intrusion prevention and detection in grid computing the
play

Intrusion Prevention and Detection in Grid computing - The ALICE - PowerPoint PPT Presentation

Oct 05, 2022 •247 likes •420 views

Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International Conference on Computing in High Energy and Nuclear Physics Outline: Introduction Threat model Intrusion prevention Intrusion detection

  1. Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International Conference on Computing in High Energy and Nuclear Physics Outline: Introduction ➢ Threat model ➢ Intrusion prevention ➢ Intrusion detection ➢ Summary ➢ Andrés Gómez, Camilo Lara, Udo Kebschull for the ALICE Collaboration IRI - Goethe University Frankfurt andres.gomez@cern.ch

  2. Introduction: ALICE Grid ➢ > 70 sites ➢ > 30 countries ➢ >45000 CPU cores ➢ > 50PB of storage ➢ > 1000 users ➢ Arbitrary code execution by design ➢ Huge amount of computational power and organization reputation, a goal for adversaries ➢ Focus on HEP → data is public but integrity is important Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan Slide 2 Slide 2

  3. Grid Threat model The adversary may have one or more goals: ➢ Modify experiment data ➢ At tack experiment infrastructure -> online- offline 2018 ➢ Abuse Grid resources ➢ Steal sensitive data ➢ Compromise users' machines ➢ Denegation of service ➢ Damage the organization reputation Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 3 Slide 3

  4. Project main goals Improve computer security in the GRID by: ➢ Intrusion prevention ➢ Security by isolation ➢ Intrusion detection ➢ Analysis of Job behavior ➢ Machine learning Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 4 Slide 4

  5. Specific Grid issues we want to address ➢ No separation between different levels of privileges ➢ Job execution environment not properly enforced ➢ No multi user execution ➢ Sensitive resources not isolated ➢ No automatic way of preventing and detecting intrusions Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 5 Slide 5

  6. Objectives: Intrusion prevention ➢ We want to run the payloads in an isolated environment ➢ The Pilot Job would have unrestricted access to containers ➢ Anything running inside the container should be isolated Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 6 Slide 6

  7. Objectives: Security by isolation ➢ All components run as unprivileged users ➢ Root emulation inside the container ➢ The Jobs run with less privileged Grid user ➢ Unprivileged Isolated Multi User Pilot Jobs ➢ Use containers to achieve isolation Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 7 Slide 7

  8. Containers ➢ Lightweight, fast, disposable ➢ Virtual environments ➢ Boot in milliseconds ➢ Just a few MB of intrinsic disk/memory usage ➢ Bare metal performance is possible Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 8 Slide 8

  9. Containers vs Virtual Machines: Security Virtual Machines: Containers: ➢ More layers of protection ➢ The kernel is directly exposed ➢ Huge surface of attack ➢ Less mature technology ➢ Alone, it does not solve our requirements! ➢ Reduced surface of attack ➢ Attenuation of kernel exposition possible ➢ Less time to update (kernel bugs) ➢ Fine-grained control Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan Slide 9 Slide 9

  10. Containers: Reducing the surface of at tack ➢ Again: Use unprivileged user and containers! ➢ Use Seccomp-bpf to filter available system calls ➢ Sandboxes ➢ Tor ➢ Firefox ➢ Chrome ➢ Use LSM technologies like Appamor ➢ Optionally: use Grsecurity Linux kernel patch ➢ Optionally: use containers over VMs Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 10 Slide 10

  11. Objectives: Intrusion detection ➢ Measure Job behavior ➢ Raise alarms on possible attacks ➢ Adapt to dynamic environment ➢ Several metrics: ➢ Job and system logs ➢ System calls sequence ➢ Common monitoring data Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 11 Slide 11

  12. Intrusion detection: Machine learning ➢ Common IDS use fixed rules ➢ Machine learning methods can help to generalize ➢ Analyze “normal” behavior vs “malicious” behavior ➢ Train AI algorithm ➢ Specific algorithm under research Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 12 Slide 12

  13. Project steps Done ➢ AliEn grid running in a single machine ➢ Framework modified to execute Jobs inside an unprivileged container Todo ➢ Create a custom site for security testing - 2015 ➢ Modify Alien/JAlien to fully execute Jobs in containers - 2015 ➢ Research on Machine Learning for IDS – 2015/2016 ➢ Develop a complete prototype - 2016 Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 13 Slide 13

  14. Challenges ➢ Security vs performance ➢ What if we consider private data ➢ What if we consider external attacks ➢ How to analyze the huge amount of trace/logs data generated in a efficient way ➢ How to share information between several components of the Grid ➢ Reduce the amount of false positives and negatives Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 14 Slide 14

  15. Summary ➢ Job execution environment in the Grid has to be hardened ➢ Containers provide security by isolation among the Grid components and the underline machine ➢ We have to detect intrusions coming from Jobs ➢ Even if a new attack method is used Andrés Gómez – Frankfurt University , IRI – Andrés Gómez – Frankfurt University , IRI – CHEP 2015, Okinawa Japan CHEP 2015, Okinawa Japan Slide 15 Slide 15

  16. Thank you! Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs.

Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs.

CS 166: Information Security Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs. Detection Most systems we've discussed focus on keeping the bad guys out. Intrusion prevention is a traditional

479 views • 34 slides
Intrusion Detection for Grid and Cloud Computing (Slides) Article January 2010 CITATION READS

Intrusion Detection for Grid and Cloud Computing (Slides) Article January 2010 CITATION READS

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/256497819 Intrusion Detection for Grid and Cloud Computing (Slides) Article January 2010 CITATION READS 1 14,336 4 authors ,

286 views • 17 slides
Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr.

