Intrusion Tolerant IDS James Riordan Marc Dacier Dominique - - PowerPoint PPT Presentation

▶

Mar 13, 2023 217 likes •366 views

Intrusion Tolerant IDS James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM Forschungslaboratorium R uschlikon, Switzerland 19 June 2001 1 MAFTIA A European project whose aim is to develop: Malicious- and Accidental-

SLIDE 1

Intrusion Tolerant IDS

James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM Forschungslaboratorium R¨ uschlikon, Switzerland 19 June 2001

SLIDE 2

MAFTIA

A European project whose aim is to develop: Malicious- and Accidental- Fault Tolerance for Internet Applications In short: apply and develop dependability methods with respect to a malicious fault model.

SLIDE 3

Maftia Details

Maftia is a three year project with partners:

University of Newcastle (UK)
Universidade de Lisboa (P)
DERA, Malvern (UK)
Saarland University (D)
LAAS-CNRS, Toulouse (F)
IBM, Zurich (CH)

SLIDE 4

What is Intrusion Detection?

Intrusion Detection concerns the set of practices and mechanisms used towards detecting security errors and failures and diagnosing intrusions and attacks. That is to say that ID is error detection and fault diagnosis with respect to a malicious fault model.

SLIDE 5

IDS and MAFTIA

Three addressed views of IDS and MAFTIA:

How does the Intrusion Detection System help provide

dependability for the entire system? √

How does one build a dependable Intrusion Detection

System?

Do the other dependable components help for the In-

trusion Detection System? ×

SLIDE 6

Fault Injection

Target Coarse scale attacks Accidental misconfiguration Fault Injection against Sensor Engine Attack IDS Analysis Indications

SLIDE 7

Redundant Monitoring

B−Sensor Target A−Sensor A−Sensor Activity Analysis

SLIDE 8

Differential Observation

Compare snap shots Of networks and machines

NSA
nmap
Tripwire

SLIDE 9

Integration with Security Scanners

Integrate IDS with security scanner towards

Reduction of false positives
Greater context for true positives
Fault injection √
Differential observation √

SLIDE 10

Channels

Sender Receiver Sender Receiver Sender Receiver Sender Receiver Filter

SLIDE 11

Channels

May be subject to event:

Deletion
Insertion
Alteration

We need integrity, authenticity, QoS, and liveness.

SLIDE 12

Channels

So we can add to an event stream {Ei}:

Hash chaining

Ci = H(Ci−1, Ei)

Authentication codes

Ci = H(S, Ci−1, Ei)

Heart beat

do {sleep 60; log "beep";}

SLIDE 13

Intrusion Tolerant IDS James Riordan Marc Dacier Dominique - - PowerPoint PPT Presentation

Intrusion Tolerant IDS

James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM Forschungslaboratorium R¨ uschlikon, Switzerland 19 June 2001

MAFTIA

A European project whose aim is to develop: Malicious- and Accidental- Fault Tolerance for Internet Applications In short: apply and develop dependability methods with respect to a malicious fault model.

Maftia Details

Maftia is a three year project with partners:

What is Intrusion Detection?

Intrusion Detection concerns the set of practices and mechanisms used towards detecting security errors and failures and diagnosing intrusions and attacks. That is to say that ID is error detection and fault diagnosis with respect to a malicious fault model.

IDS and MAFTIA

Three addressed views of IDS and MAFTIA:

dependability for the entire system? √

System?

trusion Detection System? ×

Fault Injection

Target Coarse scale attacks Accidental misconfiguration Fault Injection against Sensor Engine Attack IDS Analysis Indications

Redundant Monitoring

B−Sensor Target A−Sensor A−Sensor Activity Analysis

Differential Observation

Compare snap shots Of networks and machines

Integration with Security Scanners

Integrate IDS with security scanner towards

Channels

Sender Receiver Sender Receiver Sender Receiver Sender Receiver Filter

Channels

May be subject to event:

We need integrity, authenticity, QoS, and liveness.

Channels

So we can add to an event stream {Ei}:

Ci = H(Ci−1, Ei)

Ci = H(S, Ci−1, Ei)

do {sleep 60; log "beep";}

Conclusion

Dependability methods provide valuable insights into effective Intrusion Detection