Dependable Intrusion Tolerance March 2002 Magnus Almgren, Alfonso Valdes SRI International Acknowledgements Research sponsored under DARPA Contract N66001-00-C-8058.

Slides:



Advertisements
Similar presentations
F3 Collecting Network Based Evidence (NBE)
Advertisements

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
1 A Game Theoretic Approach for Active Defense Peng Liu Lab. for Info. and Sys. Security University of Maryland, Baltimore County Baltimore, MD OASIS,
Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.
Systems Engineering in a System of Systems Context
Making Services Fault Tolerant
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
1 Making Services Fault Tolerant Pat Chan, Michael R. Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong Miroslaw Malek.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Stephen S. Yau CSE , Fall Security Strategies.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Lecture 11 Intrusion Detection (cont)
Website Hardening HUIT IT Security | Sep
Web site archiving by capturing all unique responses Kent Fitch, Project Computing Pty Ltd Archiving the Web Conference Information Day National Library.
SEC835 Database and Web application security Information Security Architecture.
1 Dependable Intrusion Tolerance Alfonso Valdes Magnus Almgren, Dan Andersson, Steve Cheung, Bruno Dutertre, Yves Deswarte, Hassen.
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
The Grid Component Model and its Implementation in ProActive CoreGrid Network of Excellence, Institute on Programming Models D.PM02 “Proposal for a Grid.
DSN 2002 June page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
An Adaptive Intrusion-Tolerant Architecture Alfonso Valdes, Tomas Uribe, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Josh Levy, Hassen.
Agile Survivable Store PIs: Mustaque Ahamad, Douglas M. Blough, Wenke Lee and H.Venkateswaran PhD Students: Prahlad Fogla, Lei Kong, Subbu Lakshmanan,
“Trusted Passages”: Meeting Trust Needs of Distributed Applications Mustaque Ahamad, Greg Eisenhauer, Jiantao Kong, Wenke Lee, Bryan Payne and Karsten.
Yuhui Chen; Romanovsky, A.; IT Professional Volume 10, Issue 3, May-June 2008 Page(s): Digital Object Identifier /MITP Improving.
MAFTIA Expression of Interest for DEFINE and DESIRE presented by Robert Stroud, University of Newcastle upon Tyne.
1 Reliable Web Services by Fault Tolerant Techniques: Methodology, Experiment, Modeling and Evaluation Term Presentation Presented by Pat Chan 3 May 2006.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
10/03/05 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
 Course Overview Distributed Systems IT332. Course Description  The course introduces the main principles underlying distributed systems: processes,
Cryptography and Network Security Sixth Edition by William Stallings.
Artificial Intelligence Center,
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Networking Aspects in the DPASA Survivability Architecture: An Experience Report Michael Atighetchi BBN Technologies.
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Role Of Network IDS in Network Perimeter Defense.
Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.
Enterprise Wrappers OASIS PI Meeting March 12, 2002 Bob Balzer Neil Goldman Mahindra
Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally
Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon,
Vigilante: End-to-End Containment of Internet Worms Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang and Paul Barham.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Secure Software Confidentiality Integrity Data Security Authentication
Intrusion Tolerant Systems Workshop: Anomaly Detection Group
Security Engineering.
Security in Networking
IS4680 Security Auditing for Compliance
Detecting Targeted Attacks Using Shadow Honeypots
Middleware for Fault Tolerant Applications
Chapter 4: Protecting the Organization
The Grid Component Model and its Implementation in ProActive
Channel Busy Detector Channel Status Signal Signal Tquiet Last Busy
Presentation transcript:

Dependable Intrusion Tolerance March 2002 Magnus Almgren, Alfonso Valdes SRI International Acknowledgements Research sponsored under DARPA Contract N C Views presented are those of the authors and do not represent the views of DARPA or the Space and Naval Warfare Systems Center

Outline t Background t System Components t The Single Proxy t Example t Validation t Performance t Stopping Code Red t Future Work

