1 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Mechanisms and the APOD Red-team Experiments Chris Jones Michael Atighetchi, Partha Pal, Franklin.

Slides:



Advertisements
Similar presentations
REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
1 12/16/98DARPA Intrusion Detection PI Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Common Object Request Broker Architecture (CORBA) By: Sunil Gopinath David Watkins.
Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Resource Management – a Solution for Providing QoS over IP Tudor Dumitraş, Frances Jen-Fung Ning and Humayun Latif.
A brief look at CORBA. What is CORBA Common Object Request Broker Architecture developed by OMG Combine benefits of OO and distributed computing Distributed.
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
1 8/99 IMIC Workshop 6/22/2015 New Network ServicesJohn Zinky BBN Technologies The Need for A Network Resource Status Service IMIC Workshop 1999 Boston.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
OPX PI Meeting 2002 February page 1 Applications that Participate in their Own Defense (APOD) QuO Franklin Webber BBN Technologies.
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
1 4/20/98ISORC ‘98 BBN Technologies Specifying and Measuring Quality of Service in Distributed Object Systems Joseph P. Loyall, Richard E. Schantz, John.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 05/01/02ISORC 2002 BBN Technologies Joe Loyall Rick Schantz, Michael Atighetchi, Partha Pal Packaging Quality of Service Control Behaviors for Reuse.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Understanding the CORBA Model. What is CORBA?  The Common Object Request Broker Architecture (CORBA) allows distributed applications to interoperate.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
BBN Technologies Craig Rodrigues Gary Duzan QoS Enabled Middleware: Adding QoS Management Capabilities to the CORBA Component Model Real-time CCM Meeting.
1 21 July 00 Joint PI Meeting FTN Applications that Participate in their Own Defense (APOD) BBN Technologies Franklin Webber, Ron Scott, Partha Pal, Michael.
1 Using Quality Objects (QuO) Middleware for QoS Control of Video Streams BBN Technologies Cambridge, MA Craig.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,
1 06/00 Questions 10/6/2015 QoS in DOS ECOOP 2000John Zinky BBN Technologies ECOOP 2000 Workshop on Quality of Service in Distributed Object Systems
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.
1 10/20/01DOA Application of the QuO Quality-of-Service Framework to a Distributed Video Application Distributed.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
BBN Technologies a part of page 118 January 2001 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting January.
1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal,
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 06/ /21/2015 ECOOP 2000 Workshop QoS in DOSJohn Zinky BBN Technologies Quality Objects (QuO) Middleware Framework ECOOP 2000 Workshop QoS in DOS.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
2001 July page 1 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting 2001 July 30 Franklin Webber QuO.
Design and run-time bandwidth contracts for pervasive computing middleware Peter Rigole K.U.Leuven – Belgium
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
1 10/23/98Lunchtime Meeting BBN Technologies Toolkit for Creating Adaptable Distributed Applications Joe Loyall, Rick Schantz, Rodrigo Vanegas, James Megquier,
1 Applying Adaptive Middleware, Modeling, and Real-Time CORBA Capabilities to Ensure End-to- End QoS Capabilities of Video Streams BBN Technologies Cambridge,
3 June, 2016 Toorcon Security Expo Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed.
2001 November13 -- page 1 Applications that Participate in their Own Defense (APOD) Project Status Review Presentation to Doug Maughan Presentation by.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.
1 BBN Technologies Quality Objects (QuO): Adaptive Management and Control Middleware for End-to-End QoS Craig Rodrigues, Joseph P. Loyall, Richard E. Schantz.
Module 10: Windows Firewall and Caching Fundamentals.
1 010/02 Aspect-Oriented Interceptors Pattern 1/4/2016 ACP4IS 2003John Zinky BBN Technologies Aspect-Oriented Interceptors Pattern Dynamic Cross-Cutting.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
DoS/DDoS attack and defense
Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.
E81 CSE 532S: Advanced Multi-Paradigm Software Development Venkita Subramonian, Christopher Gill, Ying Huang, Marc Sentany Department of Computer Science.
Networking Aspects in the DPASA Survivability Architecture: An Experience Report Michael Atighetchi BBN Technologies.
ECHO A System Monitoring and Management Tool Yitao Duan and Dawey Huang.
Role Of Network IDS in Network Perimeter Defense.
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
Automating Cyber- Defense Management By: Zach Archer COSC 316.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Middleware Policies for Intrusion Tolerance
Securing the Network Perimeter with ISA 2004
Firewalls.
Introduction to Network Security
Presentation transcript:

1 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Mechanisms and the APOD Red-team Experiments Chris Jones Michael Atighetchi, Partha Pal, Franklin Webber BBN Technologies QuO & APOD

2 APOD 10/5/2015 NCA 2003Christopher Jones Outline Motivating Scenario and APOD Overview QuO Overview APOD Description –Example APOD Strategies –Example APOD Tactics –Example APOD Mechanisms Red-team Experiments Concluding Remarks

