Security in autonomic communication Shuping Liu Networking Lab HUT.

Slides:

Advertisements

Similar presentations

ARCHITECTURES FOR ARTIFICIAL INTELLIGENCE SYSTEMS

Advertisements

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

FIPA Interaction Protocol. Request Interaction Protocol Summary –Request Interaction Protocol allows one agent to request another to perform some action.

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.

Outline About author. The problem that discussed in the article.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

T-FLEX DOCs PLM, Document and Workflow Management.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

CS 501: Software Engineering

Software Requirements

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Lecture 11 Intrusion Detection (cont)

Enterprise Architecture

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.

Social Networking and On-Line Communities: Classification and Research Trends Maria Ioannidou, Eugenia Raptotasiou, Ioannis Anagnostopoulos.

WELCOME. AUTONOMIC COMPUTING PRESENTED BY: NIKHIL P S7 IT ROLL NO: 33.

TOPIC R Software Maintenance, Evolution, Program Comprehension, and Reverse Engineering SEG4110 Advanced Software Design and Reengineering.

Topics covered: Memory subsystem CSE243: Introduction to Computer Architecture and Hardware/Software Interface.

A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.

CS 390- Unix Programming Environment CS 390 Unix Programming Environment Topics to be covered: Distributed Computing Fundamentals.

SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

NAVEEN AGENT BASED SOFTWARE DEVELOPMENT. WHAT IS AN AGENT? A computer system capable of flexible, autonomous (problem-solving) action, situated in dynamic,

The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:

Cryptography and Network Security (CS435) Part One (Introduction)

Systems II San Pham CS /20/03. Topics Operating Systems Resource Management – Process Management – CPU Scheduling – Deadlock Protection/Security.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Network security Product Group 2 McAfee Network Security Platform.

Object-Oriented Software Engineering using Java, Patterns &UML. Presented by: E.S. Mbokane Department of System Development Faculty of ICT Tshwane University.

Institute of Technology Sligo - Dept of Computing Sem 2 Chapter 12 Routing Protocols.

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

THE VISION OF AUTONOMIC COMPUTING. WHAT IS AUTONOMIC COMPUTING ? “ Autonomic Computing refers to computing infrastructure that adapts (automatically)

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.

Software Maintenance Speaker: Jerry Gao Ph.D. San Jose State University URL: Sept., 2001.

Group member: Kai Hu Weili Yin Xingyu Wu Yinhao Nie Xiaoxue Liu Date:2015/10/

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

A Security Framework with Trust Management for Sensor Networks Zhiying Yao, Daeyoung Kim, Insun Lee Information and Communication University (ICU) Kiyoung.

Name Of The College & Dept

Key Management and Distribution Anand Seetharam CST 312.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Database Laboratory Regular Seminar TaeHoon Kim Article.

CS223: Software Engineering Lecture 32: Software Maintenance.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

1 Software Requirements Descriptions and specifications of a system.

Sem 2 v2 Chapter 12: Routing. Routers can be configured to use one or more IP routing protocols. Two of these IP routing protocols are RIP and IGRP. After.

Enterprise Security Management Franklin Tinsley COSC 481.

AUTONOMIC COMPUTING B.Akhila Priya 06211A0504. Present-day IT environments are complex, heterogeneous in terms of software and hardware from multiple.

Software Development Module Code: CST 240 Chapter 6: Software Maintenance Al Khawarizmi International College, AL AIN, U.A.E Lecturer: Karamath Ateeq.

Introduction to Machine Learning, its potential usage in network area,

Computer Organization

Chapter 4 – Requirements Engineering

HUAWEI eSight Secure Center Feature Introduction

Transforming IT Management

Jigar.B.Katariya (08291A0531) E.Mahesh (08291A0542)

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

Presentation transcript:

Security in autonomic communication Shuping Liu Networking Lab HUT

Contents  Why autonomic?  Why security?  Security characteristic  Security challenge  Security solution  Policy-based solution  conclusion

Why autonomic?  Communication system becomes more complex, more interconnected, more dynamic and more tightly woven into our lives.  Human resources involved in managing and administering them have grown rapidly and constitute a steadily larger fraction of the cost.  Autonomic communication is aimed to be autonomous, managing their own evolution, performance, security and fault concerns without explicit user or administrator actions.

Why security? (1/3)

Why security? (2/3)

Why security? (3/3)

Security characteristic  Autonomic communication will not create an entirely new security.  All the traditional securities will arise in autonomic communication systems. Some in more complex and urgent form.  Autonomic communication will give rise to unique security threats of their own.

