attack graphs
play

Attack Graphs Systems and Internet Infrastructure Security (SIIS) - PowerPoint PPT Presentation

Feb 16, 2024 •449 likes •1.06k views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS)

  1. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Outline Attack Graphs • MulVal • System-wide Info Flow • Penn State Systems and Internet Infrastructure Security Lab Page 2

  3. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Towards System-Wide, Deployment-Specific MAC Policy Generation for Proactive Integrity Mediation Sandra Rueda, Divya Muthukumaran, Hayawardh Vijayakumar, Trent Jaeger, Swarat Chaudhuri Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University September, 2011 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. Talk Outline • Current State of Security Attack methods are comprehensive ‣ Defenses are ad hoc ‣ • Problem: Generate proactive defense automatically What do we know how to do already? ‣ Develop a solution method built on such techniques ‣ • How will such a method impact system design/deployment? Prototype to generate and test system-wide MAC policies ‣ Other talks: (1) integrity measurement protocol that measures ‣ such defenses and (2) process firewall that protects system call interface Penn State Systems and Internet Infrastructure Security Lab Page 4

  5. Current Attacks • Attack unprivileged processes first Then, escalate privilege incrementally via local exploits ‣ Leverage (unjustified) trust between processes/hosts to propagate ‣ attacks • Such Attack Paths are ubiquitous in current systems Processes are tightly interconnected ‣ Historically, all user processes have same privilege and can utilize • system services Any control flow vulnerability can be leveraged to run any code ‣ Return-oriented programming • • Claim: Adversaries will use any undefended path Penn State Systems and Internet Infrastructure Security Lab Page 5

  6. Current Defenses • We have made progress the last 10 years or so Vulnerable network services galore  hardened, privilege- ‣ separated daemons (OpenSSH) Default-enabled services  hardened configurations (IIS) ‣ Root system processes galore  Mandatory access control (Linux, ‣ BSD) Application plug-ins in same address space  Run application code ‣ in separate processes (Chrome, OP browsers) Email attachments compromise system  Prevent downloaded ‣ content from modifying system (MIC, antivirus) A process in one host can easily access another host  Limit open ‣ ports (host firewalls, labeled networking) Penn State Systems and Internet Infrastructure Security Lab Page 6

  7. MAC Operating Systems a OS Security r Reference Server q Monitor b Policy p Kernel Space User Space Mandatory Access Control (MAC) operating systems • Define an immutable set of labels and assign them to every subject and object in ‣ the system Define a fixed set of authorized operations based on the labels ‣ Now available in most commodity operating systems (Trusted Solaris, • TrustedBSD, SELinux, AppArmor, Windows MIC*, etc) Penn State Systems and Internet Infrastructure Security Lab Page 7

  8. MAC Enforcement Everywhere MAC enforcement in the OS alone is not enough • Several applications are designed to serve users with multiple • security requirements OS cannot control what these applications do ‣ OS are not trusted to isolate computing ( reference monitor concept ) • But virtualization is (for now) ‣ MAC at virtualization layer (VMM, hypervisor) can mediate system ‣ comprehensively OS MAC does not control operations between hosts • Labeled networking assigns labels to all network data (Labeled IPsec and ‣ Secmark Firewall) Penn State Systems and Internet Infrastructure Security Lab Page 8

  9. We’ve Created a Monster We end up with systems consisting of • Complex programs ‣ Complex program configurations ‣ Complex MAC policies ‣ Systems consisting of many, independent components ‣ All these are built with a particular threat model • in mind Which is likely different than the actual deployment ‣ System administrators are left to fix them • Penn State Systems and Internet Infrastructure Security Lab Page 9

  10. Taming a Monster Design components to defend threats proactively • Programs : protect at some interfaces; expect high ‣ integrity data at others system-wide MAC policies OS Distros : protect at some ports, files; expect high ‣ integrity data at others to defend deployments Hosts : Ditto ‣ proactively. We need System administrators create systems from • multiple, independent components, connecting automated tools to them to external resources generate They would like to know that the use of these ‣ components corresponds to their defenses The two tasks are ultimately the same conceptual • problem Penn State Systems and Internet Infrastructure Security Lab Page 10

  11. What Do We Know How To Do? • Compute Attack Paths (from Attack Graphs) Find the sequence of steps that adversaries can ‣ take to compromise a system • Compute Compliance Find information flow and permission errors in ‣ programs and system MAC policies • Identify Attack Surfaces Find how systems and programs are accessible to ‣ adversaries • Attack-Specific Analyses E.g., input sanitization ‣ Penn State Systems and Internet Infrastructure Security Lab Page 11

  12. What Do We Know How To Do? • Compute Attack Paths (from Attack Graphs) Find the sequence of steps that adversaries can ‣ take to compromise a system • Compute Compliance Find information flow and permission errors in ‣ programs and system MAC policies • Identify Attack Surfaces Find how systems and programs are accessible to ‣ adversaries • Attack-Specific Analyses E.g., input sanitization ‣ Penn State Systems and Internet Infrastructure Security Lab Page 12

