Tolerating Intrusions Through Secure System Reconfiguration Dennis Heimbigner and Alexander Wolf University of Colorado at Boulder John Knight University.

Slides:

Advertisements

Similar presentations

What’s New for 2013 Steve Allen CEO, iDatix Corproation.

Advertisements

A Cooperative Approach to Support Software Deployment Using the Software Dock by R. Hall, D. Heimbigner, A. Wolf Sachin Chouksey Ebru Dincel.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

[Insert Project Name] Detailed Design Review (DDR) [Insert Date of DDR] Centers for Medicare & Medicaid Services eXpedited Life Cycle (XLC)

Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

02/12/00 E-Business Architecture

A Cooperative Approach to Support Software Deployment using the Software Dock Dennis Heimbigner Richard S. Hall Alexander L. Wolf Software Engineering.

Mobile Agents: A Key for Effective Pervasive Computing Roberto Speicys Cardoso & Fabio Kon University of São Paulo - Brazil.

AGENT-BASED APPROACH FOR ELECTRICITY DISTRIBUTION SYSTEMS University of Jyväskylä University of Vaasa Acknowledgements: Industrial Ontologies Group.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Network Enabled Capability Through Innovative Systems Engineering Service Oriented Integration of Systems for Military Capability Duncan Russell, Nik Looker,

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

Stephen S. Yau CSE , Fall Security Strategies.

Robots at Work Dr Gerard McKee Active Robotics Laboratory School of Systems Engineering The University of Reading, UK

Trends & Challenges Systems Supporting M-Commerce Nour El Kadri University of Ottawa.

QoS-enabled middleware by Saltanat Mashirova. Distributed applications Distributed applications have distinctly different characteristics than conventional.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

ITE 370. Deployment Deployment is the process used to distribute a finished application (or component) to be installed on other computers.

BMC Software confidential. BMC Performance Manager Will Brown.

SEC835 Database and Web application security Information Security Architecture.

Quality Assurance for Component- Based Software Development Cai Xia (Mphil Term1) Supervisor: Prof. Michael R. Lyu 5 May, 2000.

Test Organization and Management

FINANCIAL SERVICES INTEGRATION INDUSTRY SOLUTION.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

A Framework for Automated Web Application Security Evaluation

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Service Transition & Planning Service Validation & Testing

UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C

Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy

Copyright John C. Knight SOFTWARE ENGINEERING FOR DEPENDABLE SYSTEMS John C. Knight Department of Computer Science University of Virginia.

Ocean Observatories Initiative OOI Cyberinfrastructure Architecture Overview Michael Meisinger September 29, 2009.

The Willow System Implementation Intrusion Tolerance Through Secure System Reconfiguration OASIS PI Meeting Santa Rosa, CA August 2002.

Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

MagicNET: Security System for Protection of Mobile Agents.

1 IA&S IA&S Roadmap and ITS Direction Dr. Jay Lala ITS Program Manager 23 February, 2000.

Department of Electronic Engineering Challenges & Proposals INFSO Information Day e-Infrastructure Grid Initiatives 26/27 May.

Service Service metadata what Service is who responsible for service constraints service creation service maintenance service deployment rules rules processing.

COGNOS 8BI Introduction and Architecture

Microsoft Management Seminar Series SMS 2003 Change Management.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Self-healing Architectures based on context DEpendent adaptive Software Agents (SADESA) – an extension of EU-IST Project SAFEGUARD DeSIRE Workshop Pisa,

CSCE 548 Secure Software Development Security Operations.

Abstract A Structured Approach for Modular Design: A Plug and Play Middleware for Sensory Modules, Actuation Platforms, Task Descriptions and Implementations.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

From Information Assurance to Trusted Systems – A Strategic Shift Patricia A. Muoio Chief, NSA Trusted Systems Research (formerly known as National Information.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Module 1 Introduction to SQL Server® 2008 R2 and its Toolset.

