Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University.

Published byAmari Jakeway Modified over 10 years ago

Similar presentations

Presentation on theme: "Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University."— Presentation transcript:

1 Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University

2 Penn State Cyber Security Lab, USA2 Introduction Motivation The need for quantifying survivability The limitation of reliability/availability model Goal Developing a survivability evaluation model Proposing quantitative measures to characterize the capability of a resilient system surviving intrusions Understanding the impact of existing system deficiencies and attack behaviors on the survivability

3 Penn State Cyber Security Lab, USA3 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

4 Penn State Cyber Security Lab, USA4 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

5 Penn State Cyber Security Lab, USA5 ITDB: An Motivating Example ITDB motivation After the database is damaged, locate the damaged part and repair it as soon as possible The database can continue being useful in the face of attacks Basic ITDB system architecture

6 Penn State Cyber Security Lab, USA6 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

7 Penn State Cyber Security Lab, USA7 Modeling Intrusion Tolerant Database Systems Stochastic versus Deterministic models Less parameters Transition structure Comprehensive Complex relationships

8 Penn State Cyber Security Lab, USA8 Basic state transition model States Good state: G Infected state: I Containment state: M Recovery state: R Parameters Mean time to attack (MTTA): Mean time to detect (MTTD): Mean time to mark (MTTM): Mean time to repair (MTTR):

9 Penn State Cyber Security Lab, USA9 Intrusion Detection System Model False alarm A false alarm occurred when the IDS fails before the intrusion Time to intrusion: Detection probability Detection probability: Undetected state MD and manual repair state MR Detection latency Detection time:

10 Penn State Cyber Security Lab, USA10 Damage Propagation and Repair Model Damage propagation The time between the infection of and the item: Assume is exponentially distributed Damage repair The time to scan: The time to repair:

11 Penn State Cyber Security Lab, USA11 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

12 Penn State Cyber Security Lab, USA12 Survivability Evaluation State transition model analysis The transient behavior of the Continuous Time Markov Chain (CTMC) can be described by the Kolmogorov differential equation Cumulative probabilities of the CTMC The steady state probability of the CTMC

13 Penn State Cyber Security Lab, USA13 Survivability Evaluation (2) Consider the basic state transition model State space Generator matrix Steady state probabilities

14 Penn State Cyber Security Lab, USA14 Survivability Evaluation Metrics Integrity (I) A fraction of time that all accessible data items in the database are clean Consider the basic state transition model Integrity Consider the comprehensive model Integrity

15 Penn State Cyber Security Lab, USA15 Survivability Evaluation Metrics(2) Rewarding-availability (RA) Availability is defined as a fraction of time that the system is providing service to its users RA is defined as a fraction of time that the all clean data items are accessible Consider the basic state transition model Rewarding availability Consider the comprehensive model Rewarding availability

16 Penn State Cyber Security Lab, USA16 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

17 Penn State Cyber Security Lab, USA17 Empirical Validation Testbed A real testbed ITDB is built Transaction application: the TPC-c benchmark Parameters setting and estimation Parameters setting attack hitting rate, false alarm rate, detection probability, detection rate, manual repair rate and manual detection rate Parameters estimation Maximum-likelihood to produce estimator

18 Penn State Cyber Security Lab, USA18 Empirical Validation Validation The steady state probability of occupying a particular state computed from the CTMC model The estimated probability from the observed data the ratio of the length of time the system was in that state to the total length of the period of observation

19 Penn State Cyber Security Lab, USA19 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

20 Penn State Cyber Security Lab, USA20 Results Using ITDB as an example to study Focusing on the impact of different system deficiencies on the survivability in the present of attack Parameters settings

21 Penn State Cyber Security Lab, USA21 Impact of Attack Intensity Can ITDB handle different attack intensity?

22 Penn State Cyber Security Lab, USA22 Impact of False Alarms High false alarm rate Bring extra workload to the recovery subsystem Waste system resources

23 Penn State Cyber Security Lab, USA23 Impact of Detection Probability Low detection probability Talk longer time to detect the intrusion manually Bring more work for the administrator to mark and repair the damage manually

24 Penn State Cyber Security Lab, USA24 Transient Behaviors Steady state measures the behavior of the system in a infinite time interval The system may never reach the steady state, or take a very long time Transient Behaviors of a good system

25 Penn State Cyber Security Lab, USA25 Transient Behaviors (2) Transient Behaviors of a poor system

26 Penn State Cyber Security Lab, USA26 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

27 Penn State Cyber Security Lab, USA27 Conclusion Contributions Extended the classic availability model to a new survivability model. Mean Time to Attack (MTTA), Mean Time to Detection (MTTD), Mean Time to Marking (MTTM), and Mean Time to Repair (MTTR) are proposed as basic measures of survivability A real intrusion tolerant database system is established to validate the state transition models we established The impacts of existing system deficiencies and attack behaviors on the survivability are studied

28 Penn State Cyber Security Lab, USA28 Conclusion (2) Findings The CTMC models we established can be taken to model the real system reasonably well ITDB can provide essential database services in the presence of attacks ITDB can maintain the desired essential survivability properties without being seriously affected by various system deficiencies and different attack intensity Compared with false alarm, the impact of detection probability on survivability is severer

29 Penn State Cyber Security Lab, USA29 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Related Work

30 Penn State Cyber Security Lab, USA30 Related Work Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi (Performance Evaluation 2004) Stochastic modeling techniques are used to capture the attacker behavior as well as the system's response to a security intrusion A security measure called the mean time (or effort) to security failure is proposed good guestimate" values of model parameters were used Singh, S., Cukier, M., Sanders, W.H. (DSN 2003) stochastic activity network is used to quantitatively validate an intrusion-tolerant replication management system Several measures defined on the model were proposed to study the survivability The impacts of system parameters variations are studied

