Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

Slides:

Advertisements

Similar presentations

The Access Grid Ivan R. Judson 5/25/2004.

Advertisements

Remus: High Availability via Asynchronous Virtual Machine Replication

Moving Target Defense in Cyber Security

5-Network Defenses Dr. John P. Abraham Professor UTPA.

The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage, and.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Virtualization in Data Centers Prashant Shenoy

Computer Security and Penetration Testing

Lesson 1: Configuring Network Load Balancing

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Minimal Instrumentation for Software Feature Location Sharon Simmons Dennis Edwards Norman Wilde Eric Daniels.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 1.

Virtualization A way To Begin with Virtual Reality… - Rahul Khanwani.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

E Virtual Machines Lecture 4 Device Virtualization

Lesson 3 Introduction to Networking Concepts Lesson 3.

Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.

Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.

SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2010 Seminar #1 VIRTUALIZATION EVERYWHERE.

Roya Ensafi, Jong Chun Park, Deepak Kapur, and Jedidiah R. Crandall University of New Mexico, Dept. of Computer Science USENIX 2010.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Distributed Systems: Concepts and Design Chapter 1 Pages

VirtualBox What you need to know to build a Virtual Machine.

The Open Source Virtual Lab: a Case Study Authors: E. Damiani, F. Frati, D. Rebeccani, M. Anisetti, V. Bellandi and U. Raimondi University of Milan Department.

--Harish Reddy Vemula Distributed Denial of Service.

Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.

Distributed Data Mining System in Java Group Member D 王春笙 D 林俊甫 D 王慧芬.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Unit 5 CONTROL CENTERS AND POWER SYSTEM SECURITY.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca.

An Adaptive Intrusion-Tolerant Architecture Alfonso Valdes, Tomas Uribe, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Josh Levy, Hassen.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

OPERATING SYSTEM SUPPORT DISTRIBUTED SYSTEMS CHAPTER 6 Lawrence Heyman July 8, 2002.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

Network Address Translation External/ Internal/. OVERLOADING In Overloading, each computer on the private network is translated to the same IP address;

Virtual Infrastructure By: Andy Chau Farzana Mohsini Anya Mojiri Virginia Nguyen Bobby Phimmasane.

Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

Introduction Why are virtual machines interesting?

Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.

1 Device Controller I/O units typically consist of A mechanical component: the device itself An electronic component: the device controller or adapter.

Mobile Analyzer A Distributed Computing Platform Juho Karppinen Helsinki Institute of Physics Technology Program May 23th, 2002 Mobile.

Computer Security Innovation IMHO Presented for your consideration by: Fred Seigneur.

Presented by Deepak Varghese Reg No: Introduction Application S/W for server load balancing Many client requests make server congestion Distribute.

Kevin Watson and Ammar Ammar IT Asset Visibility.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Mobile Analyzer Concept M O B I L E A N A L Y Z E R A concept for distributed physics analysis application Mika K äki John White

Computer System Structures

Chapter 6: Securing the Cloud

2. OPERATING SYSTEM 2.1 Operating System Function

CONNECTING TO THE INTERNET

Hiding Network Computers Gateways

Group 8 Virtualization of the Cloud

Chapter 2. Malware Analysis in VMs

Digital Pacman: Firewall Edition

IS4680 Security Auditing for Compliance

Windows Virtual PC / Hyper-V

Operating Systems Structure

Web Servers (IIS and Apache)

Overview Motivation Objectives Case study Technical approach

Presentation transcript:

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam

Original Work  Multi-Level Security Model Architecture  Secure national power distribution grid  Designed for “System after next”, “Beyond SCADA”  Supported by  Department of Energy  FSU – Center for Advanced Power Systems Research July 9, 20092NCA09 - BIOCOMS

Background  Combine ideas into new architecture  Software mutation – agent diversity  Computation replication – fault tolerance  Software voting – fault detection  Focus on strengthening security triad  Prevention : anticipate and thwart attacks  Detection : recognize penetrations  Correction : recover while limiting consequences  Evolve security to prevent / deter recurrence July 9, 20093NCA09 - BIOCOMS

Security Model Fall 2009 ShowcaseUWF - Simmons4 SCADA Sensors & Actuators Communication Agent Distribution/ Voting Agent Replicated Computational Agent Replicated Computational Agent Replicated Computational Agent Monitor/ Resurrection Agent Mutation Agent Source network serial Hardware Protected Normal I/O Control Signals Computational Agent

Previous Results  Computational agents  Mutated and replicated  Different random mutation for each  Prevents multiple Byzantine failures  Faults result in crash failures  Distribution/Voting agent  Replicate input to computation agents  Combines output into majority decision  Identifies faulty/failed computational agents Fall 2009 ShowcaseUWF - Simmons5

Previous Results  Communication agent  Implements encryption, validation  Only entrance into system  Monitor/resurrection agent  Monitors health of other agents  Rebuilds faulty/failed agents  Implemented in hardware Fall 2009 ShowcaseUWF - Simmons6

Model Limitations  Specialized prevention  Buffer overflow attacks  Software failures  Designed for agent-based systems  Dynamic port binding not supported  Server processes not supported  Operating system remains vulnerable  Required hardware protection  M/R agent is single-point-of-failure Fall 2009 ShowcaseUWF - Simmons7

Proposed System  Multi-layered security model  Build from previous success  Provides for replication and voting  Replicated processes  Computationally equivalent  Executed on different virtual platforms  Platform targeted attack ineffective  Implementation targeted attack ineffective  Platform weaknesses mitigated  Failures isolated and identified  Failed system recovered Fall 2009 ShowcaseUWF - Simmons8

Proposed System  Guest OS  Assigned private IP address  Monitors health of server processes  Server processes  Perform duties as if in isolation  Results used as votes  Host OS  Assigned public IP address  Uses NAT to map public  private Ips  Monitors health of guest OSes  Limites consequences of attack to Guest OS Fall 2009 ShowcaseUWF - Simmons9

Proposed Model Fall 2009 ShowcaseUWF - Simmons10 Communication Interface network Server Guest OS 1 Virtual Machine Host OS NAT Server Guest OS 3 Server Guest OS 2

Prototype  Host OS  Macintosh OS X  Virtual Machine  Sun’s Virtual Box  Guest OSes  Windows XP  Linux Fedora 10  Solaris  Server  Apache web server (httpd)  Each server on port 80 of private IP Fall 2009 ShowcaseUWF - Simmons11

Prototype  External communication  Via communication interface  Port 80 on well-known IP  Specialized NAT replicated input (NAT now client)  Responses from Apache  Sent to NAT (client)  NAT tallies votes and returns decision to real client  Prototype status  In experimentation/design phase  Communication with dual servers  Voting not yet implemented Fall 2009 ShowcaseUWF - Simmons12

Demonstration Prototype Fall 2009 ShowcaseUWF - Simmons13 Communication Interface (Distribution & Voting) network Apache Windows XP VirtualBox OS X NAT Apache Solaris Apache Linux F10

Summary Previous success with power distribution grid Known limitations of system Proposed system will – Take advantage of multiple execution cores – Use virtualization for system replication – Provide distinct execution bases for each replicate – Use voting to identify faulty components – Recover from faults with no externally visible effects – Contain consequences to virtual host Fall 2009 ShowcaseUWF - Simmons14

Contact Information Dennis Edwards Sharon Simmons Fall 2009 ShowcaseUWF - Simmons15