Presentation is loading. Please wait.

Presentation is loading. Please wait.

Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon,

Published byArline Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon,"— Presentation transcript:

1 Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon, paul.s.miner}@nasa.gov NASA Langley 22 Oct 2003

2 Langley Research Center SPIDER Intrusion Tolerance2

3 Langley Research Center SPIDER Intrusion Tolerance3

4 Langley Research Center SPIDER Intrusion Tolerance4 Desired Security Properties Confidentiality No unauthorized disclosure of information Integrity No improper alteration of data Availability System always completes authorized actions From Jean-Claude Laprie, Dependability - Its Attributes, Impairments, and Means, In Randell, et al. Eds., Predictably Dependable Computer Systems, Springer- Verlag, 1995

5 Langley Research Center SPIDER Intrusion Tolerance5 Intrusion Resilience Make the system difficult to enter –Firewalls, strong encryption, up-to-date security patches, etc. Add monitoring so intrusions can be handled quickly –Automated network monitoring, audits, network isolation, etc. Great techniques, but they are not enough…

6 Langley Research Center SPIDER Intrusion Tolerance6 System Protection Goals Attackers look for the weakest link, so we need not just strong barriers, but … strong barriers and redundancy

7 Langley Research Center SPIDER Intrusion Tolerance7 Intrusion Tolerance Ability to preserve Availability and Integrity, in presence of bounded number of compromised network nodes A compromised node may exhibit Crashed (unable to deliver any service) Unable to deliver timely service (e.g. Denial of Service) Uniformly corrupted data (consistent misinformation) Arbitrary behavior (includes malicious human-directed behavior)

8 Langley Research Center SPIDER Intrusion Tolerance8 Fault-Tolerance (FT) and Intrusion Tolerance (InT) Similar Worst case scenario in FT is arbitrary behavior – identical to InT worst case Easily detectable failures (crash, omission) are similar in both domains Different Fault arrival rates are not comparable – In FT: independence of failure exponential fault arrival rate multiple fault scenarios are rare – In InT: expect coordinated attack potential for simultaneous arrival of multiple faults

9 Langley Research Center SPIDER Intrusion Tolerance9 What is SPIDER? A family of fault-tolerant architectures –Scalable Processor-Independent Design for Electromagnetic Resilience (SPIDER) A system built using SPIDER can continue to operate with –arbitrary malicious failures –many easy-to-detect failures –multiple simultaneous failures

10 Langley Research Center SPIDER Intrusion Tolerance10 ROBUS Topology PE 1 PE 2 PE 3 PE N BIU N BIU 3 BIU 2 BIU 1 ROBUS N,M RMU M RMU 2 RMU 1

11 Langley Research Center SPIDER Intrusion Tolerance11 SPIDER Fault Tolerance ROBUS Guarantees –All processors attached to a good port will observe identical message streams –All processors attached to a good port will by synchronized within a bounded amount of time –All processors attached to a good port will have correct and consistent diagnostic information From these guarantees SPIDER can provide –Interactive Consistency (Distributed Agreement) –Distributed Diagnosis –Clock Synchronization

12 Langley Research Center SPIDER Intrusion Tolerance12 Intrusion Tolerance and SPIDER With enough good (not compromised) nodes, SPIDER can still provide service Standard versions of fault tolerant protocols that can withstand a bounded number of faulty nodes –deemed too expensive in both time and space to be of practical use –variant of SPIDER protocols might provide cost-effective Intrusion Tolerance Fault arrival rates are different between fault tolerant and intrusion tolerant systems –SPIDER architecture designed for multiple active faults

13 Langley Research Center SPIDER Intrusion Tolerance13 Arbitrary Network Structures? ROBUS can use a distributed implementation (not necessarily optical) Can generalize the bus-oriented structure to establish a intrusion tolerant version of classical network topologies –Rings –Hub and Spoke –For any particular network topology, there is a corresponding intrusion tolerant topology (at cost of adding redundant links and nodes, and ensuring independence of failure) Many existing network structures may include sub-networks capable of supporting this idea

14 Langley Research Center SPIDER Intrusion Tolerance14 Network Concept RMUs BIU/PEs

15 Langley Research Center SPIDER Intrusion Tolerance15 Formal Verification Sound concepts with poor designs can result in security issues A poor design of these protocols could cause security problems Solution: formal verification SPIDER fault tolerance properties have been formally verified We expect any modifications to provide intrusion tolerance will also be formally verified.

16 Langley Research Center SPIDER Intrusion Tolerance16 Summary Intrusion resilience vs. Intrusion tolerance Techniques from fault tolerance used to achieve intrusion tolerance The SPIDER fault tolerant architecture may be adapted for intrusion tolerance

Download ppt "Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon,"

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.

DISTRIBUTED SYSTEMS II FAULT-TOLERANT BROADCAST Prof Philippas Tsigas Distributed Computing and Systems Research Group.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Bus Architectures for Satety- Critical Embedded Systems --by Harit Desai.

Bus Architectures for Satety- Critical Embedded Systems --by Harit Desai.
1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.

1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA 15213-3890 Dennis Smith, David Carney and Ed Morris DEAS.

Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.
Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.

Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.
SECURE AND FAULT TOLERANT VOTING IN DISTRIBUTED INFORMATION SYSTEMS 14 September 2001 Shambhu Upadhyaya SPIDER Lab CSE Department University at Buffalo.

SECURE AND FAULT TOLERANT VOTING IN DISTRIBUTED INFORMATION SYSTEMS 14 September 2001 Shambhu Upadhyaya SPIDER Lab CSE Department University at Buffalo.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.

Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.

2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Copyright ©2009 Opher Etzion Event Processing Course Engineering and implementation considerations (related to chapter 10)

Copyright ©2009 Opher Etzion Event Processing Course Engineering and implementation considerations (related to chapter 10)
Applied Cryptography for Network Security

Applied Cryptography for Network Security

Similar presentations

Ads by Google