Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Slides:



Advertisements
Similar presentations
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Advertisements

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Stephen S. Yau CSE , Fall Security Strategies.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
1 Autonomic Computing An Introduction Guenter Kickinger.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,
DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.
WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.
BBN Technologies a part of page 118 January 2001 Applications that Participate in their Own Defense (APOD) BBN Technologies FTN PI Meeting January.
1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal,
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Cryptography and Network Security (CS435) Part One (Introduction)
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.
Chapter 2 Securing Network Server and User Workstations.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.
Security in Cloud Computing Zac Douglass Chris Kahn.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
SRS Architecture Study Partha Pal Franklin Webber.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Role Of Network IDS in Network Perimeter Defense.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
IS3220 Information Technology Infrastructure Security
Automating Cyber- Defense Management By: Zach Archer COSC 316.
Slide 1 ITUA: Approach to Project Validation and Characterization Not for public distribution. Intrusion Tolerance by Unpredictable Adaptation (ITUA) Approach.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Securing Network Servers
Intrusion Tolerant Architectures
Network Security Basics: Malware and Attacks
(A CORPORATE NETWORK APPROACH)
Middleware Policies for Intrusion Tolerance
Information Technology Controls
Detection and Analysis of Threats to the Energy Sector (DATES)
Security Engineering.
Security in Networking
Advanced Operating Systems
Fault Tolerance Distributed Web-based Systems
How to Mitigate the Consequences What are the Countermeasures?
Cryptography and Network Security
Cognitive Support for Intelligent Survivability Management
Presentation transcript:

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003) Presented by J.H. Su

Authors(1/3) Partha Pal a Division Scientist at BBN Technologies. His research interest is in the area of survivable distributed systems.

Authors(2/3) Franklin Webber a software engineer, have primarily been supporting BBN Technologies doing DARPA-sponsored research on strengthening the resistance of computer systems to malicious attack.

Authors(3/3) Richard Schantz Works At Intelligent Distributed Computing Department in BBN.

Outline Introduction “Survival by Defense” of Critical Application Acquisition of Privilege Control of Resources Use of Defensive Adaptation in Application’s Survival Issues and Limitations Related Work Conclusion

Introduction(1/4) Attack survival The ability to provide some level of service despite an ongoing attack by tolerating its impact.

Introduction(2/4) Attack prevention Lead to the development of what is known as a trusted computing base (TCB). Attack detection and situational awareness Lead to the development of various intrusion detection system (IDS).

Trusted Computing Base (TCB) Confidentiality Authentication Integrity

Introduction(3/4) Drawback In fact, many of the world’s computer systems today run operating systems and networking software that are far from the TCB ideal. IDS mostly works off-line, without any direct runtime interaction or coordination with the applications (and with other IDSs) that they aim to protect.

Introduction(4/4) Survival by protection Seeks to prevent the attacker from gaining privileges Survival by defense Includes protection but also seeks to frustrate an attacker in case protection fails and the attacker gains some privileges anyway

“Survival by Defense” of Critical Application(1/5) Focus on The specific need of a specific type of applications. What is a critical applications? These applications are critical in the sense that the functions they implement are the main purpose of the computer system on which they run.

“Survival by Defense” of Critical Application(2/5) Assumption We can modify or extend the design and implementation of the critical applications.

“Survival by Defense” of Critical Application(3/5) Corruption An application that does not function correctly Reasons of Application corrupt An accident, such as a hardware failure, or because of malice; Flaws in its environment or in its own implementation cause it to misbehave.

“Survival by Defense” of Critical Application(5/5) The Goal The attacker’s acquisition of privileges must be slowed down. The defense must respond and adapt to the privileged attacker’s abuse of resources.

Acquisition of Privilege(1/4) Divide the system into several security domains, each with its own set of privileges The domains are chosen and configured to make best use of the existing protection in the environment to limit the spread of privilege. The domains must not overlap. Each security domain may offer many different kinds of privilege. The attacker cannot accumulate privileges concurrently in any such set of domains.

Acquisition of Privilege(2/4) Kinds of Privilege anonymous user privilege domain user privilege domain administrator privilege application-level privilege

Acquisition of Privilege(3/4) Three ways for an attacker to gain new privileges Convert domain or anonymous user privilege into domain administrator privilege. Convert domain administrator privilege in one domain into domain administrator privilege in another. Convert domain administrator privilege into application-level privilege.

Acquisition of Privilege(4/4) Solution for Case1 Careful configuration of hosts and firewalls. Solution for Case2 Proper host configuration and administration Having a heterogeneous environment with various types of hardware and operating systems. Solution for Case3 Use cryptographic techniques

Control of Resource(1/3) The attacker and the critical applications compete over system resources Use of redundancy Monitoring Adaptation

Control of Resource(2/3) Use of redundancy Replicate every essential part of the application and place the replicas in different domains. The replicas must be coordinated to ensure that, as a group, they will not be corrupted when the attacker succeeds in corrupting some of them.

Control of Resource(3/3) Monitoring QoS Self-checking whether the application continues to satisfy invariants specified by its developers.

Use of Defensive Adaptation in Application’s Survival(1/4) A classification of defensive adaptations Dimension1 : The level of system architecture at which these adaptations work. Dimension2 : how aggressively the attack can be countered.

Use of Defensive Adaptation in Application’s Survival(2/4) Defeat AttackWork Around Attack Guard Against Future Attack Application level Retry failed request Redirect request ;degrade service Increase self- checking QoS management level Reserve CPU, bandwidth migrate replicasTighten cryptographic, access control Infrastructure level Block IP sourcesChange ports, protocols Configure IDSs

Use of Defensive Adaptation in Application’s Survival(3/4) The importance of the capability to change between various modes and the associated trade-offs. Defensive adaptation is mostly reactive. Defensive adaptation could be pro-active.

Use of Defensive Adaptation in Application’s Survival(4/4) Make these adaptive responses unpredictable. some uncertainty needs to be injected. Separate the design of the functional (or business) aspects of the application from the design of defensive adaptation. Put the latter into middleware. reusable for many different applications.

Issues and Limitations The reliance on crypto systems. It is not simple to combine multiple mechanisms in a defense strategy. selection of appropriate mechanism, potential conflict analysis and resolution has to be done manually by an expert. Relies on the fact that attacks proceed sequentially

Related Work MAFTIA an ESPRIT project developing an open architecture for transactional operations on the Internet. The “Survivability Architectures” project Aims to separate survivability requirements from an application’s functional requirements. The “An Aspect-Oriented Security Assurance Solution” project implement security-related code transformations on an application program.

Conclusion We are implementing technology for defense enabling under the DARPA project titled “Applications that Participate in their Own Defense” (APOD). Defense enabling can increase an application’s resistance to malicious attack. Greater survivability for the application on its own and an increased chance for system administrators to detect and thwart the attack before it succeeds.

Thanks for your listening