31 Penn State Cyber Security Lab, USA31 Selected references Liu, P.: Architectures for intrusion tolerant database systems. In: Proceedings of 18th Annual Computer Security Applications Conference (ACSAC 2002). (2002) 311-320 Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1-4) (2004) 167-186 Yu, M., Liu, P., Zang, W.: Self-healing workflow systems under attacks. In: Proceedings of 24th International Conference on Distributed Computing Systems (ICDCS 2004). (2004) 418-425 Wang, H., Liu, P., Li, L.: Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery. In: Proceedings of 7th International Information Security Conference (ISC 2004). (2004) 146- 157 Singh, S., Cukier, M., Sanders, W.H.: Probabilistic validation of an intrusion- tolerant replication system. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2003). (2003) 615-624

32 Penn State Cyber Security Lab, USA32

Download ppt "Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University."

Similar presentations

M. Colledani, T. Tolio Dipartimento di Meccanica

M. Colledani, T. Tolio Dipartimento di Meccanica
Presentation for the INCOSE Symposium 2011 Denver, CO USA1 Systems Practices for Sustainability Walter Sobkiw.

Presentation for the INCOSE Symposium 2011 Denver, CO USA1 Systems Practices for Sustainability Walter Sobkiw.
Presentation for the INCOSE Symposium 2011 Denver, CO USA1 Validation: Losing its Differentiation Jim Armstrong.

Presentation for the INCOSE Symposium 2011 Denver, CO USA1 Validation: Losing its Differentiation Jim Armstrong.
1 Integrity Service Excellence Complex Information Systems 19 Mar 13 Robert J. Bonneau, Ph.D. AFOSR/RTC.

1 Integrity Service Excellence Complex Information Systems 19 Mar 13 Robert J. Bonneau, Ph.D. AFOSR/RTC.
ExESS for USA ANSI SDS format – HCS classification LOLI data May 23th 2011ExESS for USA1.

ExESS for USA ANSI SDS format – HCS classification LOLI data May 23th 2011ExESS for USA1.
CS 795 – Spring 2010.  “Software Systems are increasingly Situated in dynamic, mission critical settings ◦ Operational profile is dynamic, and depends.

CS 795 – Spring  “Software Systems are increasingly Situated in dynamic, mission critical settings ◦ Operational profile is dynamic, and depends.
1 A Game Theoretic Approach for Active Defense Peng Liu Lab. for Info. and Sys. Security University of Maryland, Baltimore County Baltimore, MD 21250 OASIS,

1 A Game Theoretic Approach for Active Defense Peng Liu Lab. for Info. and Sys. Security University of Maryland, Baltimore County Baltimore, MD OASIS,
Slide 1 Probabilistic Validation of Intrusion Tolerance Not for public distribution. Intrusion Tolerance by Unpredictable Adaptation (ITUA) Probabilistic.

Slide 1 Probabilistic Validation of Intrusion Tolerance Not for public distribution. Intrusion Tolerance by Unpredictable Adaptation (ITUA) Probabilistic.
Markov Reward Models By H. Momeni Supervisor: Dr. Abdollahi Azgomi.

Markov Reward Models By H. Momeni Supervisor: Dr. Abdollahi Azgomi.
Using Markov Process in the Analysis of Intrusion Tolerant Systems Quyen L. Nguyen CS 795 – Computer Security Architectures.

Using Markov Process in the Analysis of Intrusion Tolerant Systems Quyen L. Nguyen CS 795 – Computer Security Architectures.
Reliable System Design 2011 by: Amir M. Rahmani

Reliable System Design 2011 by: Amir M. Rahmani
Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,

Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,
1 Software Testing and Quality Assurance Lecture 36 – Software Quality Assurance.

1 Software Testing and Quality Assurance Lecture 36 – Software Quality Assurance.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
A. BobbioBertinoro, March 10-14, 20031 Dependability Theory and Methods 5. Markov Models Andrea Bobbio Dipartimento di Informatica Università del Piemonte.

A. BobbioBertinoro, March 10-14, Dependability Theory and Methods 5. Markov Models Andrea Bobbio Dipartimento di Informatica Università del Piemonte.
Efficient replica maintenance for distributed storage systems Byung-Gon Chun, Frank Dabek, Andreas Haeberlen, Emil Sit, Hakim Weatherspoon, M. Frans Kaashoek,

Efficient replica maintenance for distributed storage systems Byung-Gon Chun, Frank Dabek, Andreas Haeberlen, Emil Sit, Hakim Weatherspoon, M. Frans Kaashoek,
Reliability and Dependability in Computer Networks CS 552 Computer Networks Side Credits: A. Tjang, W. Sanders.

Reliability and Dependability in Computer Networks CS 552 Computer Networks Side Credits: A. Tjang, W. Sanders.
Reliability Modeling for Design Diversity: A Review and Some Empirical Studies Teresa Cai Group Meeting April 11, 2006.

Reliability Modeling for Design Diversity: A Review and Some Empirical Studies Teresa Cai Group Meeting April 11, 2006.
Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer.

Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer.
Elec471 Embedded Computer Systems Chapter 4, Probability and Statistics By Prof. Tim Johnson, PE Wentworth Institute of Technology Boston, MA Theory and.

Elec471 Embedded Computer Systems Chapter 4, Probability and Statistics By Prof. Tim Johnson, PE Wentworth Institute of Technology Boston, MA Theory and.

Similar presentations

Ads by Google