Intrusion Detection and Prevention System (IPS) Technology, Applications, and Trend Dr. Nen-Fu (Fred) Huang Professor, Department of Computer Science, National Tsing Hua University, Taiwan President, Broadweb Corp, Taiwan E-mail:

846 views • 41 slides
Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen

Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen

Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS). LSNCS components such as controllers,

650 views • 18 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik

Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik

Moving Target Defense for the Placement of Intrusion Detection Systems in the Cloud Sailik Sengupta, Ankur Chowdhary, Subbarao Kambhampati Dijiang Huang SNAC Secure Networking and Yochan AI Lab Computing Lab Intrusion Detection Systems?

681 views • 38 slides
InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who

InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who

InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who am I? Samiux is an Information Security Enthusiast. - OSCE, OSCP, OSWP - Blogger - Linux user Hobbies : - Programming - Reading

261 views • 12 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
OrchIDS: on the value of rigor in intrusion detection Jean Goubault-Larrecq CPS, Grenoble, July

OrchIDS: on the value of rigor in intrusion detection Jean Goubault-Larrecq CPS, Grenoble, July

OrchIDS: on the value of rigor in intrusion detection Jean Goubault-Larrecq CPS, Grenoble, July 08 2014 vendredi 11 juillet 14 Outline 1.A few scary stories about computer security 2. ORCHIDS : an intrusion prevention system 3. Semantics and

1.93k views • 177 slides
Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in written report form, as a text, pdf, or Word document

504 views • 21 slides
Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy Chapter 13 Using Rules and Thresholds for

297 views • 7 slides
Compact Memory and the Frankfurt Digital Judaica Collection Dr. Rachel Heuberger, Judaica

Compact Memory and the Frankfurt Digital Judaica Collection Dr. Rachel Heuberger, Judaica

Cultural Heritage Reconstructed Compact Memory and the Frankfurt Digital Judaica Collection Dr. Rachel Heuberger, Judaica Divison, University Library Frankfurt am Main Compact Memory Internet Portal of German Jewish Periodicals Starting

466 views • 25 slides
Structural Rewriting in the -Calculus David Sabel Goethe-University, Frankfurt, Germany

Structural Rewriting in the -Calculus David Sabel Goethe-University, Frankfurt, Germany

Structural Rewriting in the -Calculus David Sabel Goethe-University, Frankfurt, Germany WPTE14, Vienna, Austria 1 Introduction the -calculus (R. Milner, J. Parrow & D. Walker, 1992) is a core language for mobile concurrent

596 views • 36 slides
Fr Frangipani: A Scalable Distributed Fi File System

Fr Frangipani: A Scalable Distributed Fi File System

Fr Frangipani: A Scalable Distributed Fi File System Chandramohan A. Thekkath Timothy Mann Edward K. Lee Digital Equipment Corpora=on Goal To achieve

144 views • 10 slides
Assessment of Frailty Criteria For Invasive Procedures in 2016 Open Surgical Intervention,

Assessment of Frailty Criteria For Invasive Procedures in 2016 Open Surgical Intervention,

Assessment of Frailty Criteria For Invasive Procedures in 2016 Open Surgical Intervention, Transcatheter Interventions or Conservative Care? James L Velianou MD, FRCPC Interventional Cardiology Hamilton Health Sciences Associate Professor

524 views • 34 slides
Inflectional periphrasis as collocation Olivier Bonami 1 Gert Webelhuth 2 1 Universit Paris

Inflectional periphrasis as collocation Olivier Bonami 1 Gert Webelhuth 2 1 Universit Paris

Inflectional periphrasis as collocation Olivier Bonami 1 Gert Webelhuth 2 1 Universit Paris Sorbonne & Institut Universitaire de France & Laboratoire de Linguistique Formelle 2 Goethe Universitt Frankfurt HPSG Workshop Frankfurt, May

734 views • 38 slides
Demystifying MySQL Replication Crash Safety Presented at Percona Live Europe 2018 in Frankfurt by

Demystifying MySQL Replication Crash Safety Presented at Percona Live Europe 2018 in Frankfurt by

Demystifying MySQL Replication Crash Safety Presented at Percona Live Europe 2018 in Frankfurt by Jean-Franois Gagn Senior Infrastructure Engineer / System and MySQL Expert jeanfrancois AT messagebird DOT com Introducing MessageBird 225+

658 views • 38 slides
Auto in Agda joint work with Pepijn Kokke APLS Frankfurt, December 2015 Per Martin-Lf The

Auto in Agda joint work with Pepijn Kokke APLS Frankfurt, December 2015 Per Martin-Lf The

Auto in Agda joint work with Pepijn Kokke APLS Frankfurt, December 2015 Per Martin-Lf The intuitionistic type theory,, may equally well be viewed as a programming language. Constructive Mathematics and Computer Programming

524 views • 39 slides
RESTFUL APIS IN GO Frankfurter Entwicklertag 2018 Ralf Wirdemann Navigate : Space / Arrow

RESTFUL APIS IN GO Frankfurter Entwicklertag 2018 Ralf Wirdemann Navigate : Space / Arrow

RESTFUL APIS IN GO Frankfurter Entwicklertag 2018 Ralf Wirdemann Navigate : Space / Arrow Keys | M - Menu | - Fullscreen | - Overview | - Blackout | - Speaker | - Help F O B S ? 1 / 17 2 / 17 [ GitPitch @

300 views • 17 slides

More recommend