Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University.

Slides:

Advertisements

Similar presentations

M. Colledani, T. Tolio Dipartimento di Meccanica

Advertisements

Presentation for the INCOSE Symposium 2011 Denver, CO USA1 Systems Practices for Sustainability Walter Sobkiw.

Presentation for the INCOSE Symposium 2011 Denver, CO USA1 Validation: Losing its Differentiation Jim Armstrong.

1 Integrity Service Excellence Complex Information Systems 19 Mar 13 Robert J. Bonneau, Ph.D. AFOSR/RTC.

ExESS for USA ANSI SDS format – HCS classification LOLI data May 23th 2011ExESS for USA1.

CS 795 – Spring  “Software Systems are increasingly Situated in dynamic, mission critical settings ◦ Operational profile is dynamic, and depends.

1 A Game Theoretic Approach for Active Defense Peng Liu Lab. for Info. and Sys. Security University of Maryland, Baltimore County Baltimore, MD OASIS,

Slide 1 Probabilistic Validation of Intrusion Tolerance Not for public distribution. Intrusion Tolerance by Unpredictable Adaptation (ITUA) Probabilistic.

Markov Reward Models By H. Momeni Supervisor: Dr. Abdollahi Azgomi.

Using Markov Process in the Analysis of Intrusion Tolerant Systems Quyen L. Nguyen CS 795 – Computer Security Architectures.

Reliable System Design 2011 by: Amir M. Rahmani

Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,

1 Software Testing and Quality Assurance Lecture 36 – Software Quality Assurance.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

A. BobbioBertinoro, March 10-14, Dependability Theory and Methods 5. Markov Models Andrea Bobbio Dipartimento di Informatica Università del Piemonte.

Efficient replica maintenance for distributed storage systems Byung-Gon Chun, Frank Dabek, Andreas Haeberlen, Emil Sit, Hakim Weatherspoon, M. Frans Kaashoek,

Reliability and Dependability in Computer Networks CS 552 Computer Networks Side Credits: A. Tjang, W. Sanders.

Reliability Modeling for Design Diversity: A Review and Some Empirical Studies Teresa Cai Group Meeting April 11, 2006.

Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer.

Elec471 Embedded Computer Systems Chapter 4, Probability and Statistics By Prof. Tim Johnson, PE Wentworth Institute of Technology Boston, MA Theory and.

Network Coding for Distributed Storage Systems IEEE TRANSACTIONS ON INFORMATION THEORY, SEPTEMBER 2010 Alexandros G. Dimakis Brighten Godfrey Yunnan Wu.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Jamming and Anti-Jamming in IEEE based WLANs Ravi Teja C 4/9/2009 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

DIDAR – Database Intrusion Detection with Automated Recovery Asankhaya Sharma Govindarajan S Srivatsan V Prof. DVLN Somayajulu.

Adviser: Frank, Yeong-Sung Lin Present by Wayne Hsiao.

Fast Portscan Detection Using Sequential Hypothesis Testing Authors: Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan Publication: IEEE.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 2.

BsysE595 Lecture Basic modeling approaches for engineering systems – Summary and Review Shulin Chen January 10, 2013.

Software Reliability SEG3202 N. El Kadri.

DELAYED CHAINING: A PRACTICAL P2P SOLUTION FOR VIDEO-ON-DEMAND Speaker : 童耀民 MA1G Authors: Paris, J.-F.Paris, J.-F. ; Amer, A. Computer.

Performance Evaluation of Computer Systems Introduction

1 Performance Evaluation of Computer Systems and Networks Introduction, Outlines, Class Policy Instructor: A. Ghasemi Many thanks to Dr. Behzad Akbari.

K. J. O’Hara AMRS: Behavior Recognition and Opponent Modeling Oct Behavior Recognition and Opponent Modeling in Autonomous Multi-Robot Systems.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Ch. 1.  High-profile failures ◦ Therac 25 ◦ Denver Intl Airport ◦ Also, Patriot Missle.

Building Dependable Distributed Systems Chapter 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

On the Definition of Survivability J. C. Knight and K. J. Sullivan, Department of Computer Science, University of Virginia, December 2000.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.

1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.

Chapter 61 Continuous Time Markov Chains Birth and Death Processes,Transition Probability Function, Kolmogorov Equations, Limiting Probabilities, Uniformization.

Generalized stochastic Petri nets (GSPN)

Secure In-Network Aggregation for Wireless Sensor Networks

Fault Tolerance Benchmarking. 2 Owerview What is Benchmarking? What is Dependability? What is Dependability Benchmarking? What is the relation between.

