asynchronous intrusion recovery for interconnected web
play

Asynchronous intrusion recovery for interconnected web services - PowerPoint PPT Presentation

Jun 02, 2023 •338 likes •1.17k views

Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim , Nickolai Zeldovich MIT CSAIL Today's web services are highly interconnected Many web services provide APIs to other sites Many websites

  1. Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim , Nickolai Zeldovich MIT CSAIL

  2. Today's web services are highly interconnected ● Many web services provide APIs to other sites ● Many websites integrate those APIs: — Authentication: Facebook Connect, Google+ ... — Data sharing: Dropbox ... — Business process management: Salesforce … — ...

  3. Example: online shopping mall ... Customer Relationship Management (CRM)

  4. Example: online shopping mall Adobe Echo Sign (E-Signature Service) ... Financial Force (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  5. Example: online shopping mall Facebook Twitter Allow Facebook users Adobe Echo Sign to buy our products (E-Signature Service) without registration ... Financial Force (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  6. Example: online shopping mall Facebook Twitter Allow Facebook users Adobe Echo Sign to buy our products (E-Signature Service) without registration ... Financial Force Address in Facebook (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  7. Attack in one service can spread between services Facebook Twitter Adobe Echo Sign (E-Signature Service) Ship purchased products to ... ... Address modifjed Financial Force by Attacker (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  8. Bugs in web services are commonplace ● Facebook (Mar 29 th 2013): — Attackers can intercept full permission access tokens

  9. Bugs in web services are commonplace ● Facebook (Mar 29 th 2013): — Attackers can intercept full permission access tokens ● Many web services have similar bugs Twitter (Aug 20 th 2013) — Instagram (May 2 nd 2013) — Microsoft Yammer (Aug 4 th 2013) —

  10. Goal ● Recovering integrity in interconnected services — Repair the state of afgected services as if the attack never occurred ● State-of-the-art: manual recovery — Admin doesn't trust other sites for recovery — Require manual interaction (e.g., email other admin)

  11. General plan for automatic recovery ● Use rollback-and-replay for recovering integrity in single machine — Prior works: Retro [OSDI '10], Warp [SOSP '11] ● Extend rollback-and-replay to many web services !

  12. Challenges ● Rollback-and-replay requires global coordinator — Each service cannot decide what to do for repair ● All services must be available during recovery — We want to repair some services even if others are down — Consistency problem: some services are not repaired yet

  13. Contributions Enable automatic intrusion recovery in distributed web services 1. Repair protocol between services • No central coordinator • Each service controls its repair 2. Asynchronous repair • Proceed repair even with unavailable services • Consistency in partially repair state

  14. Running example of an attack Facebook Twitter Adobe Echo Sign (E-Signature Service) Ship purchased products to ... ... Address modifjed Financial Force by Attacker (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  15. Running example of an attack Facebook ... CRM Bill.ON (Invoices and Billing Service)

  16. Running example of an attack Attacker Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  17. Running example of an attack Attacker Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  18. Running example of an attack Attacker Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  19. Running example of an attack Attacker Modify address Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  20. Running example of an attack Attacker Modify address Facebook ... Victim Address modifjed by Attacker CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  21. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON

  22. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON Time

  23. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON Time

  24. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON Time

  25. Goal: attack did not take place Attacker Victim Facebook Shopping Mall Bill.ON Time

  26. Goal: attack did not take place Attacker Victim Facebook Shopping Mall Bill.ON Time

  27. Overview of system execution ● Normal execution : — Record enough information for rollback-and-replay ● Repair: — Identify an attack to initiate repair — Repair local state: rollback and replay recorded requests — Propagate repair whenever local repair afgects others

  28. Overview of system execution ● Normal execution : — Record enough information for rollback-and-replay ● Repair: — Identify an attack to initiate repair — Repair local state: rollback and replay recorded requests — Propagate repair whenever local repair afgects others

  29. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Identify an attack for repair Shopping Mall Bill.ON Time

  30. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Time

  31. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Time

  32. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Error Time

  33. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Error Original address Time

  34. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Error Original address Time

  35. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Remove access token Restore victim's address Shopping Mall Bill.ON Error Error Time

  36. Problems in Strawman design ● P1. All services must be available → Support asynchronous repair with speculation ● P2. Require global coordinator → Defjne repair APIs between services

  37. Problems in Strawman design ● P1. All services must be available → Support asynchronous repair with speculation ● P2. Require global coordinator → Defjne repair APIs between services

  38. Challenge: cooperating with unavailable web services Attacker Victim Facebook Unavailable Offmine Shopping Mall Bill.ON Error Error Error Error Time Wait for other services to come up?

