Lecture 7 Page 1 CS 236, Spring 2008 Proving It CS 236 Advanced Computer Security Peter Reiher May 13, 2008.

Slides:



Advertisements
Similar presentations
TIED: A Cluster of One TIED: Trial Integration Environment DETER built on.
Advertisements

Guide to Network Defense and Countermeasures Second Edition
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University
1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
Internet In A Slice Andy Bavier CS461 Lecture.
The Future of Internet Research Scott Shenker (on behalf of many networking collaborators)
The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Computer Networks IGCSE ICT Section 4.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Lecture 13 Page 1 CS 136, Fall 2010 Network Security: Virtual Private Networks, Wireless Networks, and Honeypots CS 136 Computer Security Peter Reiher.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Lecture 6 Page 1 Advanced Network Security Review of Networking Basics Advanced Network Security Peter Reiher August, 2014.
Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Performance Validation of Mobile IP Wireless Networks Presented by Syed Shahzad Ali Advisor Dr. Ravi Pendse.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Based upon slides from Jay Lepreau, Utah Emulab Introduction Shiv Kalyanaraman
Lecture 12 Page 1 CS 239, Spring 2007 Other Topics in Experiment Design CS 239 Experimental Methodologies for System Software Peter Reiher May 17, 2007.
Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
UNIT 2 LESSON 4 CS PRINCIPLES. OBJECTIVES Students will be able to: Describe the redundancy of routing between two points on the Internet. Send messages.
Lecture 17 Page 1 CS 236, Spring 2008 Advanced Topics in Network Security: IP Spoofing and DDoS CS 236 On-Line MS Program Networks and Systems Security.
Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.
Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.
Lecture 14 Page 1 CS 236 Online Worms Programs that seek to move from system to system –Making use of various vulnerabilities Other performs other malicious.
Role Of Network IDS in Network Perimeter Defense.
Activity 1 5 minutes to discuss and feedback on the following:
Routing Algorithms Lecture Static/ Dynamic, Direct/ Indirect, Shortest Path Routing, Flooding, Distance Vector Routing, Link State Routing, Hierarchical.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
INTERNET SIMULATOR Jelena Mirkovic USC Information Sciences Institute
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Lecture 18 Page 1 CS 236 Online Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Botnets A collection of compromised machines
Advanced Topics in Network Security: IP Spoofing and DDoS CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Wireless Network Security
Virtual Private Networks
Botnets A collection of compromised machines
Comparison to existing state of security experimentation
Advanced Topics in Network Security: IP Spoofing and DDoS CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Outline The spoofing problem Approaches to handle spoofing
Outline The concept of perimeter defense and networks Firewalls.
Presentation transcript:

Lecture 7 Page 1 CS 236, Spring 2008 Proving It CS 236 Advanced Computer Security Peter Reiher May 13, 2008

Lecture 7 Page 2 CS 236, Spring 2008 Groups for This Week No groups this week No Thursday class No reports due

Lecture 7 Page 3 CS 236, Spring 2008 Outline Evaluating security research Tools and approaches Some examples

Lecture 7 Page 4 CS 236, Spring 2008 Evaluating Security Solutions People have proposed many responses to: –Worms –DDoS –IP spoofing –Buffer overflows –Botnets –Many other types of attacks How can we tell which ones work?

Lecture 7 Page 5 CS 236, Spring 2008 Possible Approaches Formal methods –Prove (literally) it works Testing –Test thoroughly Advertising –Claim it’s great very loudly

Lecture 7 Page 6 CS 236, Spring 2008 Formal Methods Great when they’re feasible Challenges: –Often problem too complex for existing techniques –Demonstrating correspondence between method and real system

Lecture 7 Page 7 CS 236, Spring 2008 Testing Approaches Generally of two flavors: –Real system testing –Simulation Each has its strengths and weaknesses May not have much choice which you use –Dictated by problem characteristics Sometimes need some of both

