Application- Level Multicast Tree Protocol Jason Lee, Lih Chen & Prabash Nanayakkara Tutor: Li Lao.
1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.
Security Alert Systems May 21st, 2003 cs239-1 Martin Lukac.
Wide-area cooperative storage with CFS
ITIS 6010/8010: Wireless Network Security Weichao Wang.
Multicast Transport Protocols: A Survey and Taxonomy Author: Katia Obraczka University of Southern California Presenter: Venkatesh Prabhakar.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Intranet, Extranet, Firewall. Intranet and Extranet.
Chapter 22 Network Layer: Delivery, Forwarding, and Routing
Common Devices Used In Computer Networks
AD HOC WIRELESS MUTICAST ROUTING. Multicasting in wired networks In wired networks changes in network topology is rare In wired networks changes in network.
A Security-Aware Routing Protocol for Wireless Ad Hoc Networks
IDRM: Inter-Domain Routing Protocol for Mobile Ad Hoc Networks C.-K. Chau, J. Crowcroft, K.-W. Lee, S. H.Y. Wong.
Req1 - Separability Old: –An RO scheme MUST have the ability to be bypassed by traffic types that desire to use bidirectional tunnels through an HA. New:
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,
TRICKLE: A Self-Regulating Algorithm for Code Propagation and Maintenance in Wireless Sensor Networks Philip Levis, Neil Patel, Scott Shenker and David.
Let’s ChronoSync: Decentralized Dataset State Synchronization in Named Data Networking Zhenkai Zhu Alexander Afanasyev (presenter) Tuesday, October 8,
TOMA: A Viable Solution for Large- Scale Multicast Service Support Li Lao, Jun-Hong Cui, and Mario Gerla UCLA and University of Connecticut Networking.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
S-Paxos: Eliminating the Leader Bottleneck
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
CS603 Fault Tolerance - Communication April 17, 2002.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
Distributed Systems CS Consistency and Replication – Part I Lecture 10, September 30, 2013 Mohammad Hammoud.
Information-Centric Networks10b-1 Week 10 / Paper 2 Hermes: a distributed event-based middleware architecture –P.R. Pietzuch, J.M. Bacon –ICDCS 2002 Workshops.
Chapter 9 Networking & Distributed Security (Part C)
Efficient Resource Allocation for Wireless Multicast De-Nian Yang, Member, IEEE Ming-Syan Chen, Fellow, IEEE IEEE Transactions on Mobile Computing, April.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Ad Hoc On-Demand Distance Vector Routing (AODV) ietf
An overlay for latency gradated multicasting Anwitaman Datta SCE, NTU Singapore Ion Stoica, Mike Franklin EECS, UC Berkeley
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Server Upgrade HA/DR Integration
Outline Basics of network security Definitions Sample attacks
CHAPTER 3 Architectures for Distributed Systems
Introduction to Networking
* Essential Network Security Book Slides.
Providing Secure Storage on the Internet
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
EE 122: Lecture 22 (Overlay Networks)
Outline The spoofing problem Approaches to handle spoofing
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Dissemination of Security Updates Jun Li Dissertation Proposal

Dissemination of security updates 2 §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One strategy in initial study §Dissertation plans §Summary §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One strategy in initial study §Dissertation plans §Summary Outline

Dissemination of security updates 3 Motivation §Consider network security in general

Dissemination of security updates 4

5 Motivation l For instance, before taking action an attack may hide itself and penetrate into many machines §Wide-spread information sharing in a timely way is necessary l The information is called security update §Consider network security in general §Security attack on just a single machine in a network environment is usually not the case

Dissemination of security updates 6 Security Update Examples §Virus signature (and remedy) §Special events in distributed intrusion detection §Offending characteristics to be filtered by a firewall §Characteristics of a potential attack

Dissemination of security updates 7 Observation §They all share a common need of doing security update dissemination §But the need is addressed in various unsatisfactory ways (to be discussed later)

Dissemination of security updates 8 Solution to the problem §Provide a common facility for security update dissemination

Dissemination of security updates 9 Challenges §Scalability §Low latency §High assurance l some machines may be subverted l some machines may be disconnected §Topological adaptability §Heterogeneity §Low overhead §High security itself

Dissemination of security updates 10 Thesis Dissemination of security updates while simultaneously addressing each of the above challenges is feasible.  Design and build a system that does the work  Call the system Revere

Dissemination of security updates 11 Outline §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One strategy in initial study §Dissertation plans §Summary

Dissemination of security updates 12 Related Work §Information dissemination l simple transmission techniques l mailing list l distribution of software, virus signature, or key l network time protocol l push technology §Element management l replicated data management l intrusion detection

Dissemination of security updates 13 Simple Transmission Techniques §Broadcasting network §Unicasting(one-to-one) §Flooding §Multicasting

Dissemination of security updates 14 Mailing List §Scalability §Single path to reach recipients §Hard to interface with other software... network

Dissemination of security updates 15 Distribution of Software, Virus Signature, or Key §Software distribution §Virus signature distribution §Key distribution

Dissemination of security updates 16 Network Time Protocol §Disseminating clock time to synchronize machines on network l manually configured l no retransmission

Dissemination of security updates 17 Push Technology §Some commercial products: BackWeb, Ifusion, InCommon, Intermind, Marimba, NETdelivery, Wayfarer l poll the server periodically, fetch if needed §Salamander l build a substrate l push data from suppliers to clients through the substrate l only single path from a supplier to a client l no handling for disconnected machines

Dissemination of security updates 18 Element Management §Replicated data management l each machine in Revere has a replica of security update §Intrusion detection l if we know which machines are subverted...