  13. Compliance Problem Evaluating whether a policy permits an adversary to have unauthorized • access (i.e., contains an error) is a compliance problem : System Policy: describes a system’s behavior ‣ Goal Policy: describes acceptable behavior ‣ Mapping function: relates elements from the system policy to elements in the ‣ goal policy A compliant system policy is guaranteed to meet the requirements defined by ‣ the goal policy Penn State Systems and Internet Infrastructure Security Lab Page 13

  14. Evaluating OS MAC Policy We represent a single MAC policy with an information flow graph • Used in analyses for SELinux by Tresys, Stoller, Li, Jaeger, etc. ‣ ftpd_t etc_t etc_t var_t sbin_t installer_t read,write read,write read,write var_t kernel_t read,write read,write read kernel_t ftpd_t read read read sbin_t installer_t read read,write Penn State Systems and Internet Infrastructure Security Lab Page 14

  15. Compliance Problem The policy compliance problem for a single policy is set up as follows: • System policy – The policy that we are analyzing is represented as a • graph ftpd_t etc_t var_t kernel_t sbin_t installer_t Penn State Systems and Internet Infrastructure Security Lab Page 15

  16. Compliance Problem The policy compliance problem for a single policy is set up as follows: • System policy – The policy that we are analyzing is represented as a • graph Goal – The security goal is a lattice that defines integrity levels and • rules that guarantee the integrity of the system High Low Penn State Systems and Internet Infrastructure Security Lab Page 16

  17. Compliance Problem The policy compliance problem for a single policy is set up as follows: • System policy – The policy that we are analyzing is represented as a • graph Goa l – The security goal is a lattice that defines integrity levels and • rules that guarantee the integrity of the system Mapping - Assigns integrity levels to policy labels • ftpd_t etc_t Low var_t kernel_t sbin_t High installer_t Penn State Systems and Internet Infrastructure Security Lab Page 17

  18. Compliance Problem The policy compliance problem for a single policy is set up as follows: • System policy – The policy that we are analyzing is represented as a • graph Goa l – The security goal is a lattice that defines integrity levels and • rules that guarantee the integrity of the system Mapping - Assigns integrity levels to policy labels • ftpd_t etc_t High Low var_t kernel_t Low sbin_t High installer_t Do all flows meet the requirements defined by the goal ? Penn State Systems and Internet Infrastructure Security Lab Page 18

  19. Other Compliance Problems Information flow compliance in programs • Data flow is determined by program data flows – security-typed languages, such ‣ as Jif, Sif, SELinks, FlowCaml Goal policy is not a lattice • Illegal reachability: no path from u  G v ‣ Illegal sets of permissions: annotate edges with permissions ‣ Goals as obligations • The presence of a node, edge, or path is required ‣ These are functional constraints, rather than security ‣ Penn State Systems and Internet Infrastructure Security Lab Page 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Attack Graphs Model Creation Analysis of Attack Graphs

Introduction Attack Graphs Model Creation Analysis of Attack Graphs

EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield Introduction Attack Graphs Model Creation

684 views • 50 slides
A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui

A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui

A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao, Saurabh Bagchi, Eugene Spafford Purdue University Dependable Computing Systems Lab (http://shay.ecn.purdue.edu/~dcsl)

608 views • 23 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille

SysML-Sec Attack Graphs: Compact Representations for Complex Attacks Institut Ludovic Apvrille Mines-Telecom ludovic.apvrille@telecom-paristech.fr Yves Roudier yves.roudier@eurecom.fr GraMSec2015 Context: Security for Embedded Systems

470 views • 23 slides
Graphs () Graphs () Graphs Graphs Graphs are collections of nodes

Graphs () Graphs () Graphs Graphs Graphs are collections of nodes

Graphs () Graphs () Graphs Graphs Graphs are collections of nodes in which various pairs are connected by K08 line segments. The

627 views • 17 slides
Graphs Graphs Examples Definitions Implementation/Representation of graphs Graphs

Graphs Graphs Examples Definitions Implementation/Representation of graphs Graphs

CS171 Introduction to Computer Science II Science II Graphs Graphs Examples Definitions Implementation/Representation of graphs Graphs Graphs: set of vertices connected pairwise by edges Interesting and useful structure

346 views • 30 slides
Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

CS171 Introduction to Computer Science II Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search shortest path Connected components Directed graphs Weighted graphs Minimum spanning tree

781 views • 53 slides
Weighted graphs 2 Weighted graphs So far we have only considered weighted graphs with

Weighted graphs 2 Weighted graphs So far we have only considered weighted graphs with

1 Weighted graphs 2 Weighted graphs So far we have only considered weighted graphs with weights > 0 (Dijkstra is a super-star here) Now we will consider graphs with any integer edge weight (i.e. negative too) 3 Cycles Does a