  39. Solution: asynchronous repair ● Asynchronously deliver repair requests ● Speculatively proceed local repair with past responses (or timeout responses) ● Expose repaired state after local repair ● Intuition: why asynchronous repair works? — Many web services are designed for independent operation, prepared for handling others failures

  40. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Error Error Time

  41. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Speculatively proceed Error Error with past request Time Asynchronously deliver new response

  42. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Speculatively proceed Error Error with past request Time Asynchronously deliver new response

  43. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Speculatively proceed Error Error with past request Time Asynchronously deliver new response

  44. Example: exposing state after local repair Attacker Victim Facebook Shopping Mall Bill.ON ... Another Time web service Two services are still repairing

  45. What if speculation fails? ● If service responds difgerently, — Restart local repair with the new response — In fact, it is not difgerent from initiating new repair ● Asynchronous repair will converge to the correctly repaired state at the end

  46. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

  47. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: Following request depends on previous request ok

  48. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

  49. Example: speculation failure Facebook Shopping Mall Message: Message: Mall Mall Ready for shipping to: Ready for shipping to: ok Respond with difgerent result

  50. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

  51. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches Ph.D. Thesis Defense December 17th, 2019 1 HP Labs (ronny.chevalier@hp.com) 2 CIDRE Team, CentraleSuplec/Inria/CNRS/IRISA

1.66k views • 140 slides
Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems ACSAC, December 13th, 2019 1 HP Labs, United Kingdom (ronny.chevalier@hp.com, david.plaquin@hp.com, cid@hp.com) 2 CIDRE Team,

820 views • 56 slides
Asynchronous Replication and Bayou Asynchronous Replication and Bayou Asynchronous Replication

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Asynchronous Replication

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Asynchronous Replication Asynchronous Replication Idea: build available/scalable information services with read-any-write-any replication and a weak consistency model. - no

738 views • 48 slides
Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin

Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin

Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin Beineke, Florian Klein, Michael Schttner Institut fr Informatik, Heinrich-Heine-Universitt Dsseldorf Outline Motivation The In-Memory

323 views • 21 slides
Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of

Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of

Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of system security: preventing attacks System hardening tools/techniques (e.g.,) Firewall, AntiVirus 2 My work on preventing attacks

1.76k views • 116 slides
Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah,

Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah,

Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah, Neha Narula, Nickolai Zeldovich MIT CSAIL Web applications routinely compromised Web applications routinely compromised Web applications

1.44k views • 75 slides
Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M. Frans Kaashoek MIT CSAIL Attackers routinely compromise system integrity Attackers routinely compromise system integrity Attackers routinely

1.23k views • 74 slides
Asynchronous sequence circuits An asynchronous sequence machine is a sequence circuit without

Asynchronous sequence circuits An asynchronous sequence machine is a sequence circuit without

Asynchronous sequence circuits An asynchronous sequence machine is a sequence circuit without flip-flops Asynchronous sequence machines are based on combinational gates with feedback Upon analysis it is assumed : Only one signal at a

1.34k views • 66 slides
Press intrusion. Identifying similar words with different connotations What is press intrusion?

Press intrusion. Identifying similar words with different connotations What is press intrusion?

Topic 12: Press intrusion. Identifying similar words with different connotations What is press intrusion? Press intrusion is an issue which has many stances, often depending on whether you are a member of the press or have been on the receiving

602 views • 9 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers

How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers

How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers for Asynchronous On- -chip Networks chip Networks On Wei Song Supervisor: Doug Edwards Advanced Processor Technologies Group Advanced

526 views • 26 slides
Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall 2000 Asynchronous Replication Asynchronous Replication Idea: build available/scalable information services with read-any-write-any replication and a

247 views • 24 slides
Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall 2000 Asynchronous Replication Asynchronous Replication Idea: build available/scalable information services with read-any-write-any replication and a

688 views • 48 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Convergence of Iterative Hard Thresholding Variants with Application to Asynchronous Parallel