3 APOD 10/5/2015 NCA 2003Christopher Jones Motivating Scenario and APOD Description Applications that Participate in their Own Defense (APOD) –Demonstrates that dynamic defense and adaptive responses increase an application’s resiliency to certain kinds of attacks. –A toolkit of mechanism wrappers and adaptation strategies that allows an application to defend itself by dynamically adapting to a hostile environment. –Uses QuO, which provides middleware support for mechanism integration and adaptation. Application Host Application Host Application Host Attacker’s Host

4 APOD 10/5/2015 NCA 2003Christopher Jones Outline Motivating Scenario and APOD Overview QuO Overview APOD Description –Example APOD Strategies –Example APOD Tactics –Example APOD Mechanisms Red-team Experiments Concluding Remarks

5 APOD 10/5/2015 NCA 2003Christopher Jones Quality Objects(QuO) Architecture Application Developer Mechanism Developer CLIENT Network operation() in args out args + return value IDL STUBS IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF CLIENT Delegate Contract SysCond Contract Network MECHANISM/PROPERTY MANAGER operation() in args out args + return value IDL STUBS Delegate SysCond IDL SKELETON OBJECT ADAPTER ORB IIOP ORB IIOP CLIENT OBJECT (SERVANT) OBJECT (SERVANT) OBJ REF Application Developer QoS Developer Mechanism Developer CORBA DOC MODEL QUO/CORBA DOC MODEL Qosket

6 APOD 10/5/2015 NCA 2003Christopher Jones QuO Overview QuO is a middleware framework that supports the development and execution of adaptation and adding it to an application. Adaptation can be driven by changes in an application’s operating environment. –Host resources (CPU and memory) usage. –Network resource availability. –Host and Network Intrusion status. The adaptive code is encapsulated in a middleware component called “qosket”. –A qosket is a set of specifications and implementations that defines a reusable module of specific adaptive behavior. It can be added into a distributed object application with minimum impact on the application.

7 APOD 10/5/2015 NCA 2003Christopher Jones QuO Overview (cont.) Quality Description Languages (QDL) –Contract description language, adaptive behavior description language. –Code generators that generate Java and C++ code for contracts, delegates, creation, and initialization. System Condition Objects –Provide interfaces to resources, managers, and mechanisms. QuO Runtime Kernel –Contract evaluator. –Factory object which instantiates contract and system condition objects.

8 APOD 10/5/2015 NCA 2003Christopher Jones Outline Motivating Scenario and APOD Overview QuO Overview APOD Description –Example APOD Strategies –Example APOD Tactics –Example APOD Mechanisms Red-team Experiments Concluding Remarks

9 APOD 10/5/2015 NCA 2003Christopher Jones APOD Description Key Idea: by adapting to and trying to control its environment, an application can increase its chances of survival under attack. –Use QuO to integrate multiple security mechanisms into a coherent strategy for adaptive defense. –This is complementary to the usual hardening or protection of applications, resources, or services where available and practical. Ties security information to the adaptation of an application through the QuO system condition objects. APOD has sensor mechanisms that feed defense tactics and strategies. –Actuator mechanisms implement tactic and strategy reactions. APOD tactics integrate sensors and actuator mechanisms to mount a local defensive response. Combining individual mechanisms and tactics into higher-level defense strategies helps applications meet survivability requirements. The following slides are examples, not an exhaustive list of the possibilities or the mechanisms, tactics, and strategies that we are using.

10 APOD 10/5/2015 NCA 2003Christopher Jones APOD Strategies Use QuO middleware to coordinate all available defense mechanisms in a coherent strategy. Examples of APOD strategies have been created: –“outrun”: move application components off corrupted hosts and on to good ones at a rate faster than the hosts go bad. »Slow down the attacker’s ability to corrupt host by quarantine. –“contain”: quarantine bad hosts and bad LANs by limiting or blocking network traffic from them and, within limits, shutting them down. »Respond quickly with locally gathered information. »Can only quarantine so many hosts or LANs before application performance becomes affected. »In follow on projects we are looking at having backup hosts to replenish application capabilities depleted by quarantining bad application hosts.

11 APOD 10/5/2015 NCA 2003Christopher Jones APOD Tactics Examples of APOD tactics that are implemented used in strategies Block Suspicious Traffic –Combines network intrustion detection system and firewall mechanisms to catch attacker reconnaissance traffic and block further malicious traffic from the attacker host. Choking TCP Connection Floods –Joins TCP Connection counting with a firewall to block hosts that request large numbers of connections to a single port. Containing ARP Cache Poisoning –Incorporates an ARP cache poisoning sensor and firewall to monitor mapping of MAC to IP addresses and resets any mapping if they change as well as blocking traffic from offending MAC address. Squelching Insider Flooding –Uses network traffic accounting to keep track of packets/second and bits/second, and comparing means between observed and expected to determine a spike in outgoing traffic. –If spike occurs, rate limiting is applied to outgoing traffic of a LAN.

