PhD Proposal - Draft Ajoy Kumar Advisor: Dr. EF

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Security+ Guide to Network Security Fundamentals
Network and Security Patterns
Unifying the Conceptual levels of Network Security through use of Patterns. PhD Proposal Ajoy Kumar Secure Systems Research Group – Florida Atlantic University.
Chapter 12 Network Security.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
NETWORK SECURITY.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Introduction to Network Defense
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Storage Security and Management: Security Framework
BUSINESS B1 Information Security.
Chapter 13 – Network Security
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Patterns for Application Firewalls Eduardo B. Fernandez Nelly A. Delessy Gassant.
CSC8320. Outline Content from the book Recent Work Future Work.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Karlstad University IP security Ge Zhang
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
Secure Systems Research Group - FAU A Trust Model for Web Services Ph.D Dissertation Progress Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.
Module 11: Designing Security for Network Perimeters.
A Pattern Language for Firewalls Eduardo B. Fernandez, Maria M. Petrie, Naeem Seliya, Nelly Delessy, and Angela Herzberg.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
CPT 123 Internet Skills Class Notes Internet Security Session B.
1 NES554: Computer Networks Defense Course Overview.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
IS3220 Information Technology Infrastructure Security
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
VPN Alex Carr. Overview  Introduction  3 Main Purposes of a VPN  Equipment  Remote-Access VPN  Site-to-Site VPN  Extranet Based  Intranet Based.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.
CompTIA Security+ Study Guide (SY0-401)
Secure Software Confidentiality Integrity Data Security Authentication
Securing the Network Perimeter with ISA 2004
CompTIA Security+ Study Guide (SY0-401)
Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.
draft-ipdvb-sec-01.txt ULE Security Requirements
How to Mitigate the Consequences What are the Countermeasures?
Introduction to Network Security
Presentation transcript:

PhD Proposal - Draft Ajoy Kumar Advisor: Dr. EF Unifying the conceptual levels of network security through use of patterns. PhD Proposal - Draft Ajoy Kumar Advisor: Dr. EF Secure Systems Research Group – Florida Atlantic University

Introduction We analyze security mechanisms at the conceptual network layers and propose a unification of these levels using security patterns. We also develop several new patterns and study the existing patterns for this purpose. Secure Systems Research Group – Florida Atlantic University

Problem Statement Three basic conceptual layers in the network are the network layer, the transport layer and the user application layer. Each of these layers is subjected to security threats and we need to consider security defenses at each of these layers. Security threats help form security policies which in turn lead to the development of protocol mechanisms and these mechanisms lead to security patterns at each of these layers. Secure Systems Research Group – Florida Atlantic University

Contd… Some of the specific mechanisms used for security are Firewalls, IDS and VPN (Virtual Private Network). In this thesis we attempt to look at the involved security components such as Firewalls, IDS and VPN at these three primary layers and study the synergistic combination of these components. Then we look at the different security protocols controlling these layers such as IPSec (network or IP layer), TLS (the transport layer) and SOAP ( user application layer) which contribute to the defense at these layers. When Security is designed for these layers including these components and protocols, a systematic approach is required by the developers to enhance security. Secure Systems Research Group – Florida Atlantic University

Contd… In this work we try to identify already existing security patterns for these components and protocols and then fill in the gaps for the missing security patterns. We will also try to compare and contrast the patterns developed at each of these layers and try to unify these levels using patterns. Once the patterns are developed, they will serve as a catalog to help designers build and maintain secure networks. Secure Systems Research Group – Florida Atlantic University

Software Patterns and Security The primary objectives of security are to provide confidentiality, integrity, availability, and accountability to the information. Information or messages passed are usually vulnerable to attacks and are targeted by many people for political or personal reasons. Security countermeasures are usually classified into five groups: identification and authentication, access control and authorization, logging, cryptography, and intrusion detection. Secure Systems Research Group – Florida Atlantic University

Contd… A way to counter the threats to security faced by these network layers is use of patterns. Patterns are solutions to recurrent problems in given contexts. Security patterns have been looked at extensively in the current world of threats and have been studied in detail. A good number of security patterns have been described in the literature [Fer06a, Sch06, Ste05]. In the ideal case the developer would be able to find one or more security patterns to provide guidance for specific security problems. Patterns in general capture knowledge and wisdom of developers in a highly accessible form for ordinary practitioners to apply.

Security Mechanisms Three of the most common security mechanisms used are firewalls, VPN and IDS. Firewalls have been shown to be very effective in providing security by basically creating a choke point of entry (and exit) into a local network [Bar99]. A firewall therefore restricts unauthorized clients from access to the local network and local networks from accessing external sites that are considered untrustworthy. A firewall can be used as a mechanism to enforce security policies and also allows a limited exposure of the protected network to outsiders.

Sec Mech. (Contd…) VPN uses a technique called tunneling, in which data is transmitted across a public network in a private tunnel that simulates a end to end connection. A system intrusion is any attempt to attack a system and compromise its integrity, confidentiality, or availability of a resource. Intrusion Detection Systems (IDS) are implemented to detect an intrusion when it occurs and on detection should trigger appropriate recovery measures [Fer05].

