Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University.

Similar presentations


Presentation on theme: "Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University."— Presentation transcript:

1 Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University

2 Penn State Cyber Security Lab, USA2 Introduction Motivation The need for quantifying survivability The limitation of reliability/availability model Goal Developing a survivability evaluation model Proposing quantitative measures to characterize the capability of a resilient system surviving intrusions Understanding the impact of existing system deficiencies and attack behaviors on the survivability

3 Penn State Cyber Security Lab, USA3 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

4 Penn State Cyber Security Lab, USA4 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

5 Penn State Cyber Security Lab, USA5 ITDB: An Motivating Example ITDB motivation After the database is damaged, locate the damaged part and repair it as soon as possible The database can continue being useful in the face of attacks Basic ITDB system architecture

6 Penn State Cyber Security Lab, USA6 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

7 Penn State Cyber Security Lab, USA7 Modeling Intrusion Tolerant Database Systems Stochastic versus Deterministic models Less parameters Transition structure Comprehensive Complex relationships

8 Penn State Cyber Security Lab, USA8 Basic state transition model States Good state: G Infected state: I Containment state: M Recovery state: R Parameters Mean time to attack (MTTA): Mean time to detect (MTTD): Mean time to mark (MTTM): Mean time to repair (MTTR):

9 Penn State Cyber Security Lab, USA9 Intrusion Detection System Model False alarm A false alarm occurred when the IDS fails before the intrusion Time to intrusion: Detection probability Detection probability: Undetected state MD and manual repair state MR Detection latency Detection time:

10 Penn State Cyber Security Lab, USA10 Damage Propagation and Repair Model Damage propagation The time between the infection of and the item: Assume is exponentially distributed Damage repair The time to scan: The time to repair:

11 Penn State Cyber Security Lab, USA11 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

12 Penn State Cyber Security Lab, USA12 Survivability Evaluation State transition model analysis The transient behavior of the Continuous Time Markov Chain (CTMC) can be described by the Kolmogorov differential equation Cumulative probabilities of the CTMC The steady state probability of the CTMC

13 Penn State Cyber Security Lab, USA13 Survivability Evaluation (2) Consider the basic state transition model State space Generator matrix Steady state probabilities

14 Penn State Cyber Security Lab, USA14 Survivability Evaluation Metrics Integrity (I) A fraction of time that all accessible data items in the database are clean Consider the basic state transition model Integrity Consider the comprehensive model Integrity

15 Penn State Cyber Security Lab, USA15 Survivability Evaluation Metrics(2) Rewarding-availability (RA) Availability is defined as a fraction of time that the system is providing service to its users RA is defined as a fraction of time that the all clean data items are accessible Consider the basic state transition model Rewarding availability Consider the comprehensive model Rewarding availability

16 Penn State Cyber Security Lab, USA16 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

17 Penn State Cyber Security Lab, USA17 Empirical Validation Testbed A real testbed ITDB is built Transaction application: the TPC-c benchmark Parameters setting and estimation Parameters setting attack hitting rate, false alarm rate, detection probability, detection rate, manual repair rate and manual detection rate Parameters estimation Maximum-likelihood to produce estimator

18 Penn State Cyber Security Lab, USA18 Empirical Validation Validation The steady state probability of occupying a particular state computed from the CTMC model The estimated probability from the observed data the ratio of the length of time the system was in that state to the total length of the period of observation

19 Penn State Cyber Security Lab, USA19 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

20 Penn State Cyber Security Lab, USA20 Results Using ITDB as an example to study Focusing on the impact of different system deficiencies on the survivability in the present of attack Parameters settings

21 Penn State Cyber Security Lab, USA21 Impact of Attack Intensity Can ITDB handle different attack intensity?

22 Penn State Cyber Security Lab, USA22 Impact of False Alarms High false alarm rate Bring extra workload to the recovery subsystem Waste system resources

23 Penn State Cyber Security Lab, USA23 Impact of Detection Probability Low detection probability Talk longer time to detect the intrusion manually Bring more work for the administrator to mark and repair the damage manually

24 Penn State Cyber Security Lab, USA24 Transient Behaviors Steady state measures the behavior of the system in a infinite time interval The system may never reach the steady state, or take a very long time Transient Behaviors of a good system

25 Penn State Cyber Security Lab, USA25 Transient Behaviors (2) Transient Behaviors of a poor system

26 Penn State Cyber Security Lab, USA26 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

27 Penn State Cyber Security Lab, USA27 Conclusion Contributions Extended the classic availability model to a new survivability model. Mean Time to Attack (MTTA), Mean Time to Detection (MTTD), Mean Time to Marking (MTTM), and Mean Time to Repair (MTTR) are proposed as basic measures of survivability A real intrusion tolerant database system is established to validate the state transition models we established The impacts of existing system deficiencies and attack behaviors on the survivability are studied

28 Penn State Cyber Security Lab, USA28 Conclusion (2) Findings The CTMC models we established can be taken to model the real system reasonably well ITDB can provide essential database services in the presence of attacks ITDB can maintain the desired essential survivability properties without being seriously affected by various system deficiencies and different attack intensity Compared with false alarm, the impact of detection probability on survivability is severer

29 Penn State Cyber Security Lab, USA29 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Related Work

30 Penn State Cyber Security Lab, USA30 Related Work Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi (Performance Evaluation 2004) Stochastic modeling techniques are used to capture the attacker behavior as well as the system's response to a security intrusion A security measure called the mean time (or effort) to security failure is proposed good guestimate" values of model parameters were used Singh, S., Cukier, M., Sanders, W.H. (DSN 2003) stochastic activity network is used to quantitatively validate an intrusion-tolerant replication management system Several measures defined on the model were proposed to study the survivability The impacts of system parameters variations are studied

31 Penn State Cyber Security Lab, USA31 Selected references Liu, P.: Architectures for intrusion tolerant database systems. In: Proceedings of 18th Annual Computer Security Applications Conference (ACSAC 2002). (2002) Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1-4) (2004) Yu, M., Liu, P., Zang, W.: Self-healing workflow systems under attacks. In: Proceedings of 24th International Conference on Distributed Computing Systems (ICDCS 2004). (2004) Wang, H., Liu, P., Li, L.: Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery. In: Proceedings of 7th International Information Security Conference (ISC 2004). (2004) Singh, S., Cukier, M., Sanders, W.H.: Probabilistic validation of an intrusion- tolerant replication system. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2003). (2003)

32 Penn State Cyber Security Lab, USA32


Download ppt "Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University."

Similar presentations


Ads by Google