Security Issues in Distributed Heterogeneous Systems Somesh Jha Computer Sciences Department University of Wisconsin Madison, WI 53706.

Slides:



Advertisements
Similar presentations
Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.
Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Grid Security. Typical Grid Scenario Users Resources.
A Computation Management Agent for Multi-Institutional Grids
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Abdelilah Essiari Gary Hoo Keith Jackson William Johnston Srilekha Mudumbai Mary Thompson Akenti - Certificate-based Access Control for Widely Distributed.
EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Department Of Computer Engineering
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Smart Card Single Sign On with Access Gateway Enterprise Edition
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Bill Gates’ RSA 2006 Keynote presentation Questions and answers.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Hao Wang Computer Sciences Department University of Wisconsin-Madison Security in Condor.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
CPT 123 Internet Skills Class Notes Internet Security Session A.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.
Hao Wang Computer Sciences Department University of Wisconsin-Madison Authentication and Authorization.
Beyond negative security Signatures are not always enough Or Katz Trustwave ot.com/
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Wireless and Mobile Security
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.
Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
HTCondor Security Basics
Grid Security.
High Performance Computing Lab.
Secure Software Confidentiality Integrity Data Security Authentication
POPULAR POWER Security Issues of Peer-to-Peer Systems
CompSci 725 Presentation by Siu Cho Jun, William.
Exam Review.
Message Digest Cryptographic checksum One-way function Relevance
HTCondor Security Basics HTCondor Week, Madison 2016
Intrusion Detection system
Operating System Concepts
CSE 542: Operating Systems
Presentation transcript:

Security Issues in Distributed Heterogeneous Systems Somesh Jha Computer Sciences Department University of Wisconsin Madison, WI 53706

General Issues Vulnerability and information-flow analysis –detecting malicious code safety –crashes your machine or wipes data privacy –leaks sensitive information –code executing on malicious host –distributed vulnerability analysis Intrusion Detection –statistical models of user behavior/network traffic –using statistical models for anomaly detection –explaining the anomalies

General Issues (Contd) Authentication and Authorization –seamless cross-administrative authentication kerberos passwords time-varying passwords smartcards public keys –but the real question is authorization a person can only buy beer from if he/she is about eighteen years of age

Vulnerability and information-flow analysis want to perform these analysis on machine code suitable for COTS will require an analysis infrastructure for machine code collaborators –B. Miller –T. Reps

Vulnerability analysis (Safety) use static analysis to discover program behavior that lead to vulnerabilities examples –buffer overflows –unutilized pointers initial success reported by Z. Xu, B. Miller, and T. Reps

Information-flow analysis (Privacy) initial work provided discretionary access control we want mandatory access control consider the following – x := y –security-level( y )  security-level( x ) want to perform these forms of analysis on machine code

Benign host and malicious code Job foo-bar comes to my host need to make sure that foo-bar does not do anything nasty solution is sandboxing

Malicious host and benign code Job foo-bar migrates to host A A is malicious hijack foo-bar and instrument the code to send harmful system calls note: inverse of the previous problem

Multi-pronged attack Build a model of the code –static analysis –dynamic analysis replication obfuscation collaborators –Bart Miller –Hong Lin

Sandboxing the home machine Job A Malicious HostHome Machine Model of job A

Building program models Deterministic models –use static analysis of the code –derive a finite automata with system –calls as the alphabet set statistical models –monitor traffic at the home machines –build a statistical model from the –sequence of system calls Hybrid models

Replication Agreement Protocol Replica 1 Replica 2 Replica 3

Program obfuscation obfuscate the program so that hard for adversary to reverse engineer inverse of good software engineering practices randomize all system call names randomly permute all the system call parameters randomly insert “benign” calls

Distributed vulnerability analysis Existing techniques good at finding local vulnerabilities –see we want to find global attacks from local information provided by existing tools

Attacking Fidelity break into the DNS Server Fidelity Acquire password access DNS configuration setup web proxy exploit poor passwords access control ignore errors

Cross-administrative authentication Various authentication mechanisms –kerberos –hashed passwords –smartcards –public key infrastructures goal: to provide seamless cross-administrative authentication collaborator –Hao Wang

Motivating scenario Job A is authenticated using Kerberos on host A Job A runs on host A for a while migrates to host B, where smartcard based authentication is required should job A authenticate again? Has to reauthenticate every time crosses an “authentication boundary”

Obvious solution translate results of an authentication mechanism to a common one convert everything to a X.509 certificate translate back X.509 certificates as needed

Drawbacks different authentication schemes have different trust models –hashed passwords are weaker than time-varying passwords many technical problems –how is credential expiration/revocation handled? –how is delegation handled?

Authorization authentication binds a person to a digital entity such as a credential the real question is authorization is a certain person allowed to perform specific actions on a host

Approaches to Authorization examples are –SPKI –Keynote express statements of the following form Miron says (somesh can read files in directory X) support following features –compliance checking –delegation –majority decisions

Extensions to authorization infrastructures support revocation –can state negative statements credential extraction problem –given a request r –a set of statements representing the policy P –what credentials does X need so –that request r will be authorized

Conclusion all the problems mentioned before are crucial for making security more usable in a distributed heterogeneous setting crucial that we work on it

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.