Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Slides:

Advertisements

Similar presentations

Protecting Software Code By Guards - by Hoi Chang and Mikhail J. Atallah “Many software-based mechanisms for protecting program code are too weak[…] or.

Advertisements

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

Database Administration and Security Transparencies 1.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

Lecture 1: Overview modified from slides of Lawrie Brown.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Stephen S. Yau CSE , Fall Security Strategies.

Software Process and Product Metrics

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Department Of Computer Engineering

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

Success status, page 1 Collaborative learning for security and repair in application communities MIT & Determina AC PI meeting July 10, 2007 Milestones.

1 Autonomic Computing An Introduction Guenter Kickinger.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

RUP Fundamentals - Instructor Notes

CLEANROOM SOFTWARE ENGINEERING.

Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.

Architecture Update. Guest Host HOST COMPONENTS VERNIER Community Level: Connected Clusters User Node KB Super Node COMMUNITY MONITOR SERVLET WEB SERVER.

Stamping out worms and other Internet pests Miguel Castro Microsoft Research.

Integrity Through Mediated Interfaces PI Meeting: Feb 22-23, 2000 Bob Balzer Information Sciences Institute Legend: Changes from previous.

Fault Diagnosis System for Wireless Sensor Networks Praharshana Perera Supervisors: Luciana Moreira Sá de Souza Christian Decker.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Cluster Reliability Project ISIS Vanderbilt University.

Service Transition & Planning Service Validation & Testing

EGEE is a project funded by the European Union under contract IST Testing processes Leanne Guy Testing activity manager JRA1 All hands meeting,

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

Quasi-Static Binary Analysis Hassen Saidi. Quasi-Static Analysis in VERNIER Node level: –Quasi-static analysis is a detector of malicious and bad behavior.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Stamping out worms and other Internet pests Miguel Castro Microsoft Research.

1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.

Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Role Of Network IDS in Network Perimeter Defense.

Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

IS3220 Information Technology Infrastructure Security

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

CS457 Introduction to Information Security Systems

Securing Network Servers

Critical Security Controls

System Management Issues for the Future Real-Time University Environment Tom Board September 22, 2004 Northwestern University Information Technology.

Self Healing and Dynamic Construction Framework:

Chapter 8 – Software Testing

Security Engineering.

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

IS4680 Security Auditing for Compliance

The University of Adelaide, School of Computer Science

Chapter 4: Protecting the Organization

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Cyber Security in a Risk Management Framework

Data Security and Privacy Techniques for Modern Databases

Presentation transcript:

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007

2 Application Communities PI Meeting July 10, 2007 Outline Progress summary Architecture update Binary quasi-static analysis Syzygy: distributed detection of anomalous application behavior Looking ahead: test and evaluation Preview of DARPATech 2007 demo

3 Application Communities PI Meeting July 10, 2007 Progress Summary Detection –Syzygy Implementation and integration Preliminary tests and evaluation Principal detection capability for DARPATech demo –Quasi-static Implementation of offline model construction and runtime monitoring Preliminary tests and evaluation Demonstration of detection capability on a real exploit Diagnosis –Configuration diagnosis Expanded diagnosis results to sets of features, rather than single, rarest feature Expanded comparative diagnosis to factor in the health status of nodes

4 Application Communities PI Meeting July 10, 2007 Progress Summary (2) Response –Dynamic firewall Temporary, targeted restriction on normally permitted traffic Status: mostly implemented (a few integration details remain) –Fine-grained uninstaller Implemented and integrated Enhanced with UI to inform community users of proposed response and provide an opportunity to block it

5 Application Communities PI Meeting July 10, 2007 Progress Summary (3) System development –Enhanced testbed automation to facilitate experimentation and evaluation Individual users (researchers and developers) can more easily setup, startup, and shutdown separate VERNIER application communities –Prototype situation awareness monitor and user interface –Generalized APIs to ease future integration –Emergence of first-generation integrated VERNIER system –Demonstration for DARPATech 2007

Architecture Update

Binary Quasi-static Analysis

Syzygy

Test and Evaluation

10 Application Communities PI Meeting July 10, 2007 Measuring Success Long-standing issue: how will the extent to which VERNIER succeeds in its goals be measured? Metrics –We have posed a set of general metrics (detection false positives and false negatives, effectiveness of response, performance overhead, response time) with specific numbers –A context and framework for evaluation are needed to make those metrics meaningful To establish an evaluation framework, we must define the intended scope of VERNIER application community protection –Threats considered, threats not considered –Scope of detection –Scope of threat mitigation and recovery from impairment

11 Application Communities PI Meeting July 10, 2007 VERNIER Scope of Protection High-level goal: maintain normal functionality of application communities –Maximize availability of correctly functioning application resources for the intended purposes of end users Detect conditions indicative of potential damage Limit the spread of such conditions Remediate damage when it occurs –Community resilience in the face of localized failures Areas of focus –Availability and integrity; confidentiality is secondary –End-user applications, not services Much more community knowledge to leverage in the application space Protection of services may be better addressed by preventive strategies

12 Application Communities PI Meeting July 10, 2007 Threat Scope VERNIER focus: loss of control –Loss of availability of legitimate functionality –Loss of integrity that could enable further attacks Loss of control may take a variety of forms –Execution of malicious or erroneous code –Unintended modification of dynamic application state –Unintended modification of static application configuration –Unintended modification of operating system configuration and state Loss of control may be achieved in a variety of ways –Remote exploitation of networking vulnerabilities –Application vulnerabilities exploited through the distribution of malicious data –Deception, including Trojan-horse software and social engineering –New bugs or errors introduced by new software or configuration

13 Application Communities PI Meeting July 10, 2007 Threats out of Scope Insider threats –Not primarily an issue of weakness of COTS monocultures Breaches of confidentiality –VERNIER’s defenses against loss of integrity do help, but serious breaches can result from even small data extraction from one node –Not much opportunity for community leverage in defense, nor much that can be done to recover Ubiquitous bugs –Where there is some variation, we have an opportunity –When identical bugs are present everywhere, we don’t External network and server failures –VERNIER cannot protect what it does not directly control Legitimate load failures –We do not protect against failures that result from an excess of legitmate load, such as a user running too many simultaneous applications

14 Application Communities PI Meeting July 10, 2007 Scope of Detection Detection CategoryDetectorsTypeAutomated? Incorrect application behavior Syzygy (correlated application anomalies) Anomaly Quasi-staticAnomaly Malicious process Host-based bot detection (BotSwat) Signature Hidden process (Rootkit)Signature Network traffic Network-based bot detection (BotHunter) Signature User impairmentUser reportAnomaly Configuration change Community prevalenceWeak anomaly Change detectionWeak anomaly

15 Application Communities PI Meeting July 10, 2007 Scope of Response CategoryResponseTypeGranularity Network configuration Dynamic firewallMitigationFine Node quarantineMitigationCoarse System configuration Software blacklistMitigationFine Fine-grained uninstaller RecoveryFine System state Process terminationMitigation & RecoveryFine Pre-impairment rollback RecoveryCoarse

16 Application Communities PI Meeting July 10, 2007 Approaching Evaluation A possible approach: a set of red-team “games” in two categories –Component-oriented tests Test the effectiveness of specific components Example: measure FP/FN rates for specific detectors –End-to-end scenarios Evaluate the system as a whole against go/no-go metrics in a set of end-to-end attack scenarios To be defined: –“Scoring” system and baselines –Ground rules What the red team can and cannot do What the blue team can and cannot do

Preview of DARPATech Demo