Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sandia SRS Red Team Results Information Design Assurance Red Team John Clem Kandy Phan DARPA SRS PI Meeting 15 Dec. 2005 Sandia is a multiprogram laboratory.

Published byBennett Jefferson Modified over 8 years ago

Similar presentations

Presentation on theme: "Sandia SRS Red Team Results Information Design Assurance Red Team John Clem Kandy Phan DARPA SRS PI Meeting 15 Dec. 2005 Sandia is a multiprogram laboratory."— Presentation transcript:

1 Sandia SRS Red Team Results Information Design Assurance Red Team John Clem Kandy Phan DARPA SRS PI Meeting 15 Dec. 2005 Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

2 DARPA SRS PI Meeting 15 Dec. 2005 IDART™ Objectives Initial Analysis Results PMOP, CORTEX, PASIS General Observations Lessons Learned Q&A Outline

3 DARPA SRS PI Meeting 15 Dec. 2005 IDART Objectives System Analysis –Increase system understanding –Test system responses to adversarial inputs –Attack assumptions/claims –Confirm strengths and reveal weaknesses Red Team –Open… –Flexible –Objective –Fair

4 DARPA SRS PI Meeting 15 Dec. 2005 Initial Analysis Reviewed three SRS technologies for live red team readiness Two technology development projects were chosen for a live red team engagement One technology project was chosen for an attack brainstorm only Criteria –Technology implemented? –Stable? –Potential for tangible results?

5 DARPA SRS PI Meeting 15 Dec. 2005 PMOP Adversary Model: –A regular user with malicious intent –Operating system vulnerabilities are out of scope

6 DARPA SRS PI Meeting 15 Dec. 2005 PMOP targets 3 Separate Components on 3 systems –1. Rule System –2. “File Save As …” Dialog Box –3. Wrapped Shell

7 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: Rule System MAF GUI (Legacy dependency) PMOP JESS Rule engine Rule file allow … deny … Rules to enforce Mission plan to check

8 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: MAF GUI Client

9 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: Example Rule File (defrule MAIN:first-leg-must-be-a-takeoff (MISSION_EVENT_ROW (EVENT_TYPE ?&~"TO") (EVENT_SEQ_ID ?id1) (prev -1)) => (error-feedback "first-leg-must-be-a-takeoff " ?id1)) (defrule MAIN:aircraft-cannot-exceed-supported-weight-of-airbase … (WEIGHT ?acweight&:(> ?acweight ?abweight)) ) => (error-feedback "aircraft-cannot-exceed-supported-weight-of- airbase "))

10 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: Rule System Strengths: –Fast –Accurate –XML Weaknesses: –Need stronger input validation (e.g. XML) –Scalability/Consistency of rules –Domain/Expert knowledge dependent

11 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: “SaveAs” Dialog Box

12 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: Wrapped Shell

13 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: Wrapper Config File authorize connect in ws2_32.dll with Inst_connect authorize bind in ws2_32.dll with Inst_bind authorize sendto in ws2_32.dll with Inst_sendto authorize recvfrom in ws2_32.dll with Inst_recvfrom // mediators for MSO SaveAs and Open Dialogs transform FindFirstFileExW in kernel32.dll with Inst_FindFirstFileExW transform FindNextFileW in kernel32.dll with Inst_FindNextFileW monitor FindClose in kernel32.dll with Inst_FindClose

14 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: Wrapper Config File

15 DARPA SRS PI Meeting 15 Dec. 2005 PMOP: Wrapped Shell Strengths: – Canonicalization of file names – Granularity Weakness: – Scalability of configurations Results: – NT wrappers did well protecting the JBI directory

16 DARPA SRS PI Meeting 15 Dec. 2005 CORTEX Master DB Tasters (Lead) ProxyReplicator Learner RTS: Controller Red Team Clients

17 DARPA SRS PI Meeting 15 Dec. 2005 CORTEX Strengths: –Fast response/Efficient of learner –Block mechanism/“Binary poison” –Scalability in number of tasters –Single entry point –Real automatic system

18 DARPA SRS PI Meeting 15 Dec. 2005 CORTEX Weaknesses: –Instrumentation capabilities –Instability of proxy and controller (buffers?) –Algorithm to switch tasters –Invalid error messages –Failure detection for tasters