Overview of layers and security mechanisms at network layers Firewall IDS VPN User Application Transport IP

Network Architecture Security Mechanisms   Firewall IDS VPN Protocol User application XML Fw XML IDS XML VPN SAML TCP Proxy Fw TCP IDS TLS/SSL VPN TLS IP Packet filter Packet IDS IPSec VPN IPSec AU T H E N I CA ON SECRECY AUTHOR ZAT ION IDENT F C A O FireWall IDS VPN Protocol Application XML FW XML IDS XML VPN SAML TCP Proxy FW TCP IDS TLS/SSL VPN TLS IP Packet FW Packet IDS IPSec VPN IPSec Secure Systems Research Group – Florida Atlantic University

Abstact Pattern for Sec. Mech. VPN/FW/IDS SAML Realize Realize Realize TLS V/F/I IPSec V/F/I XML V/F/I TLS IPSec Secure Channel Authentication Secure Systems Research Group – Florida Atlantic University

Proposed Research General Goal We try to unify the security functions used in different network layers through security patterns. We identify the common security components of each layer and their protocols and try to discover the existing security patterns for each of these layers and identify the patterns yet to be developed and try to develop them. Secure Systems Research Group – Florida Atlantic University

Specific Goals and Outline Survey security Components such as Firewall, IDS and VPN Survey the existing protocols for each of these layers such as IPSec, TLS and SAML. Identify the existing patterns for each of these security components for each of the network layers. Identify the patterns yet to be developed for the security components for each of these network layers. Develop these new security patterns yet to be developed for each of these layers. Apply the new patterns developed on a Case Study and study the consequences in detail. Secure Systems Research Group – Florida Atlantic University

Contributions A description of the three basic architectural layers using pattern diagrams showing the relationship between these patterns A description of the protocols to provide security for these layers using security pattern diagrams. An enumeration of the use cases and the security threats involved for the typical network functions. Analysis of the existing countermeasures, eg. Firewalls, IDS, VPNs and their combinations. We will consider existing commercial products as possible sources of security patterns. Specific patterns for the network architectural layers, their security standards, and mechanisms to defend against the identified threats. We have already published one of these [Fer05] and in the process of completing another. Validation of the approach to applying it to a SCADA system. Secure Systems Research Group – Florida Atlantic University

Validation A way to validate the proposed model is to apply it to a real system. We can analyze its main use cases and enumerate possible threats. Then we can see how our architectural model provides a structure to develop and evaluate a range of those systems. We intend to apply our model to a SCADA system and compare our results to other analysis of SCADA security such as [Nae07, NIST]. The new patterns can be validated by publishing in conferences such as PLOP or similar conferences. (We did this with an early pattern [Fer05]). Secure Systems Research Group – Florida Atlantic University

Remaining Work: New Patterns All the other patterns that need to be developed will be identified. The above existing patterns will be further expanded in detail. For example IDS pattern would be extended to include Misuse based IDS also. The VPN pattern will be expanded into different patterns for XML, Packet VPN and SSL VPNs. Patterns for the different Protocols. Proposed TimeLine: Fall 2008 + Spring 2009 Secure Systems Research Group – Florida Atlantic University

2. Synergy Impact of synergistic combination of these security mechanisms VPN + FW + IDS Summer 2009.

4. Case Study (Validation) Finally after all the missing pieces are developed it will be applied to the SCADA model which has been developed above and will be studied in detail. Proposed Time Line: Fall 2009 Secure Systems Research Group – Florida Atlantic University

Completed Work Survey of existing patterns First we will identify all the patterns that have been developed by other researchers in these network layers such as the Packet filter pattern, proxy firewall pattern and XML firewall pattern and Survey of security mechanisms limiting to SCADA.

2. VPN Patterns SAML XML VPN VPN TLS TLS VPN IPSec IP VPN Supports SAML XML VPN VPN Supports TLS TLS VPN IPSec Supports IP VPN Secure Systems Research Group – Florida Atlantic University

3. IDS - Class Diagram for Signature basedIDS.[Fer05] Viking PLOP Secure Systems Research Group – Florida Atlantic University

Class Diagram For VPN Network VPN Network End Point * * Network End Point 1 1 * Authenticator Secure Channel 1 Identity Base * Identity Secure Systems Research Group – Florida Atlantic University

4. Case Study Identification SCADA Architecture SCADA can be used as an example of a distributed system where we apply these patterns. Security Threats. Secure Systems Research Group – Florida Atlantic University

Example An important example of SCADA application is electric power generation. Context A SCADA system such as electric power generation system with a Distributed Architecture and connected to the Internet. Secure Systems Research Group – Florida Atlantic University

Class Diagram (w/o Security Components) Central Controller User Interface Field Unit Controller Comm. Network Internet Zone * 1 Secure Systems Research Group – Florida Atlantic University

Class Diagram for Secure SCADA Secure Systems Research Group – Florida Atlantic University

Suggestions Additions Concerns Modifications Improvements Secure Systems Research Group – Florida Atlantic University

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.