systems security why is measurement important
play

Systems Security: Why is Measurement Important? Patrick Traynor - PowerPoint PPT Presentation

Jul 24, 2023 •428 likes •980 views

  1. �������฀฀���฀฀�������� ��������������฀�������� � � �������฀���฀��������฀��������฀������ ����������฀��฀��������฀�������฀���฀����������� ������������฀�����฀�����������฀����������฀����฀฀�� Systems Security: Why is Measurement Important? Patrick Traynor CSE 544 - Advanced Systems Security 1/23/07 CSE 545 - Professor Patrick McDaniel Page 1

  2. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  3. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  4. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  5. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  6. Scotland vs Security CSE 544 - Professor Patrick McDaniel Page 2

  7. The Importance of Measurement • Measurement is a critical step in the science of systems security. • It helps us understand the true nature of a system - how it looks, feels and operates. ‣ While mathematical modeling is important, our models typically fail to describe subtle interactions between components. • Measurement is about the difference between how a bowling ball and a feather fall from a great height in a lab and in the real world... CSE 544 - Professor Patrick McDaniel Page 3

  8. Engineering vs Science • What is the difference between engineering and science? • Why then is measurement a science and not simply part of engineering? • Measurement is at the very core of what we as systems people do! ‣ If you have not done a performance analysis, you should consider one as part of your semester project... CSE 544 - Professor Patrick McDaniel Page 4

  9. Restoring State • Traffic channels (TCH) ‣ used to deliver voice traffic to cell phones (yak yak ...) • Control Channel (CCH) ‣ used for signaling between base station and phones ‣ used to deliver SMS messages CCH • not originally designed for SMS TCH Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  10. The Vulnerability • Once you fill the SDCCH channels with SMS traffic, call setup is blocked Voice X SMS SMS SMS SMS SMS SMS SMS SMS • The goal of an adversary is therefore to fill SDCCHs with SMS traffic. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  11. Modeling • To better understand these attacks and countermeasures, we use two techniques: queueing and simulation. • We implemented protocols/channels as specified in 3GPP documents. • We use parameters from publicly available documents: 3GPP , FCC, NCS. Call Completion Service Queue and Module SMS Delivery Voice Message Service Queue SMS RACH SDCCH TCH Generation Manager Attack SMS Reporting Module Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  12. Why Simulation? • Why are the calculations in the first paper not enough to characterize this attack? • Why is simulation the right tool for this job? • How can we be sure that the results we get are meaningful? • What other techniques could you use in your class projects? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  13. Attack Profile 1 1.2 Uniform (SDCCH) SDCCH Utilization Poisson (SDCCH) TCH Utilization Burst 12 (SDCCH) Average Percent Blocking During Attack 1 0.8 0.8 0.6 Utilization 0.6 0.4 0.4 0.2 0.2 0 0 3 4 5 6 7 8 9 0 500 1000 1500 2000 2500 3000 3500 4000 Time (seconds) SMS Attack Messages per Second • Examined call blocking under uniform, Poisson and bursty arrival patterns. • Because of variability in the network, we use the Poisson model for our remaining experiments. • Using 495 msgs/sec, a blocking probability of 71% is possible with the bandwidth of a cable modem. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  14. Current Countermeasures • SPAM filtering, Source IP-address filtering and Rate limitation are edge solutions . • There are many portals to these networks - email, IM, bulk senders, infected/compromised mobile devices, other provider networks, etc. • Given that the solutions offer no protection once messages are inside the system, we look to other methods to defend against attacks. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

  15. Queue Management • Simply adding a queue in front of the SDCCHs is not a sufficient means of preventing this attack. • We look to queue management techniques that have been successful in data networks. • We segment traffic into voice and SMS streams, and attempt to deliver the maximum amount of legitimate traffic possible. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

