Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

Published byAubrey Cox Modified over 9 years ago

Similar presentations

Presentation on theme: "Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally"— Presentation transcript:

1 Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally gtally@nai.com

2 July 17-21, 2000 2 Motivation Mission critical applications being developed using CORBA on COTS platforms CORBA Security protects at middleware level, but applications vulnerable to O/S and network attacks Fault Tolerant CORBA does not protect against malicious faults

3 July 17-21, 2000 3 Technical Objectives Provide intrusion tolerance for CORBA applications System level approach – Middleware Eliminate reliance on any single server – secure, reliable group communication directly between clients and replicated servers Detect Byzantine (arbitrary) faults in servers Support heterogeneity (diversity of implementation) – Boundary controllers (firewalls) Protocol inspection End-to-end authentication between clients and servers

4 July 17-21, 2000 4 Existing Approaches OMG supports Fault Tolerance for CORBA – Not intrusion tolerant – Not fully interoperable – No firewall support Prior and Current Research – Avoided ORB changes by intercepting process level communications; forces homogeneous server implementation – Use of “primary” or “lead” server; cannot tolerate Byzantine faults – Ensemble, Maestro, AQuA, Rampart, Eternal, others

5 July 17-21, 2000 5 Technical Approach Leverage prior work on fault tolerant CORBA; secure, reliable, authenticated multicast; total ordering; Byzantine fault detection Active replication of servers with voting Protect client and server hosts with application proxy firewall; include firewall in multicast group Integrate with open-source ORB – Detect value faults above CDR encode/decode layer – Replace transport layer with secure, reliable, authenticated multicast – Handle duplicate requests and replies

6 July 17-21, 2000 6 Conceptual Overview Firewall Secure, Reliable, Auth. Multicast GIOP Proxy Client Application Code IT ORB Value Fault Detection / Voting Redundant Msg. Exclusion Encode/Decode Time, Crash, other Fault Detection Secure, Reliable, Auth. Multicast Firewall M-Cast GIOP Proxy Server Application Code IT ORB Server Application Code IT ORB Server Application Code IT ORB Firewall M-Cast GIOP Proxy Firewall M-Cast GIOP Proxy Client-Side Firewall Server-Side Firewalls Redundant Servers

7 July 17-21, 2000 7 Approach -- What’s Different ? All servers are equal – eliminate need for “primary” or “lead” server Detect value faults in the ORB – encoding of CORBA messages depends on the source platform (i.e, byte ordering) – permits heterogeneous implementations Application proxy firewall integrated into the architecture – better protection for COTS client and server hosts – end-to-end authentication of client and server – may have better performance than IIOP/SSL proxies

8 July 17-21, 2000 8 Risks and Mitigation Plans Performance of secure, reliable, authenticated multicast – Mitigation Plan: Evaluate and experiment with existing research prototypes Design replaceable transport layer Take advantage of research advances as they become available Defense against DoS attacks by compromised servers – Mitigation Plan: Rely on intruder tracing (IDIP?) to find source and block

9 July 17-21, 2000 9 Expected Achievements At least one implementation of an ORB on two more more heterogeneous platforms that tolerates Byzantine faults Integrated application proxy firewall support to protect COTS client and server hosts Understand trade-off between performance and degrees of intrusion tolerance

10 July 17-21, 2000 10 Metrics Cost/benefit of redundant servers – Tolerance of Byzantine faults (number of faulted servers) vs. impact on throughput due to additional replication – Throughput measured by operations per second Countermeasure Characterization using either IA or IASET methodology Experimentation at the TIC to validate countermeasure claims

11 July 17-21, 2000 11 Policy Issues Assumptions – Other mechanisms enforce QoS and QoP policies – CORBA Security could be added to architecture to provide other services (access control, audit, non-repudiation, etc.) – Can integrate with intruder tracing mechanisms (e.g., IDIP) to handle denial of service attacks Enforcement Mechanisms – Need policy for group membership: servers, clients, and firewalls – Standard firewall permit/deny policy extended for secure, reliable, authenticated multicast

12 July 17-21, 2000 12 Schedule

13 July 17-21, 2000 13 Technology Transfer Work with OMG to revise existing specifications, create new specifications – Fault Tolerance specification – Unreliable Multicast specification – Firewall specification Joint experimentation with other DARPA and DoD programs Conferences and workshops

Download ppt "Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally"

Similar presentations

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Intrusion Tolerant Distributed Object Systems 2002 OASIS Winter PI Meeting Hilton Head, SC March 12, 2002 Gregg Tally Gregg Tally Brent Whitmore Brent.

Intrusion Tolerant Distributed Object Systems 2002 OASIS Winter PI Meeting Hilton Head, SC March 12, 2002 Gregg Tally Gregg Tally Brent Whitmore Brent.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.

Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.
Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.

Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York 14853.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
Reliability on Web Services Presented by Pat Chan 17/10/2005.

Reliability on Web Services Presented by Pat Chan 17/10/2005.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.

WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.
Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.
1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.

1 Quality Objects: Advanced Middleware for Wide Area Distributed Applications Rick Schantz Quality Objects: Advanced Middleware for Large Scale Wide Area.
Revision Week 13 – Lecture 2. The exam 5 questions Multiple parts Read the question carefully Look at the marks as an indication of how much thought and.

Revision Week 13 – Lecture 2. The exam 5 questions Multiple parts Read the question carefully Look at the marks as an indication of how much thought and.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Distributed Information Systems - The Client server model

Distributed Information Systems - The Client server model
Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.

Faculty of Electrical Engineering, Technion DSN 2004 Gal Badishi Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
23 September 2004 Evaluating Adaptive Middleware Load Balancing Strategies for Middleware Systems Department of Electrical Engineering & Computer Science.

23 September 2004 Evaluating Adaptive Middleware Load Balancing Strategies for Middleware Systems Department of Electrical Engineering & Computer Science.
Zoltán Mann: Tracing CORBA applications 1/22 Tracing CORBA applications using interceptors Zoltán Mann Supervisor: Dr. Károly Kondorosi Budapest University.

Zoltán Mann: Tracing CORBA applications 1/22 Tracing CORBA applications using interceptors Zoltán Mann Supervisor: Dr. Károly Kondorosi Budapest University.

Similar presentations

Ads by Google