CS433 Modeling and Simulation Lecture 07 – Part 01 Continuous Markov Chains Dr. Anis Koubâa 14 Dec 2008 Al-Imam.

1 Fault-Tolerant Computing Systems #1 Introduction Pattara Leelaprute Computer Engineering Department Kasetsart University

OPERATING SYSTEMS CS 3530 Summer 2014 Systems and Models Chapter 03.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

West Virginia University Sherif Yacoub, Hany H. Ammar, and Ali Mili A UML Model for Analyzing Software Quality Sherif Yacoub, Hany H. Ammar, and Ali Mili.

1 Modeling, Early Detection, and Mitigation of Internet Worm Attacks Cliff C. Zou Assistant professor School of Computer Science University of Central.

CS433 Modeling and Simulation Lecture 11 Continuous Markov Chains Dr. Anis Koubâa 01 May 2009 Al-Imam Mohammad Ibn Saud University.

©Ian Sommerville 2000Dependability Slide 1 Chapter 16 Dependability.

Csci 418/618 Simulation Models Dr. Ken Nygard, IACC 262B

Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.

Reliability of Wireless sensors with code attestation for intrusion detection Ing-Ray Chen, Yating Wang, Ding-Chau Wang Information Processing Letters.

Dynamics of Competition Between Incumbent and Emerging Network Technologies Youngmi Jin (Penn) Soumya Sen (Penn) Prof. Roch Guerin (Penn) Prof. Kartik.

Biao Wang 1, Ge Chen 1, Luoyi Fu 1, Li Song 1, Xinbing Wang 1, Xue Liu 2 1 Shanghai Jiao Tong University 2 McGill University

Tailoring the ESS Reliability and Availability needs to satisfy the users Enric Bargalló WAO October 27, 2014.

Brian Thompson1,2, James Morris-King1,2, and Hasan Cam1

Talal H. Noor, Quan Z. Sheng, Lina Yao,

Software Metrics and Reliability

Discrete-time Markov chain (DTMC) State space distribution

Outline Introduction Background Distributed DBMS Architecture

Availability Availability - A(t)

Multi-Step Attack Defense Operating Point Estimation via Bayesian Modeling under Parameter Uncertainty Peng Liu, Jun Dai, Xiaoyan Sun, Robert Cole Penn.

System Performance: Queuing

Progression of Test Categories

CS385T Software Engineering Dr.Doaa Sami

Presentation transcript:

Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System Hai Wang and Peng Liu Cyber Security Lab Pennsylvania State University

Penn State Cyber Security Lab, USA2 Introduction Motivation The need for quantifying survivability The limitation of reliability/availability model Goal Developing a survivability evaluation model Proposing quantitative measures to characterize the capability of a resilient system surviving intrusions Understanding the impact of existing system deficiencies and attack behaviors on the survivability

Penn State Cyber Security Lab, USA3 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

Penn State Cyber Security Lab, USA4 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

Penn State Cyber Security Lab, USA5 ITDB: An Motivating Example ITDB motivation After the database is damaged, locate the damaged part and repair it as soon as possible The database can continue being useful in the face of attacks Basic ITDB system architecture

Penn State Cyber Security Lab, USA6 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

Penn State Cyber Security Lab, USA7 Modeling Intrusion Tolerant Database Systems Stochastic versus Deterministic models Less parameters Transition structure Comprehensive Complex relationships

Penn State Cyber Security Lab, USA8 Basic state transition model States Good state: G Infected state: I Containment state: M Recovery state: R Parameters Mean time to attack (MTTA): Mean time to detect (MTTD): Mean time to mark (MTTM): Mean time to repair (MTTR):

Penn State Cyber Security Lab, USA9 Intrusion Detection System Model False alarm A false alarm occurred when the IDS fails before the intrusion Time to intrusion: Detection probability Detection probability: Undetected state MD and manual repair state MR Detection latency Detection time:

Penn State Cyber Security Lab, USA10 Damage Propagation and Repair Model Damage propagation The time between the infection of and the item: Assume is exponentially distributed Damage repair The time to scan: The time to repair:

Penn State Cyber Security Lab, USA11 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

Penn State Cyber Security Lab, USA12 Survivability Evaluation State transition model analysis The transient behavior of the Continuous Time Markov Chain (CTMC) can be described by the Kolmogorov differential equation Cumulative probabilities of the CTMC The steady state probability of the CTMC