Lecture 7 Page 8 CS 236, Spring 2008 Simulation +Allows high scale testing +More reproducible +Complete control of resources involved −Questions of fidelity −Often requires lots of supporting models –E.g., a model of Internet topology −Might be computationally expensive

Lecture 7 Page 9 CS 236, Spring 2008 Testing +Tests real code/hardware/configurations +Can leverage existing stuff +like the Internet −Reproducibility often challenging −Can interfere with others’ work −In security, often too dangerous −Often scale is limited

Lecture 7 Page 10 CS 236, Spring 2008 Tools You Can Use Testbeds Traces Models

Lecture 7 Page 11 CS 236, Spring 2008 Testbeds Emulab Planetlab Deter Others

Lecture 7 Page 12 CS 236, Spring 2008 Emulab Large testbed located at University of Utah Funded initially by NSF and DARPA Designed to support experiments by researchers worldwide Probably the first really successful Internet- wide testbed

Lecture 7 Page 13 CS 236, Spring 2008 Basic Philosophy of Emulab Provide large pool of machines to entire Internet community Almost all testing will be done remotely Almost all testing must be done without intervention by testbed admins Handle the widest possible kinds of experiments and testing situations

Lecture 7 Page 14 CS 236, Spring 2008 Basic Emulab Approach Emulab indeed provides large numbers of machines –Around 450 total nodes But also provides a rich, powerful testing environment Completely configurable remotely Designed for simultaneous sharing by many users

Lecture 7 Page 15 CS 236, Spring 2008 Core Emulab Characteristics Highly configurable –System software –Application software –Network topology and characteristics Controllable, predictable, repeatable Good guarantees of isolation from other experiments

Lecture 7 Page 16 CS 236, Spring 2008 Planetlab A testbed designed to test Internet services Using nodes deployed widely around the Internet And software to support safe and controlled sharing of the nodes Run primarily by Princeton, Berkeley, and Washington Funding seeded by NSF and DARPA Strong Intel participation –Other industry involvement, as well

Lecture 7 Page 17 CS 236, Spring 2008 Basic Planetlab Concept Deploy testbed nodes at many locations throughout Internet –Standardized hardware and software Allow those who deploy nodes to use the testbed facility Provide virtual machines to each tester using a node Allow long-running experiments –Or even semi-permanent services

Lecture 7 Page 18 CS 236, Spring 2008 Planetlab Nodes Hardware deploying the Planetlab software package Which supports cheap virtual machines Otherwise, provides a typical Linux environment Pretty complete control of virtual machine But node-based mechanisms to ensure fair and safe sharing of hardware

Lecture 7 Page 19 CS 236, Spring 2008 Planetlab Locations Usually two machines per location 854 nodes at 466 sites (as of 5/12/08)

Lecture 7 Page 20 CS 236, Spring 2008 Planetlab Experiments Usually run on many Planetlab nodes By one controlling researcher Collection of resources across all nodes supporting the experiment is called a Planetlab slice –A multimachine environment for the experiment –Also an organization for cooperating researchers to use Services run in slices

Lecture 7 Page 21 CS 236, Spring 2008 Deter Some experiments are risky –In their potential to do unintended harm Worm experiments are a classic example –Worms try to spread as far as possible –How sure are you that your testbed really constrains them? –Even one major Internet worm incident from an escaped experiment would be a disaster

Lecture 7 Page 22 CS 236, Spring 2008 Confining Risky Experiments That’s the point of the Deter testbed Builds on functionality from Emulab But adds extra precautions to keep bad stuff from escaping the testbed Also includes set of tools speficially useful for these kinds of experiments

Lecture 7 Page 23 CS 236, Spring 2008 Why Do We Need More Isolation? DDoS experiments have been run on Emulab –With no known problems Why not just be careful? Question is, how careful? Especially if you’re running real malicious code –Do you really understand it as well as you think?