19 DARPA SRS PI Meeting 15 Dec. 2005 CORTEX Red Team flags: –1. Crash system twice with same attack –2. False positives –3. Take down system Results: –Flag 1 not achieved –Flag 2 achieved –Flag 3 achieved Instability did not allow full testing or attribution of effects

20 DARPA SRS PI Meeting 15 Dec. 2005 PASIS Increasing Intrusion Tolerance via Scalable Redundancy General Observations Strengths –Provable guarantees assuming limited number of Byzantine servers and unlimited number of Byzantine clients –Invisible to ordinary user –Very efficient in normal operation –Plausible attack requires sophisticated adversary with extensive real-time knowledge of network state –Sensible implementation successfully thwarts obvious lines of attack (timestamp manipulation, message replays)

21 DARPA SRS PI Meeting 15 Dec. 2005 PASIS (2) Weaknesses –Presupposes extensive PKI –Interactions with underlying file system implementation can be complex, hard to specify, could undermine liveness/linearizability guarantees –Possibility of large overhead, adversary can force system to do a lot of redundant work (live engagement needed to confirm this) –Not entirely clear how to update system while running (add/drop servers, change parameters or algorithms)

22 DARPA SRS PI Meeting 15 Dec. 2005 PASIS (3) Attack Brainstorm Results (attack graph)

23 DARPA SRS PI Meeting 15 Dec. 2005 PASIS (4) Conclusions In theory there may be conditions showing PASIS protocol is not bullet-proof Weaknesses are in underlying assumption of scaled PKI; always correct file system interactions; lack of defined maintenance procedures Strengths are in strong proofs; transparency; efficiency; significant adversary attack requirements

24 DARPA SRS PI Meeting 15 Dec. 2005 General Observations Red Team success with causing false positives –Low cost attack –DoS System state under attack difficult to know Weak threat models still being used by developers System security not inherent –Dependent on other things (implementation) –What happens when you build a system of systems?

25 DARPA SRS PI Meeting 15 Dec. 2005 General Observations (2) Implementations have been shown to include shortcuts bypassing the theoretical model specifications Scoring has pros and cons –There can be COI Red Team discouraged from trying novel attacks due to low likelihood of success Red Team could run up the score based on uninteresting variations of successful attacks

26 DARPA SRS PI Meeting 15 Dec. 2005 Lessons Learned Murphy was here (again) Live Red Team experiments/exercises are not low overhead –Certain amount of overhead for even one day Need stable implementations –Homogeneous platforms increases reliability Hardware OS Applications –Redundant platforms improves efficiency –Certain metrics difficult to measure without this

27 DARPA SRS PI Meeting 15 Dec. 2005 Lessons Learned (2) Frozen version Need developer instrumentation to understand system state Advantageous for developers to have/consider more sophisticated threat models early Need/use shortcuts to adequately model adversary pressure –These are exercise assumptions –This adds value/reduces cost

28 DARPA SRS PI Meeting 15 Dec. 2005 Value Added Different Perspective (Malicious) Experience Clarifies understanding Provides new insights Structure for analysis

29 DARPA SRS PI Meeting 15 Dec. 2005 Q&A/Discussion IDART Contact Information John Clem jfclem@sandia.gov 505-844-9016 Kandy Phan kphan@sandia.gov 505-284-6802

Download ppt "Sandia SRS Red Team Results Information Design Assurance Red Team John Clem Kandy Phan DARPA SRS PI Meeting 15 Dec. 2005 Sandia is a multiprogram laboratory."

Similar presentations

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
1 Approved for unlimited release as SAND 2010-3325 C Verification Practices for Code Development Teams Greg Weirs Computational Shock and Multiphysics.

1 Approved for unlimited release as SAND C Verification Practices for Code Development Teams Greg Weirs Computational Shock and Multiphysics.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.
Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.

Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
1 Reliable Adaptive Distributed Systems Armando Fox, Michael Jordan, Randy H. Katz, David Patterson, George Necula, Ion Stoica, Doug Tygar.

1 Reliable Adaptive Distributed Systems Armando Fox, Michael Jordan, Randy H. Katz, David Patterson, George Necula, Ion Stoica, Doug Tygar.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.

Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.
Department Of Computer Engineering

Department Of Computer Engineering
Scalable Server Load Balancing Inside Data Centers Dana Butnariu Princeton University Computer Science Department July – September 2010 Joint work with.

Scalable Server Load Balancing Inside Data Centers Dana Butnariu Princeton University Computer Science Department July – September 2010 Joint work with.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google