Penn State Cyber Security Lab, USA13 Survivability Evaluation (2) Consider the basic state transition model State space Generator matrix Steady state probabilities

Penn State Cyber Security Lab, USA14 Survivability Evaluation Metrics Integrity (I) A fraction of time that all accessible data items in the database are clean Consider the basic state transition model Integrity Consider the comprehensive model Integrity

Penn State Cyber Security Lab, USA15 Survivability Evaluation Metrics(2) Rewarding-availability (RA) Availability is defined as a fraction of time that the system is providing service to its users RA is defined as a fraction of time that the all clean data items are accessible Consider the basic state transition model Rewarding availability Consider the comprehensive model Rewarding availability

Penn State Cyber Security Lab, USA16 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

Penn State Cyber Security Lab, USA17 Empirical Validation Testbed A real testbed ITDB is built Transaction application: the TPC-c benchmark Parameters setting and estimation Parameters setting attack hitting rate, false alarm rate, detection probability, detection rate, manual repair rate and manual detection rate Parameters estimation Maximum-likelihood to produce estimator

Penn State Cyber Security Lab, USA18 Empirical Validation Validation The steady state probability of occupying a particular state computed from the CTMC model The estimated probability from the observed data the ratio of the length of time the system was in that state to the total length of the period of observation

Penn State Cyber Security Lab, USA19 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

Penn State Cyber Security Lab, USA20 Results Using ITDB as an example to study Focusing on the impact of different system deficiencies on the survivability in the present of attack Parameters settings

Penn State Cyber Security Lab, USA21 Impact of Attack Intensity Can ITDB handle different attack intensity?

Penn State Cyber Security Lab, USA22 Impact of False Alarms High false alarm rate Bring extra workload to the recovery subsystem Waste system resources

Penn State Cyber Security Lab, USA23 Impact of Detection Probability Low detection probability Talk longer time to detect the intrusion manually Bring more work for the administrator to mark and repair the damage manually

Penn State Cyber Security Lab, USA24 Transient Behaviors Steady state measures the behavior of the system in a infinite time interval The system may never reach the steady state, or take a very long time Transient Behaviors of a good system

Penn State Cyber Security Lab, USA25 Transient Behaviors (2) Transient Behaviors of a poor system

Penn State Cyber Security Lab, USA26 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Conclusion Related Work

Penn State Cyber Security Lab, USA27 Conclusion Contributions Extended the classic availability model to a new survivability model. Mean Time to Attack (MTTA), Mean Time to Detection (MTTD), Mean Time to Marking (MTTM), and Mean Time to Repair (MTTR) are proposed as basic measures of survivability A real intrusion tolerant database system is established to validate the state transition models we established The impacts of existing system deficiencies and attack behaviors on the survivability are studied

Penn State Cyber Security Lab, USA28 Conclusion (2) Findings The CTMC models we established can be taken to model the real system reasonably well ITDB can provide essential database services in the presence of attacks ITDB can maintain the desired essential survivability properties without being seriously affected by various system deficiencies and different attack intensity Compared with false alarm, the impact of detection probability on survivability is severer

Penn State Cyber Security Lab, USA29 Outline Introduction ITDB: An Motivating Example Modeling Intrusion Tolerant Database Systems Survivability Evaluation Empirical Validation Results Related Work

Penn State Cyber Security Lab, USA30 Related Work Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi (Performance Evaluation 2004) Stochastic modeling techniques are used to capture the attacker behavior as well as the system's response to a security intrusion A security measure called the mean time (or effort) to security failure is proposed good guestimate" values of model parameters were used Singh, S., Cukier, M., Sanders, W.H. (DSN 2003) stochastic activity network is used to quantitatively validate an intrusion-tolerant replication management system Several measures defined on the model were proposed to study the survivability The impacts of system parameters variations are studied

Penn State Cyber Security Lab, USA31 Selected references Liu, P.: Architectures for intrusion tolerant database systems. In: Proceedings of 18th Annual Computer Security Applications Conference (ACSAC 2002). (2002) Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1-4) (2004) Yu, M., Liu, P., Zang, W.: Self-healing workflow systems under attacks. In: Proceedings of 24th International Conference on Distributed Computing Systems (ICDCS 2004). (2004) Wang, H., Liu, P., Li, L.: Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery. In: Proceedings of 7th International Information Security Conference (ISC 2004). (2004) Singh, S., Cukier, M., Sanders, W.H.: Probabilistic validation of an intrusion- tolerant replication system. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2003). (2003)

Penn State Cyber Security Lab, USA32