12 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Sensor Mechanisms Network Intrusion Detection –Attacker can run live attacks and known scripted network attacks on hosts. –Use Snort, a lightweight network intrusion detection system. –Extract the offending host addresses to pass to an APOD strategy. TCP Connection Flood sensor – Attacker can flood port with many connections making it very difficult or impossible for legitimate clients to connect. –Have a mechanism using netstat to determine number of connections to a given port. –Mechanism monitors application ports for “too many” connections and will warn an APOD strategy of any host that has gone over the connection threshold. ARP cache poisoning detection –Attacker with access to a subnet can use ARP cache poisoning to disrupt or intercept network traffic. –Tool to detect changes in MAC/IP pairings and notify an APOD tactic or strategy of changes. –Uses ping and arp commands to get pairings and compares previously collected pairing for changes.

13 APOD 10/5/2015 NCA 2003Christopher Jones APOD Network Actuator Mechanisms Network traffic filters –Uses iptables for blocking and rate-limiting traffic from hosts believed to be malicious. Bandwidth Management –Intserv (RSVP, SecureRSVP) »Uses an enhanced RSVP version of Darmstadt’s RSVP implementation. »Enhanced version done at North Carolina State University. –Bandwidth Broker »Tool using tc command to make changes in queuing policies of routers. Secure network traffic –Uses FreeS/WAN IPSec for protecting network traffic. –Dynamically bring up IPSec between two hosts. Dynamic endpoint mechanism –Uses a NAT gateway to hide the real endpoints, address and port, of application. –The “fake” endpoints are chosen randomly and changed periodically.

14 APOD 10/5/2015 NCA 2003Christopher Jones Outline Motivating Scenario and APOD Overview QuO Overview APOD Description –Example APOD Strategies –Example APOD Tactics –Example APOD Mechanisms Red-team Experiments Concluding Remarks

15 APOD 10/5/2015 NCA 2003Christopher Jones APOD Red-teaming Experimentation Reasons for experiments. –Validate APOD idea that dynamic adaptation defenses can prolong an applications usefulness in a hostile environment. –Also, analyzing the overhead of APOD. Sandia Labs red-team tasked with validating APOD. –Outside, independent team. –Given full knowledge of application, APOD defenses added, and test network. Red-teaming happened in two distinct experiments. –Each experiment consisted of multiple runs of the defended application. –During each run, the red-team would try different attacks. »Started with single attacks per run to multiple attacks per run.

16 APOD 10/5/2015 NCA 2003Christopher Jones Application Used in APOD Experiments Image Display Image Server Broker Image Display Image Server Replication group query serve image register APOD Defenses APOD Defenses APOD Defenses APOD Defenses APOD Defenses APOD Defenses APOD Defenses APOD Defenses APOD Defenses

17 APOD 10/5/2015 NCA 2003Christopher Jones Experimentation Configuration IPNET4 IPNET3 IPNET1 IPNET2 broker2_1broker2_2broker1_1broker1_2 server1 broker4_1 broker4_2 server4broker3_1 broker3_2 server3 client2 client3 bc_ipnet_2 router_1 attack2 attack1 bc_ipnet_1 bc_ipnet_3 bc_ipnet_4 router_2 router_3router_4 Experiment Control Host APOD Exp Network

18 APOD 10/5/2015 NCA 2003Christopher Jones APOD Experiment Strategies A third strategy was added, Flood prevention and Traceback. –make static SE-RSVP reservations up-front to protect network paths from being flooded. –quarantine hosts by blocking traffic from/to them closer to their source (added to contain strategy on boundary controllers). IPNET3 broker3_1 broker3_2 server3 client3 bc_ipnet_3 Outrun & Contain Strategies Outrun & Contain Strategies App. Contain Strategy App. Contain Strategy BC Contain Strategy

19 APOD 10/5/2015 NCA 2003Christopher Jones Red-teaming Attacks and Results APOD defenses blocked or impeded the red-team’s progress. –The APOD defenses overcame or blocked many of the single attack runs. –The red-team was forced to combine different attacks to cause a denial of service of the broker on the defense enabled application. –Of the attack runs that ended with the application in a denial of service, the average time-to-denial was approximately 45 minutes from start of attacks, with a minimum of roughly 10 minutes. Without APOD defenses, service was denied immediately. Time to Denial by Live Attack Time (minutes) client 2client 3 Runs

20 APOD 10/5/2015 NCA 2003Christopher Jones Results The cost of adding the APOD defenses to image latency was approximately 5% to 20% depending which tactics and strategies were in place. –We concluded that most of the latency increase was caused by the containment strategy and accompanying mechanisms that ran on the boundary control routers.

21 APOD 10/5/2015 NCA 2003Christopher Jones Concluding Remarks Conclusion. –Dynamic adaptation has added value for an application by giving it the ability to prolong its usefulness in the presents of attacks. –This prolonged usefulness has a reasonable cost. –Red-team experiments are beneficial for validating and “stress testing” our defenses. APOD is being used in other survivability projects. –Using and expanding of APOD mechanisms, tactics, and strategies. –Other projects include ITUA, DPASA, and Dynamic Quarantine. Websites: –QuO: quo.bbn.com –APOD: apod.bbn.com –ITUA: itua.bbn.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.