831 views • 43 slides
Graphs Graph definitions There are two kinds of graphs: directed graphs (sometimes called

Graphs Graph definitions There are two kinds of graphs: directed graphs (sometimes called

Graphs Graph definitions There are two kinds of graphs: directed graphs (sometimes called digraphs) and undirected graphs 60 start Birmingham Rugby 150 fill pan take egg 190 100 with water from fridge Cambridge 140 London 120

624 views • 25 slides
Examples of Obstructions to Apex Graphs, Edge-Apex Graphs, and Contraction-Apex Graphs

Examples of Obstructions to Apex Graphs, Edge-Apex Graphs, and Contraction-Apex Graphs

Examples of Obstructions to Apex Graphs, Edge-Apex Graphs, and Contraction-Apex Graphs International Workshop on Spatial Graphs Mike Pierce August 2016 University California, Riverside Contents Introduction Graph Minors Robertson and

498 views • 46 slides
CS200: Graphs Prichard Ch. 14 Rosen Ch. 10 CS200 - Graphs 1 Graphs A collection of What can

CS200: Graphs Prichard Ch. 14 Rosen Ch. 10 CS200 - Graphs 1 Graphs A collection of What can

CS200: Graphs Prichard Ch. 14 Rosen Ch. 10 CS200 - Graphs 1 Graphs A collection of What can this nodes and edges represent? n A computer network n Abstraction of a map n Social network CS200 - Graphs 2 Directed Graphs A

1.17k views • 50 slides
ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

440 views • 11 slides
Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know. Current biological diagnostics are very effective at identifying agents, but theyre slow. We already have an infrastruc- ture in place to

233 views • 8 slides
Graphs 3 4 8 1 ORD SFO 802 1743 337 1 2 3 3 LAX DFW Outline / Reading Graphs (6.1)

Graphs 3 4 8 1 ORD SFO 802 1743 337 1 2 3 3 LAX DFW Outline / Reading Graphs (6.1)

Graphs 3 4 8 1 ORD SFO 802 1743 337 1 2 3 3 LAX DFW Outline / Reading Graphs (6.1) Definition Applications Terminology Properties ADT Data structures for graphs (6.2) Edge list structure

443 views • 15 slides
Weighted graphs Weighted graphs Weighted graphs Weighted graphs Graphs with numbers, called

Weighted graphs Weighted graphs Weighted graphs Weighted graphs Graphs with numbers, called

Weighted graphs Weighted graphs Weighted graphs Weighted graphs Graphs with numbers, called weights , attached to each edge K08 - Often restricted to

504 views • 12 slides
Advertisement! CSE 528 Computational Neuroscience now open to undergraduates How does the

Advertisement! CSE 528 Computational Neuroscience now open to undergraduates How does the

Last Course Topic: Graphs & Trees Motivation for Graphs Definition Directed and undirected graphs Representing Graphs Paths, Circuits, and Trees Famous Graph Problems Covered in Chapters 9 and 10 in the text (we will

279 views • 25 slides
Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS https://yarrp.nps.tancad.net/ Justin P. Rohrer (jprohrer@nps.edu) Department of Computer Science US Naval Postgraduate School AIMS-KISMET, February 28, 2020 1

538 views • 16 slides
Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence

Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence

Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence J. OConnor Department Electrical Engineering and Computer Science United States Military Academy, West Point, NY, USA 1 USMA EECS

374 views • 20 slides
XSEDE Cybersecurity Program & Information Sharing Overview James Marsteller Agenda XSEDE

XSEDE Cybersecurity Program & Information Sharing Overview James Marsteller Agenda XSEDE

June 22, 2017 XSEDE Cybersecurity Program & Information Sharing Overview James Marsteller Agenda XSEDE Security Team Background Goals/Mission Structure History Policies and Procedures Incident Repose Program Mission

535 views • 20 slides
C.W. Morey School Family Orientation Remote Learning September 2020 2 Lowell Public Schools

C.W. Morey School Family Orientation Remote Learning September 2020 2 Lowell Public Schools

C.W. Morey School Family Orientation Remote Learning September 2020 2 Lowell Public Schools With parent feedback about the emergency closure, we developed this plan to: Rationale Eliminate the need for families to provide

948 views • 15 slides
Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016

Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016

Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016 Web Documentation I set my web browser's home page to the DUNE at Work page: https://web.fnal.gov/collaboration/DUNE/SitePages/home.aspx It is

543 views • 30 slides
Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Baileys ECE 422 Authentication vs Authorization Authentication Who goes there? Restrictions on who (or what)

348 views • 21 slides
Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger

Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger

Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Access Control

592 views • 23 slides
Access Control and Processes Por$ons courtesy Ellen Liu CSE/ISE

Access Control and Processes Por$ons courtesy Ellen Liu CSE/ISE

CSE/ISE 311: Systems Administra5on Access Control and Processes Por$ons courtesy Ellen Liu CSE/ISE 311: Systems Administra5on Outline Access control

385 views • 20 slides

More recommend