  16. Weighted Fair Queueing • Traffic can be classified, split into separate queues and serviced at equal rates. • Packets belonging to misbehaving flows are therefore unable to affect other traffic. • To ensure that voice calls are not crowded out by targeted SMS attacks, we give 2:1 priority to calls over text messages. Finished 2 Finished 4 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

  17. WFQ - Overview SMS Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  18. WFQ - Overview SMS 4 4 2 2 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  19. WFQ - Overview SMS 4 4 2 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  20. WFQ - Overview SMS 4 4 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  21. WFQ - Overview SMS 4 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  22. WFQ - Overview SMS 4 2 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  23. WFQ - Overview SMS 4 Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  24. WFQ - Overview SMS Voice Finished 4 Finished 2 Finished 2 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  25. WFQ - Results 1 1 SDCCH Service Queue (SMS) TCH Service Queue (Voice) Service Queue TCH (Voice) 0.8 0.8 Percent of Attempts Blocked 0.6 0.6 Utilization 0.4 0.4 0.2 0.2 0 0 0 500 1000 1500 2000 2500 3000 3500 4000 0 500 1000 1500 2000 2500 3000 3500 4000 Time (seconds) Time (seconds) • Under WFQ, voice calls never block. • 72% of all SMS messages are blocked. • We throw out huge numbers of both legitimate AND malicious packets. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

  26. Random Early Detection • RED has traditionally been used to maintain TCP window size, but it also helps prevent queue lockout. • We again separate traffic into voice and SMS, but further subdivide SMS into high, medium and low origin priorities. ρ N Q = P Q 1 − ρ P Q = p 0 ( m ρ ) m • Based on these priorities, we m !(1 − ρ ) evict newly arriving # − 1 " m − 1 ( m ρ ) n ( m ρ ) m packets based on X p 0 = + n ! m !(1 − ρ ) n =0 queue status. ρ target = ρ actual (1 − P drop ) P drop = P drop,high · λ high + P drop,med · λ med + P drop,low · λ low λ SMS Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

  27. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  28. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  29. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  30. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  31. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  32. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  33. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  34. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  35. WRED - Overview High Med Low Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  36. WRED - Results 1 Service Queue (SMS - Priority 1) Service Queue (SMS - Priority 2) Service Queue (SMS - Priority 3) 0.8 Percent of Attempts Blocked 0.6 0.4 0.2 0 0 500 1000 1500 2000 2500 3000 3500 4000 Time (seconds) • Messages of high and medium-priority experience no blocking, but increased delay. • An average of 77% of low-priority messages are blocked. • This is a nice solution, assuming meaningful partitioning of flows. Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Measurement There are two main systems of measurement: - The English system

Measurement There are two main systems of measurement: - The English system

4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. Measurement There are two main systems of measurement: - The

438 views • 4 slides
HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet

HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet

HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ann Cox, PhD. Program Manager Cyber Security Division Homeland Security Advanced Research

545 views • 21 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois

Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois

CS 563 - Advanced Computer Security: Security Measurement Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Discuss two recent studies that use measurement methods

925 views • 54 slides
Operating System Security It is also important to understand the operations and the

Operating System Security It is also important to understand the operations and the

Security risks exist for all operating systems and are not new. It is important to know the existing threats. Operating System Security It is also important to understand the operations and the vulnerabilities of your OS. Try to

214 views • 8 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number

Measurement 4 - 1 Introduction Measurement is finding a number that shows the size or amount of something. Measurement is done using measuring tools. There are two main systems of measurement: - The

308 views • 8 slides
Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not

Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not

Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not a characteristic. It s is also an growing problem that requires an continually evolving solution. A good measure of secure application is it

782 views • 74 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c Chanwoo Bae, Won-Seok Hwang National Security Research Institute (NSRI) Motivation Cyber-Physical Systems = Industrial Control Systems

507 views • 9 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Tube & Wire Inspection Systems July 2017 Tube & Wire Measurement Products Hexagon MI

Tube & Wire Inspection Systems July 2017 Tube & Wire Measurement Products Hexagon MI