Background t Intrusion Tolerant Server

Background t Intrusion Tolerant Server u Redundancy & Diversity

Background t Intrusion Tolerant Server u Redundancy & Diversity u Hardened Proxy l StackGuard l Online Verifiers l Small Code Base

Background t Intrusion Tolerant Server u Redundancy & Diversity u Hardened Proxy l StackGuard l Online Verifiers l Small Code Base u HIDS/NIDS/app-IDS l EMERALD/Snort

System Components t Application Servers u Solaris, Win2k, RedHat, FreeBSD t IDS t Proxy u RedHat-6.2 u Our own code base MS Win2k IIS Solaris 8 (Sparc5) Apache eXpert-BSM RedHat 7.1 iPlanet FreeBSD 4.2 Apache App-IDS eXpert-Net eBayes-TCP eBayes-Blue Snort RedHat 6.2 Proxy eAggregator C-R

Proxy in Detail e-Aggregator Challenge Response Repair Manager Proxy Server Regime Manager Alert Manager 1,12,23,34,4 4,3 Policy/Regime

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Regime Manager Alert Manager 1,12,23,34,4 4,3 Policy/Regime reconnaissance

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Regime Manager Alert Manager 1,12,23,34,4 4,3 Policy/Regime reconnaissance

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Regime Manager Alert Manager 1,12,23,34,4 4,3 Policy/Regime reconnaissance

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Regime Manager Alert Manager 1,12,23,34,4 4,3 Policy/Regime reconnaissance

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Policy/Regime Regime Manager web attack Proxy Server Regime Manager

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Policy/Regime web attack Regime Manager

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Policy/Regime web attack Regime Manager

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Policy/Regime web attack Regime Manager

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Policy/Regime Regime Manager web answer

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Policy/Regime Regime Manager

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Regime Manager Policy/Regime Block client Block URI

Simple Example e-Aggregator Challenge Response Repair Manager Proxy Server Alert Manager 1,12,23,34,4 4,3 Regime Manager Policy/Regime

Plans for Validation t Performance u Preliminary Results t Resistance to attacks u Compile a list of existing Web exploits u Run these against system u Problem: A very new attack, which we might not have thought about l Assembly of Complementary Mechanisms l Red Teaming?

Performance Measurement 1)Round-trip time measured through the proxy u Regime 1 — 4 2)Round-trip time measured directly for each application server Asking for index.html with all included images and measured round-trip time. About 34 kb in 9 requests.

Round-trip time 10 simultaneous clients

Response vs Number of Clients

Outline General principles Architecture overview Proxy functionality t Stopping Code Red t Summary

Stopping Code Red (and NIMDA) Proxy Bank IDS Appliance IIS 1. 3/4 of Code Red attempts miss the IIS server 2. IDS detects attempt. System invokes agreement mode 4. Clients get valid content while compromised server is rebuilt 3. In case of a successful infection, corrupt content is detected and reinfection attempts are blocked

Dependable Intrusion Tolerance t Intrusion Detection to Date u Seeks to detect an arbitrary number of attacks in progress u Relies on signature analysis and probabilistic (including Bayes) techniques u Response components immature u No concept of intrusion tolerance t New Emphasis u Detection, damage assessment, and recovery u Finite number of attacks or deviations from expected system behavior u Seek a synthesis of intrusion detection, unsupervised learning, and proof-based methods for the detection aspect u Concepts from fault tolerance are adapted to ensure delivery of service (possibly degraded)

Summary t Developing an adaptable intrusion tolerant server architecture t General Principles: u Hardened proxy u Redundant capability with diverse implementation u Adaptive response t A variety of IDS, symptom detectors, and on-line verifiers provide situational awareness t Stepped policy response enforces content agreement in suspicious situations

Future directions t Refine Alert Manager t Multiple proxies t Validate with existing exploits t Dynamic content

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.