PnP Networks Self-Aware Networks Self-Aware Networks Self-Healing and Self-Defense via Aware and Vigilant Networks PnP Networks, Inc. August, 2002.

The Willow System Implementation John C. Knight University of Virginia Dennis Heimbigner University of Colorado Intrusion Tolerance Through Secure System.

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Microsoft ® Official Course Module 6 Managing Software Distribution and Deployment by Using Packages and Programs.

March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.

ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.

An Urgent National Imperative

Presentation transcript:

Tolerating Intrusions Through Secure System Reconfiguration Dennis Heimbigner and Alexander Wolf University of Colorado at Boulder John Knight University of Virginia Prem Devanbu, Michael Gertz, and Karl Levitt University of California at Davis

Distributed Active Mngmt. & Control (before/during/after) ATTACKS Intrusion Tolerance Mechanism Critical System Secure System Configuration/ Reconfiguration Secure System Configuration/ Reconfiguration Project Overview Solution Requirements Timely Assured Mediated Automated Driving Principles Bend, don’t break Proactive and reactive Specification/model-based Dynamic tolerance evolution Critical Systems Families Distributed Networked Componentized Configurability Specifications Configurability Specifications Privilege Specifications Privilege Specifications Survivability Specifications Survivability Specifications

Posturing Anticipated Attacks Anticipated Attacks Intelligence Information Intelligence Information Vulnerability Analysis Vulnerability Analysis Operational Experience Operational Experience Analysis Posture AttackedThreatenedOver hardened Secure System Configuration/ Reconfiguration Secure System Configuration/ Reconfiguration No requirement to mask faults

Survivability Architecture (Logical View) Reactive Active Control Active Control Proactive Active Management Active Management New Postures New Postures Commands Operator Administrator Intelligence Analysis Development Trust boundary During Attack Before and After Attack

Survivability Architecture (Physical View) Field Reconfiguration Controller Mediator + Authority Configured Components Activated System Activated System Event Service Coordination Service Depot CIDF Models Agents Models Agents Configured Components Reconfiguration control and/or data channel Event channel Application control and/or data channel Component activation Component deactivation Standard reconfiguration interface Models Agents Components Depot Models Agents Components Mediator Field Reconfiguration Controller Mediator

Integrated Technology Strategy u Application reconfiguration for survivability –RAPTOR modeling system –Survivability specification u Agent-based software configuration and deployment –Software Dock software deployment system –Siena wide-area event notification service u Agent and information security –Secure, flexible information access –Trusted code on untrustworthy platforms

RAPTOR Modeling System u Arbitrary network topologies u Large model support u Demonstration: –FedWire payment system – banks –Terrorist bombs –Coordinated attacks u Windows 2000 platform u Available for download soon Vulnerabilities Network Topology Node Semantics Symptoms Network Model Visualization Run-time input Model specification

Software Dock Release Retire Install Update Reconfig Adapt Activate Remove Deactivate Development Producer-side Consumer-side Event Service Event Service Field docks represent the consumer and provide an interface to the consumer site Wide-area event service provides connectivity Agents provide deployment process functionality Release docks represent the producer and are a repository of configurable releases Release Dock Release Dock Field Dock Field Dock Field Dock Field Dock Agent u Automated wide-area software deployment u Declarative family configurability u Comprehensive life cycle coverage

Secure, Flexible Information Access Publisher 1 Publisher n Owner 1 Owner n Agent Mediator Authority Trusted UntrustedSometimes trusted u Mediators provide to agents information obtained from model owners via publishers u Two complementary forms of security: –Publishers answer queries from mediators, and are untrusted, online, and distinct from owners; they use no secret keys –Authorities, under administrative control, can certify and revoke owner keys and privileges

Evaluation u Continuous assessment –Increasingly sophisticated models –Increasingly capable prototypes u Scenario-based approach –Increasingly complex attacks –Informed by interaction with domain experts »banking and finance, power, transportation »security threats and vulnerabilities u Symptom and vulnerability injection u Metrics: speed, precision, and availability