A Systematic Survey of Self-Protecting Software Systems

Slides:

Advertisements

Similar presentations

Tanmoy Sarkar, Johnny Wong, Samik Basu Response to Collaborative Attacks Against Network Vulnerability Iowa State University, Department Of Computer Science.

Advertisements

Self-Managing Anycast Routing for DNS

SLA-Oriented Resource Provisioning for Cloud Computing

Welcome to DEAS 2005 Design and Evolution of Autonomic Application Software David Garlan, CMU Marin Litoiu, IBM CAS Hausi A. Müller, UVic John Mylopoulos,

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

Autonomic Systems Justin Moles, Winter 2006 Security in an Autonomic Computing Environment Paper by: D. M. Chess, C. C. Palmer S. R. White Presentation.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

Architecture Support for Security Peter Chapman Michael Maass.

Yingping Huang and Gregory Madey University of Notre Dame A W S utonomic eb-based imulation Presented by Tariq M. King Published by the IEEE Computer Society.

A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Autonomic Computing Shafay Shamail Malik Jahan Khan.

Introduction to the new mainframe: Large-Scale Commercial Computing © Copyright IBM Corp., All rights reserved. Chapter 8: Autonomic computing.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.

Mark W. Propst Scientific Research Corporation.  Attack Motivations  Vulnerability Classification  Traffic Pattern Analysis  Testing Barriers  Concluding.

SEC835 Database and Web application security Information Security Architecture.

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.

1 Autonomic Computing An Introduction Guenter Kickinger.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

BotNet Detection Techniques By Shreyas Sali

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

An Approach to Test Autonomic Containers Ronald Stevens (IEEE Computer Society & ACM Student Member) August 1, 2006 REU Sponsored by NSF.

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

WELCOME. AUTONOMIC COMPUTING PRESENTED BY: NIKHIL P S7 IT ROLL NO: 33.

AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

Securing Wired Local Area Networks(LANs)

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

Active Security Ryan Hand, Michael Ton, Eric Keller.

PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.

MagicNET: Security System for Protection of Mobile Agents.

1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

THE VISION OF AUTONOMIC COMPUTING. WHAT IS AUTONOMIC COMPUTING ? “ Autonomic Computing refers to computing infrastructure that adapts (automatically)

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Data Mining BS/MS Project Anomaly Detection for Cyber Security Presentation by Mike Calder.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

The Vision of Autonomic Computing Self-Management Unit 7-2 Managing the Digital Enterprise Kephart, and Chess.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

Modeling Complex Systems by Separating Application and Security Concerns H. Gomaa, M. Shin, "Modeling Complex Systems by Separating Application and Security.

Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston,

Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

1 OS Security. 2 Introduction Network/OS security represents a hot topic in the IT world. Security: warranty/steps that must be taken to protect a computer.

AUTONOMIC COMPUTING B.Akhila Priya 06211A0504. Present-day IT environments are complex, heterogeneous in terms of software and hardware from multiple.

By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.

Some Great Open Source Intrusion Detection Systems (IDSs)

SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Software Risk Management

Design for Security Pepper.

Network Security Analysis Name : Waleed Al-Rumaih ID :

Detection and Analysis of Threats to the Energy Sector (DATES)

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

Detecting Targeted Attacks Using Shadow Honeypots

ASPECT ORIENTATED PROGRAMMING RESEARCH

Jigar.B.Katariya (08291A0531) E.Mahesh (08291A0542)

Final Conference 18 Set 2018.

Autonomous Network Alerting Systems and Programmable Networks

Improving Data Security & Protection Using Data Provenance Figure 1

Presentation transcript:

A Systematic Survey of Self-Protecting Software Systems Dustin Gardner 9/22/15 E. Yuan and S. Malek, “A taxonomy and survey of self-protecting software systems,” ICSE Work. Softw. Eng. Adapt. Self-Managing Syst., vol. 8, no. 4, pp. 109–118, 2012.