Convergence of Iterative Hard Thresholding Variants with Application to Asynchronous Parallel

Convergence of Iterative Hard Thresholding Variants with Application to Asynchronous Parallel Methods for Sparse Recovery Jamie Haddock Asilomar Conference on Signals, Systems, and Computers, November 4, 2019 Computational and Applied

1.21k views • 31 slides
Client Relationship Model Panel Discussion November 8, 2012 CRM Panel Speakers Paul

Client Relationship Model Panel Discussion November 8, 2012 CRM Panel Speakers Paul

Client Relationship Model Panel Discussion November 8, 2012 CRM Panel Speakers Paul Strijckers , VP Strategic Initiatives (Broadridge Financial Solutions) David Malone , VP Business Initiatives (RBC Wealth Management Canada)

629 views • 27 slides
Saka e Fuchino ( ) Graduate School of System Informatics Kobe University (

Saka e Fuchino ( ) Graduate School of System Informatics Kobe University (

Set-theoretic aspects of pre-Hilbert spaces without orthonormal basis Saka e Fuchino ( ) Graduate School of System Informatics Kobe University ( )

425 views • 21 slides
Where Did My Architecture Go? Preserving and recovering the design of software in its

Where Did My Architecture Go? Preserving and recovering the design of software in its

Where Did My Architecture Go? Preserving and recovering the design of software in its implementation QCON London March 2011 Eoin Woods www.eoinwoods.info Content Losing Design in the Code Key Design Constructs My Example

915 views • 68 slides
OFBiz CRM & Asterisk Call Center Integration Youssef Khaye, Software Developper OCTOBER

OFBiz CRM & Asterisk Call Center Integration Youssef Khaye, Software Developper OCTOBER

OFBiz CRM & Asterisk Call Center Integration Youssef Khaye, Software Developper OCTOBER 1-2, 2015 Agenda Who am I ? Asterisk Architecture Implementation process Outgoing calls Incoming calls Implementation

470 views • 22 slides
Process Dundalk, 30 June 2017 1 Agenda 10.00 to 10:30 Introduction and timeline overview

Process Dundalk, 30 June 2017 1 Agenda 10.00 to 10:30 Introduction and timeline overview

I-SEM CRM Exception Application / Notification Process Dundalk, 30 June 2017 1 Agenda 10.00 to 10:30 Introduction and timeline overview 10:30 to 11:00 Existing Capacity Exception Application (USPC) 11:00 to 11:30 Coffee and

662 views • 30 slides
EUROCS DEEP CONVECTI VE CLOUDS DI URNAL CYCLE of DEEP CONVECTI ON OVER LAND CNRM, ECMWF, LMD,

EUROCS DEEP CONVECTI VE CLOUDS DI URNAL CYCLE of DEEP CONVECTI ON OVER LAND CNRM, ECMWF, LMD,

EUROCS DEEP CONVECTI VE CLOUDS DI URNAL CYCLE of DEEP CONVECTI ON OVER LAND CNRM, ECMWF, LMD, Met Of f ice, NCAR & SMHI (Europe, Fr ance, Sweden, UK & US) Guichard & P et ch Beau, Belj aars, Chaboureau, Cheinet , Grabowski,

450 views • 19 slides
COMMUNICATION Managing your sales and marketing processes MEET YOUR SPEAKER DAVE BETCHER VP OF

COMMUNICATION Managing your sales and marketing processes MEET YOUR SPEAKER DAVE BETCHER VP OF

REIMAGINING HOME BUYER COMMUNICATION Managing your sales and marketing processes MEET YOUR SPEAKER DAVE BETCHER VP OF CONSULTING SERVICE LASSO CRM TODAYS LEARNING OUTCOMES Why do we need a systemized approach Determining your goals : initial

624 views • 31 slides
CRM: THE ONE RING THAT RULES THEM ALL. THE BACKSTORY 115 years old Circulations 25K to

CRM: THE ONE RING THAT RULES THEM ALL. THE BACKSTORY 115 years old Circulations 25K to

CRM: THE ONE RING THAT RULES THEM ALL. THE BACKSTORY 115 years old Circulations 25K to 400K $45 million revenue Four vertical segments Magazines: 100% 180 employees Heatset web EFI Monarch: October 2014 300

701 views • 33 slides

More recommend