Tube & Wire Inspection Systems July 2017 Tube & Wire Measurement Products Hexagon MI offers two types of high-accuracy measurement systems for tube applications. The measurement systems are operated with a dedicated software

523 views • 9 slides
FTBF Future Plans Mandy Rominsky FTBF Annual Review 09 November 2015 Overview

FTBF Future Plans Mandy Rominsky FTBF Annual Review 09 November 2015 Overview

FTBF Future Plans Mandy Rominsky FTBF Annual Review 09 November 2015 Overview This talk will cover some ideas of what well focus on in the next 2-5 years. Each topic will list the goal of project, whats

378 views • 8 slides
Finding the Old T estament in the Gospel of John JESUS The Prologue of J ohn Jn. 1:1-18

Finding the Old T estament in the Gospel of John JESUS The Prologue of J ohn Jn. 1:1-18

Finding the Old T estament in the Gospel of John JESUS The Prologue of J ohn Jn. 1:1-18 Now Jesus did many other signs in the presence of the disciples, which are not written in this book; but these are written so that you may believe

842 views • 62 slides
Building Robots That Can See Scott Garman Intel Open Source Technology Center

Building Robots That Can See Scott Garman Intel Open Source Technology Center

Building Robots That Can See Scott Garman Intel Open Source Technology Center scott.a.garman@intel.com ELC Europe Edinburgh 25 Oct 2013 Who Am I? Software Engineer on the Yocto Project Technical Evangelist for MinnowBoard and

618 views • 22 slides
Building and testjng an automotjve platgorm - how Automotjve Grade Linux is built and tested

Building and testjng an automotjve platgorm - how Automotjve Grade Linux is built and tested

Building and testjng an automotjve platgorm - how Automotjve Grade Linux is built and tested Embedded Linux Conference Europe 2016 Jan-Simon Mller Release Manager, AGL , The Linux Foundatjon ( jsmoeller@linuxfoundatjon.org, DL9PF @IRC and

688 views • 33 slides
Understanding the Middle Valley Apportionment Under the Rio Grande Compact and Associated

Understanding the Middle Valley Apportionment Under the Rio Grande Compact and Associated

INTERSTATE INTERSTATE STREAM STREAM COMMISSION COMMISSION Understanding the Middle Valley Apportionment Under the Rio Grande Compact and Associated Challenges Kevin Flanigan New Mexico Interstate Stream Commission April 26, 2006 The

359 views • 18 slides
US ST AR WARS MI SSI L E DE F E NSE SYST E M Jim No lto n 14 Se pt 2017 NOT E

US ST AR WARS MI SSI L E DE F E NSE SYST E M Jim No lto n 14 Se pt 2017 NOT E

US ST AR WARS MI SSI L E DE F E NSE SYST E M Jim No lto n 14 Se pt 2017 NOT E : T HI S PRE SE NT AT I ON I S UNCL ASSI F I E D UNCL ASSI F I E D ST AR WARS Do yo u re me mb e r the re fe re nc e to

347 views • 16 slides
Bayesian networks Lecture 18 David Sontag New York University Outline for today Modeling

Bayesian networks Lecture 18 David Sontag New York University Outline for today Modeling

Bayesian networks Lecture 18 David Sontag New York University Outline for today Modeling sequen&al data (e.g., =me series, speech processing) using hidden Markov models (HMMs) Bayesian networks Independence proper=es

840 views • 24 slides
Knowledge Representation (II) Paolo Turrini Department of Computing, Imperial College London

Knowledge Representation (II) Paolo Turrini Department of Computing, Imperial College London

Intro to AI Knowledge Representation (II) Paolo Turrini Department of Computing, Imperial College London Introduction to Artificial Intelligence Paolo Turrini Intro to AI Intro to AI The main reference Stuart Russell and Peter Norvig

1.62k views • 109 slides

More recommend