Presentation is loading. Please wait.

Presentation is loading. Please wait.

PASIS: Perpetually Available and Secure Information Systems Greg Ganger, Pradeep Khosla, Chenxi Wang, Mehmet Bakkaloglu,

Published byGary Meador Modified over 9 years ago

Similar presentations

Presentation on theme: "PASIS: Perpetually Available and Secure Information Systems Greg Ganger, Pradeep Khosla, Chenxi Wang, Mehmet Bakkaloglu,"— Presentation transcript:

1 PASIS: Perpetually Available and Secure Information Systems http://www.ices.cmu.edu/pasis/ Greg Ganger, Pradeep Khosla, Chenxi Wang, Mehmet Bakkaloglu, Michael Bigrigg, Garth Goodson, Semih Oguz, Vijay Pandurangan, Craig Soules, John Strunk, Ken Tew, Cory Williams, Ted Wong, Jay Wylie Carnegie Mellon University

2 Greg Ganger January 2002http://www.pdl.cmu.edu/2 Create information storage systems that are Perpetually Available Information should always be available even when some system components are down or unavailable Perpetually Secure Information integrity and confidentiality should always be enforced even when some system components are compromised Graceful in degradation Information access functionality and performance should degrade gracefully as system components fail Assumptions – Some components will fail, some components will be compromised, some components will be inconsistent, BUT………. surviving components allow the information storage system to survive PASIS Objective

3 Greg Ganger January 2002http://www.pdl.cmu.edu/3  Surviving “server-side” intrusions  decentralization + data distribution schemes  provides for availability and security of storage  Surviving “client-side” intrusions  server-side data versioning and request auditing  enables intrusion diagnosis and recovery  Tradeoff management balances availability, security, and performance  maximize performance given other two Survivable Storage Systems

4 Greg Ganger January 2002http://www.pdl.cmu.edu/4 Self-Securing Storage Storage that protects itself prevents destruction of stored data prevents undetectable modifications looks for suspicious storage activity Effective tool for intrusion survival Detection: watches storage events and triggers alarms Diagnosis: provides info for administrators to analyze Recovery: provides complete history of data versions

5 Greg Ganger January 2002http://www.pdl.cmu.edu/5 Step #1: Additional Security Perimeter File System Application Host Operating System System Calls Storage Requests Insecure RPC or Device Driver RPC or Device Driver Storage protected by device Secure New security perimeter S4S4  Exploit storage device properties – Establish security perimeter around the device

6 Greg Ganger January 2002http://www.pdl.cmu.edu/6 Step #2: Internal Versioning & Auditing File 1 File 2 File (n-1) File n History pool 9/7/99 9:37:05 9/4/99 7:28:11... time

7 Greg Ganger January 2002http://www.pdl.cmu.edu/7 Step #2: Internal Versioning & Auditing File 1 File 2 File (n-1) File n Detection Window Expired versions History pool 9/7/99 9:37:05 9/4/99 7:28:11... time

8 Greg Ganger January 2002http://www.pdl.cmu.edu/8 Step #2: Internal Versioning & Auditing File 1 File 2 File (n-1) File n Detection Window Expired versions History pool 9/7/99 9:37:05 9/4/99 7:28:11... time  Storage device logs all requests –Audit log is externally read-only

9 Greg Ganger January 2002http://www.pdl.cmu.edu/9 Feasibility Evaluation (OSDI’00) Capacity requirements Question: Are large detection windows feasible? Conclusion: Weeks or months are possible Performance overheads Question: Are performance costs too high? Conclusion: Performance overhead is small … (<)<15% cost for versioning and auditing

10 Greg Ganger January 2002http://www.pdl.cmu.edu/10 Benefits of Self-Securing Storage Storage-based intrusion detection A new opportunity (and viewpoint) to observe Informed analysis of security compromises Log tampering is visible and recoverable Capture exploit tools stored on the target Faster, better recovery Earlier states still in history pool Legitimate changes still present in history pool also, recovery from accidental deletion

11 Greg Ganger January 2002http://www.pdl.cmu.edu/11 Storage-based Intrusion Detection Standard goal: Detect suspicious activity New opportunities to observe: 1.Changes to static files sshd, /bin/login, shell programs, config. files, etc. 2.Unexpected patterns of changes non-append changes to audit log, etc. 3.Corruption of well-understood files /etc/passwd, /var/log/wtmp, etc. 4.Suspicious content known viruses, hidden files or directories, etc.

