Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 1/13 Countering Evolving Threats in Distributed Applications: Scientific Principles Saurabh Bagchi The Center for Education and Research in Information.

Published byEthelbert Merritt Modified over 9 years ago

Similar presentations

Presentation on theme: "Slide 1/13 Countering Evolving Threats in Distributed Applications: Scientific Principles Saurabh Bagchi The Center for Education and Research in Information."— Presentation transcript:

1 Slide 1/13 Countering Evolving Threats in Distributed Applications: Scientific Principles Saurabh Bagchi The Center for Education and Research in Information Assurance and Security (CERIAS) School of Electrical and Computer Engineering Purdue University Joint work with: Gaspar Howard, Chris Gutierrez, Jeff Avery, Alan Qi (Purdue); Guy Lebanon (Amazon); Donald Steiner (Northrop Grumman) Work Supported By: Northrop Grumman, NSF

2 Slide 2/13 What is Special about Distributed System Security? Most of our critical infrastructure is built out of careful orchestration of multiple distributed services –Banking, Military mission planning, Power grid, … Distributed infrastructure means –Many machines, possibly under different admin domains –Many users, external and internal –Dynamic environment where software gets upgraded, new users are added, new machines are added Attack surface is large and changing –All of the above dynamic factors cause this –Attack may originate from outside or inside

3 Slide 3/13 Three Big Trends in Threats Against Distributed Systems 1.Attack at the point of least resistance 2.Exploit zero-day vulnerabilities in any constituent service 3.Set up a covert channel for leaking sensitive information –Find a vulnerable outward-facing service, OR –Initiate an insider attack –Thriving black market in zero-day vulnerabilities –Tweak existing attack vectors to bypass rigid defense systems –Relevant for systems with highly sensitive but low volume data –Timing channels, storage channels

4 Slide 4/13 Current Approaches against These Three Threat Vectors 1.Attack at the point of least resistance 2.Exploit zero-day vulnerabilities in any constituent service 3.Set up a covert channel for leaking sensitive information –Create an ever more rigid perimeter –Improve the IDS alerting mechanisms, built alert correlation –Hope white hats (vendors, open source devs) find these before the black hats –Some impactful work in detecting metamorphic malware –Only ad-hoc techniques leading to an arms race –Timing channels: perturb timing of actions indiscriminately –Storage channels: “null out” values of all unused storage elements

5 Slide 5/13 Desired Characteristics of Solutions Clean slate design approach –Build individual services following secure design principles –Includes randomization, use of type safe programming languages, static vulnerability checking, dynamic taint analysis Bolt security on –Embed secure layer on constituent services, not relying only on an impenetrable perimeter –Use the power of big data – lots of users, lots of machines, lots of workloads –Learn from mistakes, i.e., the attacks that succeed – allow expert security admins to provide input to automated system OR

6 Slide 6/13 A Glimpse into Our Solution Approaches

7 Slide 7/13 Distributed Inferencing from Individual Sensor Information D1 D2 D3 D4 D5 D6

8 Slide 8/13 Automatic Generation and Update of IDS Signatures: SQLi First for SQL injection attacks 8 1.Crawls multiple public cybersecurity portals to collect attack samples 2.Extracts a rich set of features from the attack samples 3.Applies a clustering technique to the samples, giving the distinctive features for each cluster 4.A generalized signature is created for each cluster, using logistic regression modeling

9 Slide 9/13 Automatic General and Update of Signatures: Phishing Next for phishing attacks Phishing specific features are created –Word features determined using word frequency counting –Based on common phishing features, e.g., # links, # image tags –Sentiment analysis for determining words conveying sense of change and urgency that attackers attempt to portray to the user Parsing phishing emails (corpus from Purdue’s IT organization) input as mbox files

10 Slide 10/13 Phishing: Preliminary Results This cluster includes features such as: "below,need, dear, update, customer, account, bank" Each cluster forms a general story about the emails contained within it from which the basis of the attack can be deduced –For example, for cluster 4, the attack is trying to get the user to update information for their banking account. It is much easier training the user based on the attack signature for clusters, than the mass of individual emails

11 Slide 11/13 Covert Timing Channels Designed a covert network timing channel imitating long range dependent (LRD) legitimate traffic –Can be hidden in the Web traffic, the most observed traffic on Internet today –Statistically indistinguishable from real traffic –Evades the best available detection methods. Data Rate: 2 – 6 bits/second Decoding Error: 3% – 6 % Solution approach –Look for autocorrelation function values –Look for Hurst value that characterizes LRD traffic

12 Slide 12/13 Take Aways Distributed applications need to be protected Three emerging trends 1.Attack at the point of least resistance 2.Exploit zero-day vulnerabilities in any constituent service 3.Set up a covert channel for leaking sensitive information Lessons in solving these trends –If clean slate design is possible for some services, use a comprehensive set of secure design principles: randomization, use of type safe programming languages, static vulnerability checking, dynamic taint analysis –If security needs to be bolted on, look at internal security, not just perimeter security –Big data advances can enable learning from large volumes of existing data to extrapolate to new attack types

13 Slide 13/13 Presentation available at: Dependable Computing Systems Lab (DCSL) web site engineering.purdue.edu/dcsl

Download ppt "Slide 1/13 Countering Evolving Threats in Distributed Applications: Scientific Principles Saurabh Bagchi The Center for Education and Research in Information."

Similar presentations

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Copyright 2012 Trend Micro Inc. Raimund Genes, CTO Innovation In Cloud Security.

Copyright 2012 Trend Micro Inc. Raimund Genes, CTO Innovation In Cloud Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Similar presentations

Ads by Google