Overview Autonomic Computing Defining Self-Protection Survey Process followed Process applied Interesting observations

Autonomic Computing Self Managed Systems Joseph J. and Fellenstein C., Autonomic Computing - http://flylib.com/books/en/1.414.1.36/1/

Autonomic Element MAPE-K This is the most basic part of an autonomic system, an autonomic element. Multiple elements interact with each other to create an autonomic system. O. Jeffrey and M. David, “The Vision of Autonomic Computing,” IEEE Comput., vol. 36, no. January, pp. 41–50, 2003.

What are self-protecting software systems? Software Systems that detect and mitigate threats at runtime, not statically. Two main perspectives on protection systems Reactive – system automatically defends against attacks Proactive – system anticipates attacks and takes steps to mitigate them Pg 17:1 Kephart & Chess referenced in the text == The reference on this slide O. Jeffrey and M. David, “The Vision of Autonomic Computing,” IEEE Comput., vol. 36, no. January, pp. 41–50, 2003. Pg 17:1

Why Self-Protecting Software Systems? Increasing Cyber Threats Conficker worm Stuxnet worm Static security solutions insufficient Software is increasingly dynamic at runtime Why shouldn’t security measures? From Pg 17:2 & 17:3 The conficker worm caused largest computer infection in history. The stuxnet worm is the first known malware to target and subvert industrial control systems. Pg 17:2 & 17:3

Self-Protection - Defined Differ from ITS & IRS Not intrusion-centric & perimeter based Local (Base) & Global (Meta) loops Example: Upon sensing an unusual data retreival pattern from a windows server, the global loop shuts down the server and redirects all traffic to a backup Linux server. From Pg 17:5 One should not interpret this reference architecture to mean that the base level subsystem is agnostic to security concerns. The base-level subsystem may incorporate various security mechanisms, such as authentication, encryption, etc. It is the decision of when and how those security mechanisms are employed that rests with the meta-level subsystem. Security objectives specified by human stakeholders Pg 17:5

Moving to the ‘bread and butter’ Survey & Taxonomy 1030 papers selected 107 papers made the cut Systematic Pg 17:2 & 17:29

The Systematic System Pg 17:29

Taxonomy (RQ1) Pg 17:9 & 17:10

Taxonomy Applied (1)(RQ2) Pg 17:32

Taxonomy Applied (2) (RQ2) Pg 17:33

Taxonomy Applied (3) (RQ2) Pg 17:34

Observations From (“WHAT”)(RQ3) Self-Protection Levels Depths-of-Defense Layers Protection Goals Pg 17:15-18

Self-Protection & Depths-of-Defense Self-Protection Levels This is because of the difficulty involved with the machine learning. This issue isn’t limited to Self-protection within AC, but within all four sub-domains of self-*. Depths-of-Defense Layers Need for research applying to attack prediction and prevention Pg 17:16

Protection Goal Observations Most focus on one or two, but not all three goals. Small confidentiality & availability overlap expected E.G. – host-based intrusion, restart server Confidentiality & Integrity Preserved Not availability! Pg 17:18

Observations from (“HOW”)(RQ3) Control Topology Response Timing Enforcement Locale Pg 17:18-21

A Chart of All Three Reactive paradigm still norm, but proactive approaches catching up Why are these so skewed? Traditional focus on “perimeter” Pg 17:22

Observations from Approach Quality Validation Method Repeatability Applicability Pg 17:26

Charts of all Three Extremely low repeatability (12%) High Applicability (60%) Why? High percent of applicable implementations, prototypes, tools, etc. not available to public Pg 17:26 Low repeatability because of the nature of the business of security.

What are the applications of all this? The paper presents numerous great areas of research to focus See the page referenced Combine both reactive and proactive mechanisms for overall system protection and monitoring Leverage the techniques and communities from ID, IR, IT and others toward achieving a common goal Pg 17:28

Conclusion Self-Protection is increasingly important Faces many challenges This survey was a great starting point for my research

Questions?