Lecture 7 Page 24 CS 236, Spring 2008 What Is Deter For? Security testing, especially of risky code –Worms –DDoS attacks –Botnets –Attacks on routing protocols Other important element is network scale –Meant for problems of Internet scale –Or at least really big networks

Lecture 7 Page 25 CS 236, Spring 2008 Status of Deter Working testbed Similar model to Emulab Two clusters of nodes –At ISI and UC Berkeley Connected via high speed link Has over 300 nodes – gets you to a lot of information about the testbedhttp:// Funded by NSF and DHS

Lecture 7 Page 26 CS 236, Spring 2008 Traces Experiments require a workload Traces are a realistic way to get it Many kinds of traces are hard to gather for yourself In some cases, traces are publicly available Sometimes you can use those

Lecture 7 Page 27 CS 236, Spring 2008 Some Useful Traces NLANR packet header traces CAIDA traces and data sets U. of Oregon Routeviews traces File system traces Web traces Crawdad wireless traces

Lecture 7 Page 28 CS 236, Spring 2008 Useful Experimental Models In many cases, we can’t test in real conditions Typically try to mimic real conditions by using models –Workload models –Network topology models –Models of other experimental conditions There are already useful models for many things –Often widely accepted as valid within certain research communities –Might be better using them than trying to create your own

Lecture 7 Page 29 CS 236, Spring 2008 Some Important Model Categories Network topology models Network traffic models

Lecture 7 Page 30 CS 236, Spring 2008 Network Topology Models Many experiments nowadays investigate network/distributed systems behavior They need a realistic network to test the system –Usually embedded in testbed hardware Where do you get that from? In some cases, it’s obvious or you have a map of a suitable network In other cases, more challening

Lecture 7 Page 31 CS 236, Spring 2008 Some Popular Topology Generators GT-ITM –Supports various ways to randomly generate network graphs BRITE –Parameterizable network generation tool –Tool of choice for Emulab INET –Topology generator specifically intended to produce Internet-like graphs

Lecture 7 Page 32 CS 236, Spring 2008 Network Traffic Models Frequently necessary to feed network traffic into an experiment Could use a trace But sometimes better to use a generator The generator needs a model to tell it how to generate traffic What kind of model?

Lecture 7 Page 33 CS 236, Spring 2008 Different Network Traffic Model Approaches Trace analysis –Derive properties from traces of network behavior –E.g., Harpoon and Swing Structural models –Pretend you’re running an application –Generate traffic as it would do –E.g., Netspec

Lecture 7 Page 34 CS 236, Spring 2008 Some Examples How would you verify... –Data tethers? –Infamy? –Onion routing?

Lecture 7 Page 35 CS 236, Spring 2008 Data Tethers File A If the laptop is stolen, file A isn’t there File A

Lecture 7 Page 36 CS 236, Spring 2008 Basic Data Tethers Operations Tie policies to pieces of data –E.g., “file X cannot leave the office” Observe environmental conditions –E.g., “leaving the office” Apply policies to remove files when necessary

Lecture 7 Page 37 CS 236, Spring 2008 So, How Do We Evaluate Data Tethers? ?

Lecture 7 Page 38 CS 236, Spring 2008 Infamy Handles botnets by marking traffic from known bots Lives “somewhere in the network” Gets reliable list of bot addresses Marks all packets from those addresses Destination hosts/border routers can do what they want with marked packets

Lecture 7 Page 39 CS 236, Spring 2008 Infamy in Operation

Lecture 7 Page 40 CS 236, Spring 2008 So, How Do We Evaluate Infamy? ?

Lecture 7 Page 41 CS 236, Spring 2008 Onion Routing Conceal sources and destinations for Internet communications Using crypo-protected multihop packets A group of nodes agree to be onion routers Plan is that many users send many packets through the onion routers

Lecture 7 Page 42 CS 236, Spring 2008 Onion Routing SourceDestination Onion routers

Lecture 7 Page 43 CS 236, Spring 2008 Delivering the Message

Lecture 7 Page 44 CS 236, Spring 2008 So, How Do We Evaluate Onion Routing? ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.