Presentation is loading. Please wait.

Presentation is loading. Please wait.

DSN 2002 June 24 -- page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal.

Published byRoderick Goodwin Modified over 9 years ago

Similar presentations

Presentation on theme: "DSN 2002 June 24 -- page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal."— Presentation transcript:

1 DSN 2002 June 24 -- page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal (PI) MichaelAtighetchi Chris Jones PaulRubel Franklin Webber Idit Keidar (MIT/Technion) Bill Sanders TodCourtney VishuGupta James Lyons Hari Ramasamy MounaSeri SankalpSingh JeannaGossett MichelCukier Anil Sharma

2 DSN 2002 June 24 -- page 2 BBN, UIUC, Boeing, and UM Outline Technology Description Assumptions Attack and Defense Scenario Results

3 DSN 2002 June 24 -- page 3 BBN, UIUC, Boeing, and UM Application-Level Intrusion Tolerance Ability to operate through attacks adaptive middleware to coordinate defense and manage resources crypto to block most direct attacks on application attacks exploit security weaknesses in the environment

4 DSN 2002 June 24 -- page 4 BBN, UIUC, Boeing, and UM ITUA Approach Security domains –privilege in one domain not easily transferred to another Multiple defense mechanisms –replication across security domains with decentralized management –dynamic firewalls –intrusion detection Defense strategy (policy) to coordinate mechanisms Range of adaptive response –rapid local reaction –global coordinated adaptation

5 DSN 2002 June 24 -- page 5 BBN, UIUC, Boeing, and UM Basic ITUA Architecture manager Security Domain IDSs Fire wall replica manager IDSs Fire wall Fire wall Fire wall Fire wall Fire wall replica Security Domain Security Domain Security Domain Security Domain Security Domain manager group replica group

6 DSN 2002 June 24 -- page 6 BBN, UIUC, Boeing, and UM ITUA Group Communication System Byzantine intrusion-tolerant process-group abstraction –group membership –reliable delivery –total ordering Implemented by modifying crash-tolerant C-Ensemble –removing implicit trust assumptions –authentication by public-key crypto –new microprotocol layers

7 DSN 2002 June 24 -- page 7 BBN, UIUC, Boeing, and UM Assumptions Cryptographic keys and algorithms cannot be broken; Some communication links may be broken, but the network is not systematically flooded; Diversity in OSs and networks prevent concurrent infiltration of every security domain and guarantees, at worst, a maximum infiltration rate; Intrusion detectors have a decent chance of detecting any infiltration of a security domain; The application and ITUA implementation have no exploitable flaws (but any property of the ITUA design may be exploited!).

8 DSN 2002 June 24 -- page 8 BBN, UIUC, Boeing, and UM Scenario: The Attack Attacker gains privileges by exploiting known OS and network vulnerabilities –may have privileges initially if insider –stealth preferred Attacker uses “root” (or comparable) privilege to corrupt running application processes –preferably, malicious behavior to be triggered later –platform-specific modification of process –other corruption would be detected immediately

9 DSN 2002 June 24 -- page 9 BBN, UIUC, Boeing, and UM Scenario: The Defense Defense eventually detects attacker –by intrusion detector –by incorrect process behavior Defense adapts –killing bad application replicas –quarantining apparently bad security domains –starting new replicas in apparently good domains Adaptive response is made unpredictable for the attacker –varying detection thresholds –varying response times –varying new replica placement

10 DSN 2002 June 24 -- page 10 BBN, UIUC, Boeing, and UM Scenario: The Outcome Application has been moved away from the attack –some resources now unavailable Defenses are in higher state of alertness –possibly reduced application performance System administrators have been notified of attack

11 DSN 2002 June 24 -- page 11 BBN, UIUC, Boeing, and UM Results -- Prototypes Prototype of application-level defense prior to ITUA –“Applications that Participate in their Own Defense (APOD)” –tolerates only crash failures –no use of unpredictability Prototype of ITUA design –used to defend existing military software components: “Insertion of Embedded Infosphere Support Technologies (IEIST)” (shown at DARPA PI meeting) –DARPA Tech 2002 (upcoming)

12 DSN 2002 June 24 -- page 12 BBN, UIUC, Boeing, and UM Results -- Experiments An image-server application defended with the APOD prototype was subjected to Red Team attack –Sandia Red Team –whiteboard analysis in late 2001 –hands-on attack in early 2002 Replication management with dynamic firewalls forced the Red Team to use complex and persistent attacks to deny service from the application, with some cost to the attacker in time and exposure. Corrupting any running application component to behave badly could have denied service, but Red Team decided this attack was harder than others.

13 DSN 2002 June 24 -- page 13 BBN, UIUC, Boeing, and UM Summary The ITUA defenses are designed to delay a broad range of attacks, completely surviving the undesirable effects of some of them: –attacks that start with insider privileges –attacks that gain privileges in stages, infiltrating new security domains –attacks that corrupt running components maliciously.

Download ppt "DSN 2002 June 24 -- page 1 BBN, UIUC, Boeing, and UM Intrusion Tolerance by Unpredictable Adaptation (ITUA) Franklin Webber BBN Technologies ParthaPal."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.

Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.

1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.
Applications that Participate in their Own Defense (APOD) A BBN Technologies Project Sponsored by DARPA Under the FTN Program (Dr. Douglas Maughan) Monitored.

Applications that Participate in their Own Defense (APOD) A BBN Technologies Project Sponsored by DARPA Under the FTN Program (Dr. Douglas Maughan) Monitored.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Slide 1 Probabilistic Validation of Intrusion Tolerance Not for public distribution. Intrusion Tolerance by Unpredictable Adaptation (ITUA) Probabilistic.

Slide 1 Probabilistic Validation of Intrusion Tolerance Not for public distribution. Intrusion Tolerance by Unpredictable Adaptation (ITUA) Probabilistic.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park.

Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park.
1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.

1 Principles of Reliable Distributed Systems Lecture 3: Synchronous Uniform Consensus Spring 2006 Dr. Idit Keidar.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
1 Principles of Reliable Distributed Systems Lecture 5: Failure Models, Fault-Tolerant Broadcasts and State-Machine Replication Spring 2005 Dr. Idit Keidar.

1 Principles of Reliable Distributed Systems Lecture 5: Failure Models, Fault-Tolerant Broadcasts and State-Machine Replication Spring 2005 Dr. Idit Keidar.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2008 1 Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.

Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.
1 Idit Keidar MIT Lab for Computer Science Theory of Distributed Systems Group Paradigms for Building Distributed Systems: Performance Measurements and.

1 Idit Keidar MIT Lab for Computer Science Theory of Distributed Systems Group Paradigms for Building Distributed Systems: Performance Measurements and.

Similar presentations

Ads by Google