1 / 29

Dependable Intrusion Tolerance

Dependable Intrusion Tolerance. March 2002 Magnus Almgren, Alfonso Valdes SRI International. Acknowledgements

reginald-ethelbert
Télécharger la présentation

Dependable Intrusion Tolerance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dependable Intrusion Tolerance March 2002 Magnus Almgren, Alfonso Valdes SRI International Acknowledgements Research sponsored under DARPA Contract N66001-00-C-8058. Views presented are those of the authors and do not represent the views of DARPA or the Space and Naval Warfare Systems Center

  2. Outline • Background • System Components • The Single Proxy • Example • Validation • Performance • Stopping Code Red • Future Work

  3. Background • Intrusion Tolerant Server

  4. Background • Intrusion Tolerant Server • Redundancy & Diversity

  5. Background • Intrusion Tolerant Server • Redundancy & Diversity • Hardened Proxy • StackGuard • Online Verifiers • Small Code Base

  6. Background • Intrusion Tolerant Server • Redundancy & Diversity • Hardened Proxy • StackGuard • Online Verifiers • Small Code Base • HIDS/NIDS/app-IDS • EMERALD/Snort

  7. System Components • Application Servers • Solaris, Win2k, RedHat, FreeBSD • IDS • Proxy • RedHat-6.2 • Our own code base RedHat 6.2 Proxy eAggregator C-R eXpert-Net eBayes-TCP eBayes-Blue Snort MS Win2k IIS Solaris 8(Sparc5) Apache eXpert-BSM RedHat 7.1 iPlanet FreeBSD 4.2 Apache App-IDS

  8. e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 1,1 2,2 3,3 4,4 4,3 Proxy in Detail

  9. reconnaissance e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Simple Example Policy/Regime 4,3 1,1 2,2 3,3 4,4

  10. reconnaissance RegimeManager AlertManager Proxy Server RepairManager Simple Example e-Aggregator ChallengeResponse Policy/Regime 4,3 1,1 2,2 3,3 4,4

  11. reconnaissance RegimeManager Proxy Server Simple Example e-Aggregator AlertManager ChallengeResponse RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  12. reconnaissance RegimeManager Proxy Server Simple Example e-Aggregator AlertManager ChallengeResponse RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  13. web attack RegimeManager Proxy Server Simple Example e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  14. web attack Simple Example e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  15. web attack Simple Example e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  16. web attack Simple Example e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  17. web answer Simple Example e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  18. Simple Example e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  19. Simple Example Block client Block URI e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  20. Simple Example e-Aggregator RegimeManager AlertManager ChallengeResponse Proxy Server RepairManager Policy/Regime 4,3 1,1 2,2 3,3 4,4

  21. Plans for Validation • Performance • Preliminary Results • Resistance to attacks • Compile a list of existing Web exploits • Run these against system • Problem: A very new attack, which we might not have thought about • Assembly of Complementary Mechanisms • Red Teaming?

  22. Round-trip time measured through the proxy Regime 1 — 4 Round-trip time measured directly for each application server Performance Measurement Asking for index.html with all included images and measured round-trip time. About 34 kb in 9 requests.

  23. Round-trip time 10 simultaneous clients

  24. Response vs Number of Clients

  25. Outline • General principles • Architecture overview • Proxy functionality • Stopping Code Red • Summary

  26. Proxy Bank IDS Appliance 1. 3/4 of Code Red attempts miss the IIS server 2. IDS detects attempt. System invokes agreement mode 3. In case of a successful infection, corrupt content is detected and reinfection attempts are blocked 4. Clients get valid content while compromised server is rebuilt Stopping Code Red (and NIMDA) IIS

  27. Intrusion Detection to Date Seeks to detect an arbitrary number of attacks in progress Relies on signature analysis and probabilistic (including Bayes) techniques Response components immature No concept of intrusion tolerance New Emphasis Detection, damage assessment, and recovery Finite number of attacks or deviations from expected system behavior Seek a synthesis of intrusion detection, unsupervised learning, and proof-based methods for the detection aspect Concepts from fault tolerance are adapted to ensure delivery of service (possibly degraded) Dependable Intrusion Tolerance

  28. Summary • Developing an adaptable intrusion tolerant server architecture • General Principles: • Hardened proxy • Redundant capability with diverse implementation • Adaptive response • A variety of IDS, symptom detectors, and on-line verifiers provide situational awareness • Stepped policy response enforces content agreement in suspicious situations

  29. Future directions • Refine Alert Manager • Multiple proxies • Validate with existing exploits • Dynamic content

More Related