12 Greg Ganger January 2002http://www.pdl.cmu.edu/12 for comparison... Stronger than current storage-related IDSs e.g., Tripwire or virus scanners These periodically run on host and compare filesystem state to reference database or known viruses Stronger because detection checks can be in real time they can’t be turned off in compromised host system they can’t be spoofed or filtered by intermediary they do not rely on reference database

13 Greg Ganger January 2002http://www.pdl.cmu.edu/13 Post-Intrusion Diagnosis Goal: Determine what/when it happened Self-securing storage informs key questions When did the intrusion happen? needed for recovery How did they get in? including capture of exploit tools for analysis What files were read, written, and seen tainted? damage estimation

14 Greg Ganger January 2002http://www.pdl.cmu.edu/14 For comparison: Conventional Diagnosis

15 Greg Ganger January 2002http://www.pdl.cmu.edu/15 Hardcore Conventional Diagnosis BIG forensics effort required before analysis discovering deleted evidence from deleted inodes unallocated blocks slack space in the final block of files problems that this causes incomplete info is difficult to analyze most evidence is completely gone Self-securing storage puts focus on analysis all storage actions and states are preserved

16 Greg Ganger January 2002http://www.pdl.cmu.edu/16 Post-Intrusion Recovery Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data

17 Greg Ganger January 2002http://www.pdl.cmu.edu/17 Post-Intrusion Recovery Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data

18 Greg Ganger January 2002http://www.pdl.cmu.edu/18 Restore pre-intrusion versions rapidly Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data Restoring pre-intrusion state

19 Greg Ganger January 2002http://www.pdl.cmu.edu/19 Copy-forward users’ work carefully Conventional systemsSelf-securing storage Save user data— Wipe system— Reinstall OSReboot w/ safe image Restore from tapeCopy forward system state Validate user data Restore user data Restoring users’ work

20 Greg Ganger January 2002http://www.pdl.cmu.edu/20 Summary of self-securing storage Protect stored data and audit storage accesses even if client OS is compromised Can save and observe anything inside device retain all versions of all data collect audit log of all requests watch storage events and trigger alarms Self-securing storage enables: storage-based intrusion detection Informed analysis of security compromises faster, better recovery

21 Greg Ganger January 2002http://www.pdl.cmu.edu/21 Client Apps Local PASIS Agent PASIS Storage Nodes Tradeoff Management Multi-read/write Communication Encode & Decode Client Applications PASIS Storage Nodes System Characteristics User Preferences PASIS Agent Architecture

22 Greg Ganger January 2002http://www.pdl.cmu.edu/22 Trade-off space Scheme Selection Surface

23 Greg Ganger January 2002http://www.pdl.cmu.edu/23  Decentralization + data distribution schemes  provides for availability and security of storage  Tradeoff management balances availability, security, and performance  … and it is good engineering practice!  Data versioning to survive malicious users  enables intrusion diagnosis and recovery PASIS: Summary

24 For more information: http://www.pdl.cmu.edu/ Greg.Ganger@cmu.edu Director, Parallel Data Lab

Download ppt "PASIS: Perpetually Available and Secure Information Systems Greg Ganger, Pradeep Khosla, Chenxi Wang, Mehmet Bakkaloglu,"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Deciding when to forget in the Elephant file system Douglas S. Santry Michael J. Feeley Norman C. Hutchinson Alistair C. Veitch Ross W. Carton Jacob Ofir.

Deciding when to forget in the Elephant file system Douglas S. Santry Michael J. Feeley Norman C. Hutchinson Alistair C. Veitch Ross W. Carton Jacob Ofir.
Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science.

Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security administrators The experts need better tools too!

Security administrators The experts need better tools too!
Week:#14 Windows Recovery

Week:#14 Windows Recovery
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge

NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge
Michael Niehaus OS DeploymentApp Deployment Infrastructure Deployment.

Michael Niehaus OS DeploymentApp Deployment Infrastructure Deployment.
®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.

®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.

Similar presentations

Ads by Google