Panel on Intrusion Tolerance RAID 2001 UC Davis October 11, - - PowerPoint PPT Presentation

panel on intrusion tolerance
SMART_READER_LITE
LIVE PREVIEW

Panel on Intrusion Tolerance RAID 2001 UC Davis October 11, - - PowerPoint PPT Presentation

Jan 11, 2024 271 likes •474 views

Panel on Intrusion Tolerance RAID 2001 UC Davis October 11, 2001 Participants Crispin Cowan, WireX Communications Andreas Wespi, IBM Zurich Research Lab. Al Valdes, SRI International Dan Schnackenberg, Boeing Phantom Works

slide-1
SLIDE 1

Panel on Intrusion Tolerance

RAID 2001 UC Davis October 11, 2001

slide-2
SLIDE 2

Participants

Crispin Cowan, WireX Communications Andreas Wespi, IBM Zurich Research Lab. Al Valdes, SRI International Dan Schnackenberg, Boeing Phantom Works Moderator: Yves Deswarte

slide-3
SLIDE 3

On Dependability, Intrusion Tolerance, and the MAFTIA project

Yves Deswarte LAAS-CNRS Toulouse, France deswarte@laas.fr David Powell

slide-4
SLIDE 4

Dependability

Trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers

J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.

slide-5
SLIDE 5

Fault, Error & Failure

Error Error

Failure Failure

adjudged or hypothesized cause of an error that part of system state which may lead to a failure

Fault

  • ccurs when delivered service deviates from

implementing the system function

H/W fault Bug Attack Intrusion

slide-6
SLIDE 6

Internal, dormant fault

Example: Single Event Latchup

SELs (reversible stuck-at faults) may occur because of radiation (e.g., cosmic ray, high energy ions) Satellite on-board computer

Internal, active fault

SEL

Internal, externally-induced fault

Vulnerability Cosmic Ray

External fault

Lack of shielding

slide-7
SLIDE 7

Internal, dormant fault

Intrusions

Intrusions result from (at least partially) successful attacks: Computing System

Internal, active fault

Intrusion

Internal, externally-induced fault

Attack

External fault

Vulnerability

account with default password

slide-8
SLIDE 8

Fault Tolerance

Error Error

Failure Failure

Fault

Fault Treatment

Diagnosis Isolation Reconfiguration

Fault Treatment Fault Treatment

Diagnosis Diagnosis Isolation Isolation Reconfiguration Reconfiguration

Error Processing Error Processing

Detection Detection Damage assessment Damage assessment Recovery Recovery

slide-9
SLIDE 9

Error Detection (1)

Likelihood checking

  • by hardware:

inexistent or forbidden address, instruction, command… watchdogs error detection code (e.g., parity)

  • by software (OS or application) =

verify properties on:

values (absolute, relative, intervals) formats and types events (instants, delays, sequences)

  • Signatures (error detection code)
slide-10
SLIDE 10

Error Detection (2)

Comparison between replicates

  • Assumption: a unique fault generates different

errors on different replicates

internal hardware fault: identical copies external hardware fault: similar copies design fault / interaction fault: diversified copies

  • On-line model checking
slide-11
SLIDE 11

Backward recovery Forward recovery Compensation-based recovery (fault masking) 4 5 6 7 1 2 3 3 12 13 11 1 2 3 1 2 3 1 2 3 4 5 6 7 4 5 6 7

Error Recovery

slide-12
SLIDE 12

Error Processing (wrt intrusions)

Error detection

  • + Backward recovery (availability, integrity)
  • + Forward recovery (availability, confidentiality)

Intrusion masking

  • Fragmentation (confidentiality)
  • Redundancy (availability, integrity)
  • Scattering
slide-13
SLIDE 13

Intrusion Masking

Intrusion into a part of the system should give access only to non-significant information

FRS: Fragmentation-Redundancy-Scattering

Fragmentation: split the data into fragments so that isolated fragments contain no significant information: confidentiality Redundancy: add redundancy so that fragment modification or destruction would not impede legitimate access: integrity + availability Scattering: isolate individual fragments

slide-14
SLIDE 14

Fault Tolerance

Error Error

Failure Failure

Fault

Fault Treatment

Diagnosis Isolation Reconfiguration

Fault Treatment Fault Treatment

Diagnosis Diagnosis Isolation Isolation Reconfiguration Reconfiguration

Error Processing Error Processing

Detection Detection Damage assessment Damage assessment Recovery Recovery

slide-15
SLIDE 15

Fault Treatment (wrt intrusions)

Diagnosis

  • Non-malicious or malicious (intrusion)
  • Attack (to allow retaliation)
  • Vulnerability (to allow removal = maintenance)

Isolation

  • Intrusion (to prevent further penetration)
  • Vulnerability (to prevent further intrusion)

Reconfiguration

  • Contingency plan to degrade/restore service
  • inc. attack retaliation, vulnerability removal
slide-16
SLIDE 16

MAFTIA

Malicious- and Accidental-Fault Tolerance for Internet Applications IST Dependability Initiative Cross Program Action 2

Dependability in services and technologies

University of Newcastle (UK)

Brian Randell, Robert Stroud

University of Lisbon (P)

Paulo Verissimo

DSTL, Malvern (UK)

Tom McCutcheon, Colin O’Halloran

University of Saarland (D)

Birgit Pfitzmann

LAAS-CNRS, Toulouse (F)

Yves Deswarte, David Powell

IBM Research, Zurich (CH)

Marc Dacier, Michael Waidner

  • c. 55 man-years, EU funding c. 2.5M€
  • Jan. 2000 -> Dec. 2002
slide-17
SLIDE 17

Objectives

Architectural framework and conceptual model (WP1) Mechanisms and protocols:

  • dependable middleware (WP2)
  • large scale intrusion detection systems (WP3)
  • dependable trusted third parties (WP4)
  • distributed authorization mechanisms (WP5)

Validation and assessment (WP6)

slide-18
SLIDE 18

FTI

http://www.research.ec.org/maftia/

slide-19
SLIDE 19

References

  • Avizienis, A., Laprie, J.-C., Randell, B. (2001). Fundamental Concepts of Dependability, LAAS Report

N°01145, April 2001, 19 p.

  • Deswarte, Y., Blain, L. and Fabre, J.-C. (1991). Intrusion Tolerance in Distributed Systems, in IEEE
  • Symp. on Research in Security and Privacy, Oakland, CA, USA, pp.110-121.
  • Dobson, J. E. and Randell, B. (1986). Building Reliable Secure Systems out of Unreliable Insecure

Components, in IEEE Symp. on Security and Privacy, Oakland, CA, USA, pp.187-193.

  • Laprie, J.-C. (1985). Dependable Computing and Fault Tolerance: Concepts and Terminology, in 15th
  • Int. Symp. on Fault Tolerant Computing (FTCS-15), Ann Arbor, MI, USA, IEEE, pp.2-11.
  • J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminology in English, French, German, Italian

and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.

  • D. Powell, A. Adelsbasch, C. Cachin, S. Creese, M. Dacier, Y. Deswarte, T. McCutcheon, N. Neves, B.

Pfitzmann, B. Randell, R. Stroud, P. Veríssimo, M. Waidner. MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications), Sup. of the 2001 International Conference on Dependable Systems and Networks (DSN2001), Göteborg (Suède), 1-4 juillet 2001, IEEE, pp. D-32-D-35.