Dissemination of security updates 19 Outline §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One strategy in initial study §Dissertation plans §Summary

Dissemination of security updates 20 Protecting Revere §Revere must protect itself against attacks l otherwise, security update won’t be disseminated successfully l corrupted Revere is more dangerous if used by enemy for own purpose

Dissemination of security updates 21 Attacks on Revere §Corrupting a message l modification l fabrication or forgery §Corrupting the transmission path l blockage l misdirection l denial of service by replay overloading §Leakage of security update

Dissemination of security updates 22 Fight Against Attacks §Message corruption l digital signature §Transmission path corruption l redundancy by multiple paths l be ready for replay attacks by logging signatures of previous security updates §leakage of security update l no secrecy when many millions of machines are receivers to share same information

Dissemination of security updates 23 Outline §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One strategy in initial study §Dissertation plans §Summary

Dissemination of security updates 24 Dissemination Mechanism §High assurance §Pulling by disconnected node §Receiver based policy §Opportunistic use of transmission options §Scalability  Dissemination structure

Dissemination of security updates 25 l implosion 1. High Assurance §Using acknowledgement l ack can be dropped l need to figure out what is missed by whom §Using negative ack l only avoid implosion, and l only feasible when knowing a security update is missed 4Using redundancy l retransmission probably follows same old path l to achieve best effort l harder to corrupt all l accompanied with additional techniques, such as pulling

Dissemination of security updates 26 network 2. Pulling By Disconnected Node §Pulling from  is not scalable and hard to handle §Repository nodes §High assurance pulling l find best repository nodes

Dissemination of security updates Receiver Based Policy §Heterogeneous Revere node in terms of l different resiliency request different environment (hostile or safe) different context itself l different transmission characteristics l different platform different ability of being aware of above

Dissemination of security updates Opportunistic Use of Transmission Options §When security update forwarded from machine to machine(s), choose best option of available transmission type §Tradeoff among l best performance l resource usage l delivery guarantee l simplicity of implementation network

Dissemination of security updates Scalability §Be ready for millions of receivers, or even more l resource usage l performance l security §Any machine can only have partial information of the whole system l distributed computing

Dissemination of security updates 30 Dissemination Structure §Automatic configuration l an easy-to-use user interface needed manual configuration hurts §Dynamic adjustment adaptively l when a new node joins l when an existing node quits l when transmission characteristics changes l when detecting security problems l and so on …..

Dissemination of security updates 31 Outline §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One Strategy in initial study §Dissertation plans §Summary

Dissemination of security updates 32 Dissemination w/ Sending Table §Each Revere node has an associated sending table locally A unicast B,C multicast D …………. (empty) B floppy X broadcast (empty) C unicast w/ IP source routing

Dissemination of security updates 33 Building the Sending Table §Requirements l automatic l match dissemination mechanisms l dynamically adjustable §Some information about dissemination sources are common knowledge l addresses l type of security updates to disseminate l public keys §Maybe similar information of some existing Revere nodes

Dissemination of security updates 34 Join Request  Recommending Algorithm  Decision Making Algorithm A Newborn Machines listed in  ’s sending table Machines recommended to newborn Machines selected Detected info between newborn and recommendedRecommended machines listSelected machines list Recursive Enrollment of Newborn

Dissemination of security updates 35 Enrollment Flexibility §A new Revere machine can attach itself to Revere system by sending enroll request(s) to any existing Revere node(s) l based on trustfulness, or l contact more than one

Dissemination of security updates 36 Outline §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One Strategy in initial study §Dissertation plans §Summary

Dissemination of security updates 37 A Prototype w/ Basic Functionality §Security update delivery analysis §Dissemination structure formation and management §Dissemination process l push l pull

Dissemination of security updates 38 Security Enforcement §Authentication of security update l signing and verification of security update l key management §Replay prevention l don’t be fooled to send lots of replays since Revere has big fan-out

Dissemination of security updates 39 Test the System §Build a testbed l composed of heterogeneous machines and transmission media l small scale §Simulate possible attacks

Dissemination of security updates 40 Simulation §Large scale §With some Revere nodes subverted l and actively thwarting the dissemination §Understand the effects when lots of machines pull missed information §……………...

Dissemination of security updates 41 Outline §Motivation, challenges, and thesis §Related work §Protection against attacks §Dissemination mechanism §One Strategy in initial study §Dissertation plans §Summary

Dissemination of security updates 42 Summary §The goal is to be able to disseminate security updates securely, quickly, adaptively, to large number of heterogeneous machines with high assurance and low overhead §The work includes design, prototype, test, simulation, evaluation

Dissemination of security updates 43 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.