Security challenge  New technologies and architectures, whose security implications are not yet well understood.  Anomalous behavior caused by security compromises due to reduced human activities.  Span different administrative domains  Deal with a constantly changing set of other systems. Need flexible new methods for trust establishing, attack and compromise detecting, recovering.  Deal with personal information. Need to obey privacy policies required by nation laws and business ethics.

Security solution  Software solution policy control (the details followed) access control autonomic distributed firewalls (ADF) …  Hardware solution security enhanced chip multiprocessor …

Policy-based solution(1/21)  Security policy is the primary tool for security in autonomic communication.  The unit of autonomic communication, generally referred to as “autonomic element”, is anticipated as follows, simple and of fixed function at small scales function dynamically at higher levels

Policy-based solution(2/21)  An autonomic element will involve two parts: function unit: perform whatever basic function the element provide management unit: oversees the operation of the functional unit

Policy-based solution(3/21) Logical structural of an autonomic element

Policy-based solution(4/21)  Management unit carries with them, or otherwise has access to, policies that govern and constrain their behaviors at a comparatively high level task and state representations that functionally describe their current mission, strategy, and status at a lower level

Policy-based solution(5/21)  Some of the policies will be security policies  Some of the task and state representations will also be relevant to the element’s security  By explicitly representing both security policies and security-related tasks and states, autonomic elements will be able to automatically handle a wide range of security issues that are currently addressed by human

Policy-based solution(6/21)  Many autonomic communication systems span different administrative domains  It is not enough for an autonomic element to ensure its own security  Autonomic elements are capable of negotiating security and policy, and to gather and securely exchange the info.  Another problem is trust-establishment, because autonomic element has less control over, and less complete and reliable info. about the element in other domain

Policy-based solution(7/21) Hierarchy trust model

Policy-based solution(8/21) Mesh trust model

Policy-based solution(9/21) Bridge trust model

Policy-based solution(10/21) Hybrid trust model

Policy-based solution(11/21) Trust model based on Gateway CA’s

Policy-based solution(12/21)  Trust problem also exist between user and policy systems.  How can we trust a policy system to make the best decision?  Hoi Chan et. al. suggests a policy system with trust building tools

Policy-based solution(13/21)  Notations, ITI: instantaneous trust index, to each execution of each policy ITI = f (m 1,m 2,…), where m 1,m 2 … are weights assigned to each user modification, and 0<=ITI<=1 OTI:overall trust index, for a policy and reflects the level of trust that the user has in a particular policy or group of policies OTI = f 1 (ITI 1,ITI 2,…), where f 1 is average function

Policy-based solution(14/21) a policy system with trust building tools

Policy-based solution(15/21)  KB, knowledge base, uses the information, through some reinforcement learning algorithms, to adjust the behavior of the policy in a way to maximize the OTI.  There are 3 modes of operation, Minimal trust (supervised) mode Partial trust (modify) mode Full trust (automatic) mode  The user is able to place the system into one of these modes at will on a per-policy base.

Policy-based solution(16/21)  Minimal trust mode, start mode by default Policy generates the actions  not executed  the user exams the actions  the user accepts, or propose his own actions, or denies  return ITI by an expert-defined function  KB actions As the policy system evolves to a point where OTI≈1, the user may change to next trust level for the policy  Partial trust mode This mode is similar to Minimal mode. But in this case, user can only change the parameters, instead of actions.  Full trust mode The policy system fully execute the actions without user intervention

Policy-based solution(17/21)  We should know that, the policies, and the task and state representation provide high-value targets to a potential attacker.  Let us consider a scenario, the attacker insert a piece of code that causes the system to silently send him or her a copy of some important information at a particular address at a particular time.

Policy-based solution(18/21)  In traditional communication system, the leak will stop if that address becomes unavailable, or a network gateway blocks it.  However, in an autonomic element, if the code is inserted as a policy piece, the autonomic element would then use every resource at its disposal to ensure that the information is delivered to the attacker. The attacker would have harnessed the element’s own ability to adapt to changing conditions and adopt new strategies for the purpose of stealing the desired information.  Preventing such high-level subversion will be an important part of the security of autonomic systems.

Policy-based solution(19/21)  On the other hand, the security policies that govern an autonomic element can provide new levels of resistance to attack.

Policy-based solution(20/21) data leak in traditional systems

Policy-based solution(21/21) data leak in autonomic systems

Conclusion  No functioning system is perfectly secure, autonomic communication system will be no exception.  The development of autonomic systems cannot be delayed until the final security solution is available, since it is impossible  Recent advances, including autonomic intrusion detection systems, secure embedded processors, proactive security measures, and automated virus response, have taken some burden of security maintenance off overloaded system administrators.  But there is much more which is waiting for us…

Thanks! Any comments and questions?