Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards a Taxonomy of Security for Distributed Computing

Published byAbel Elliott Modified over 6 years ago

Similar presentations

Presentation on theme: "Towards a Taxonomy of Security for Distributed Computing"— Presentation transcript:

1 Towards a Taxonomy of Security for Distributed Computing
Developing a General Taxonomy of Security Problems for Future Work Timothy Brick and Jarett DeAngelis University of Notre Dame Department of Computer Science and Engineering We want to talk about security from a distributed systems standpoint. This has been discussed plenty of times before, but we want to introduce a framework for auditing and developing. Distributed security is challenging for a variety of reasons, we are trying to categorize those reasons in such a way as to make the problem easier to tackle.

2 How Do You Know If Your Distributed System Is Secure?
Problem? How Do You Know If Your Distributed System Is Secure? (You don't, but we try.) Our goal is to try to find a structure for doing this in an organized way.

3 To develop a taxonomy of distributed security issues
Solution Aims: To develop a taxonomy of distributed security issues To test the taxonomy by analysis of the CC Tools Taxonomy is useful for keeping the process of working with distributed security organized. CCTools are distributed data software developed by the University for research applications which we will discuss later.

4 Final iteration of taxonomy
Three major areas, several sub-areas. Can't discuss in detail—time limit We'll go into these in more detail later.

5 The Chirp Distributed File System
Chirp: Designed to support distributed applications, focus on research apps Creates a userspace abstraction over existing filesystem Permissions system allows authentication via Globus certificates, Kerberos, UNIX auth, hostnames Chirp chosen for a couple reasons: It's here and in production, and NO ONE HAS AUDITED IT YET. Fits the paradigm of “distributed system” well. Runs own filesystem in a “bubble” over existing filesystem, - own abstraction, cross-platform. Permissions system enables the “v” (reserve) right – user can specify sets of rights created in new directories. Will discuss this later

6 Programming-Related Buffer Overflows Race Conditions
Easy to detect statically Detection tools have a lot of false positives (~400) Race Conditions Difficult to pin down NP-Complete to find statically Dynamically detect stat() - open() syscall pairs Doesn't work on user-level file systems! Exploit-finding tools don't always work – false positives and some things just go unfound. Remember: Race conditions exploit the pause between operations. That's it. Detecting race conditions exhaustively (off-line) is NP-Hard. We know for a fact that there is use of unbounded buffers in chirp_server from flawfinder, but none of them appear to be exploitable. Client has an unbounded buffer in its use of readline, doesn't do much.

7 Demonstration Discovered an exploit of alteration of absolute namespace in Chirp filesystem. Dynamic race condition detection tool finds user-level ACL check - open pairs. (Based on rules given in Tsyrklevich & Yee 2003) Race condition finder based on previous work by Tsyrklevich & Yee in 2003 – looks for “illegal” syscall combinations. Do the demo here. chirp_server won't run as root.

8 Especially if they don't know they're doing it.
User Wrangling Users behave badly. Especially if they don't know they're doing it. How to prevent users from unwittingly compromising security? They: Don't know security Don't read documentation Engage in inadvisable behavior Notification: Does the application tell the user what they're doing is bad? Sensible Defaults (Default Deny) Luxury of Ignorance: Term taken from ESR's essay. Bear in mind user doesn't know. Administrative Robustness: Can't be sure an admin is available or that a user will go to them.

9 Trust What schemes do you trust? Reliability Appropriateness
Who does that mean you're trusting? TIM Reliability: Is it tough to break? Appropriateness: Does it make sense for the application? (Sanity check: cost-benefit/what do you get if you crack it?) Trust chains: Who are you actually trusting? Example: Hostname auth in chirp.

10 Evaluation Completeness Usefulness Adds to existing work
Still not entirely complete Usefulness Example: Chirp Buffer overflow found in chirp client Relative namespace exploit in server ACL klobbering exploit in server Some user interaction problems Potential for abuse of trust systems Adds to existing work in several ways. Work still to be done to test completeness, and we'll never really have it complete. Hard to quantify. But it's better than we had, and people can add to it later. Plus, it worked. Which is good.

11 CCTools available at http://www.cctools.org/
Conclusion Useful practical results from analysis of Chirp Useful taxonomy structure suitable for the future analysis of distributed systems Try it! CCTools available at Well, we built it. And it works. Or seems to. If people add to it, then it'll get better and better. And that would be good.

Download ppt "Towards a Taxonomy of Security for Distributed Computing"

Similar presentations

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Best and Worst Practices Building RIA from Adobe and Microsoft.

Best and Worst Practices Building RIA from Adobe and Microsoft.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely presents:
Usability testing IS 403: User Interface Design Shaun Kane.

Usability testing IS 403: User Interface Design Shaun Kane.
October, 2006 © Copyright 2006, Larry A. Beaty. Copying and distribution of this document is permitted in any medium, provided this notice is preserved.

October, 2006 © Copyright 2006, Larry A. Beaty. Copying and distribution of this document is permitted in any medium, provided this notice is preserved.
95-8411-1 95-841 Information Assurance Policy Tim Shimeall

Information Assurance Policy Tim Shimeall
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.

Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.
Security Issues in Distributed Heterogeneous Systems Somesh Jha Computer Sciences Department University of Wisconsin Madison, WI 53706.

Security Issues in Distributed Heterogeneous Systems Somesh Jha Computer Sciences Department University of Wisconsin Madison, WI
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Virtual Workspaces Kate Keahey Argonne National Laboratory.

Virtual Workspaces Kate Keahey Argonne National Laboratory.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.

Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.

Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.
Chapter 8 Configuring and Managing Shared Folder Security.

Chapter 8 Configuring and Managing Shared Folder Security.
Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It.

Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It.
(1) Test Driven Development Philip Johnson Collaborative Software Development Laboratory Information and Computer Sciences University of Hawaii Honolulu.

(1) Test Driven Development Philip Johnson Collaborative Software Development Laboratory Information and Computer Sciences University of Hawaii Honolulu.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Similar presentations

Ads by Google