Presentation is loading. Please wait.

Presentation is loading. Please wait.

Athith Amarnath, graduate Student Database and Security Research Group

Published byΦῆστος Ζυγομαλάς Modified over 6 years ago

Similar presentations

Presentation on theme: "Athith Amarnath, graduate Student Database and Security Research Group"— Presentation transcript:

1 Implementation of Access Control Reference Monitor Security using Moving Target Defense
Athith Amarnath, graduate Student Database and Security Research Group Department of Computer Science

2 Problem Statement Security is a very serious concern in this era of digital world Access Control Enforcement with strong policies that ensures the confidentiality, availability and integrity of data of interest, protecting them is equally important Access Control Enforcement achieved by trusted computing base assumed to be tamper proof Difficult to achieve without fully implementing the security kernel in trusted hardware Single server hosting access control enforcement can be vulnerable Attacker can eavesdrop, spoof and finally gain access by exploiting vulnerabilities in the system

3 Proposed Solution – Moving Target Defense
1 2 3 4 Service Location Protocol L Implementation of Leader Election Protocol Extension of Byzantine Fault detection using Consensus Algorithm Time-Driven and Event- Driven Election strategy Usage of Selection Location Protocol to locate the leader Messages signed an verified using Digital Signature Algorithm (DSA)

4 Moving Target Defense Approach
Group of nodes providing the service instead of a single node Election Term - a node chosen as a Leader providing Access Control Service for a fixed amount of time Leader – a node elected using the byzantine consensus algorithm providing service for an election term

5 Moving Target Defense Architecture
UA – User Agent DA – Directory Agent FD – Fault Detector EM – Election Module MM – Migration Module

6 Leader Election Protocol
Coordinator c is given by c = r mod n + 1 where r = number of election term, n = number of nodes This protocol can work with k byzantine nodes where k = (n – 1) / 3

7 Service Location Protocol

8 Result Nodes (n) No. of Max Faults (k) No. of LEP messages exchanged
LEP time (s) Service Registration Time (s) Access respone time (s) User Agent Query Time (s) 5 1 130 2.16 0.012 0.095 21.043 8 2 328 3.389 0.2 0.062 24.05 10 3 510 4.261 0.034 0.074 24.054 13 4 858 6.08 0.07 21.053 15 1140 6.473 0.056 0.057 24.055 20 6 2020 8.694 0.045 0.078 24.045 25 3150 10.754 0.58 0.73 24.034

9 Problems with this Approach
Leader Election protocol is Deterministic Fault Detector detects nodes that deviate from the algorithm or do not follow the message format

10

Download ppt "Athith Amarnath, graduate Student Database and Security Research Group"

Similar presentations

Secure Mobile IP Communication

Secure Mobile IP Communication
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Bazara Barry1 Security on Networks and Information Systems Bazara I. A. Barry Department of Computer Science – University of Khartoum www.itrc.sd/staff/bazara.html.

Bazara Barry1 Security on Networks and Information Systems Bazara I. A. Barry Department of Computer Science – University of Khartoum
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
March 24, 2003Upadhyaya – IWIA 20031 A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.

March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Similar presentations

Ads by Google