Architecture-Based Self-Protecting Software Systems Adnan Alawneh CS 788

Similar documents
Architecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service Mitigations

Self-Healing Systems

Self-Adaptive Systems

Stitch ing (Architecture-based Self-Adaptation in the Presence of Multiple Objectives)

A Survey of Self-Protecting Computing Systems

Using Architectural Models at Runtime: Research Challenges

Web Security Vulnerabilities: Challenges and Solutions

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT

This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Symantec Security Monitoring Services

Cyber Moving Targets. Yashar Dehkan Asl

CS 356 Operating System Security. Fall 2013

McAfee IntruShield Network IPS Sensor Pioneering and Industry-Leading, Next-Generation Network Intrusion Prevention Solution

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

Securing Your Microsoft Azure Virtual Networks

Web Security. Outline

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Cyber Security Audit & Roadmap Business Process and

In this unit we are going to review a set of computer protection measures also known as countermeasures.

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Securing Your Amazon Web Services Virtual Networks

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Security

Automated, Real-Time Risk Analysis & Remediation

COMPUTER NETWORK SECURITY

Real-time Monitoring, Inventory and Change Tracking for. Track. Report. RESOLVE!

PALANTIR CYBERMESH INTRODUCTION

EFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)

BIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Game Theoretic Solutions to Cyber Attack and Network Defense Problems

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Self-Sizing of Clustered Databases

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Net-Centric Systems Design and Requirements Development in today s environment of Cyber warfare

Beyond Firewalls: The Future Of Network Security

Intelligent and Secure Network

DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN

Study on Computer Network Technology of Digital Library

Kaspersky Security Network

KPI Dictionary ABRIDGED SAMPLE. A KPI Reference Guide for Use in Performance Management. Information Technology (IT)

Securing IoT-based Cyber-Physical Human Systems against Collaborative Attacks

ARCHITECTURE-BASED SELF-PROTECTING SOFTWARE SYSTEMS

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Managed Endpoint Defense

Symantec Ransomware Protection

RSA NetWitness Suite Respond in Minutes, Not Months

CYBER RESILIENCE & INCIDENT RESPONSE

ISAO SO Product Outline

Incident Response Services

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Trust4All: a Trustworthy Middleware Platform for Component Software

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

White Paper. Major Performance Tuning Considerations for Weblogic Server

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Relating Software Coupling Attribute and Security Vulnerability Attribute

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

CIH

McAfee epolicy Orchestrator

Software-based systems today increasingly. Rainbow: Architecture- Based Self-Adaptation with Reusable Infrastructure COVER FEATURE

An Introduction to the Waratek Application Security Platform

Enterprise D/DoS Mitigation Solution offering

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Approaching Security from an "Architecture First" Perspective

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Dynamic Risk Management for Cyber Defence

Context-aware Automotive Intrusion Detection

Oracle WebLogic Server 12c on AWS. December 2018

Advanced Techniques for DDoS Mitigation and Web Application Defense

Building a Reactive Immune System for Software Services

IBM Security Network Protection Solutions

Office 365 Buyers Guide: Best Practices for Securing Office 365

Protect Your Organization from Cyber Attacks

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Using Threat Modeling To Find Design Flaws

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

When dynamic VM migration falls under the control of VM user

CyberArk Privileged Threat Analytics

A (sample) computerized system for publishing the daily currency exchange rates

A Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network

<Insert Picture Here> Managing Oracle Exadata Database Machine with Oracle Enterprise Manager 11g

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

External Supplier Control Obligations. Cyber Security

A fault tolerance honeypots network for securing E-government

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

Firewalls (IDS and IPS) MIS 5214 Week 6

IT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

Transcription:

Architecture-Based Self-Protecting Software Systems Adnan Alawneh CS 788

Outline Introduction - What is the problem? - What is the solution? - Motivating Example - How ABSP addresses these challenges? Architecture Patterns For Self-Protection - Protective Wrapper Pattern - Rejuvenation Pattern - Agreement-based Redundancy Rainbow Framework Overview - Tactics in Rainbow - Strategies in Rainbow - Choosing Strategies in Rainbow Conclusion Future Work References 2

Introduction What is the problem? Environment is dynamic and constantly changing and the system has to handle unforeseen situations in terms of work loads, resources, etc. This is absolutely true in the area of security as well where new vulnerabilities are often discovered and attackers are constantly developing new exploits and threats. Traditional approaches such as code reviews, using white list input validation, and tools to detect intrusion detection and SQL injection, etc. are great but they are statically built or hardwired, into the system. Those solutions cannot cope with these dynamically evolved challenges. Most current approaches are perimeter-based and they are limited, in the sense: They focus on a particular line of defense such as network, host, middleware, or application level. They focus on a specific category of threat or a specific mitigation technique such as intrusion detection, DoS, etc. These approaches are essential but they provide point solutions that lack the overall picture and they do not consider other business properties such as performance, cost, availability, etc. 3

What is the solution? How it addresses those challenges? Architecture-Based Self Protecting Software System (ABSP) where a system may dynamically re-architect itself using repeatable patterns as requirements and environments change. Example: Znn is a web-based client-server system It has a load balancer with a pool of replicated web servers and a database server Znn separates the meta-level subsystem from the base-level subsystem Meta component called ARchitecture Manager (ARM) ARM implements MAPE-K loop to monitor the components and connectors in the system and adapt them according to the self-protection goals 4

What is the solution? How it addresses those challenges? How ABSP addresses these challenges? Separation of concerns separates the application logic of the system from the self-protecting mechanisms which allows those mechanisms to evolve independently. Defense in depth instead of relying on perimeter security and focusing on a particular line of defense, it provides basis to deal with threats at different levels. Impact Analysis provides a basis for reasoning about security properties and their impact on other business properties such as performance, cost, availability, etc. 5

Architecture Patterns For Self-Protection Protective Wrapper Pattern Rejuvenation Pattern This technique is used before in SITAR[1] system where it detects and reacts to intrusions. If the ARM senses that the system is under attack, for example a sensor detected a buffer overflow event from the system log of the web server or too many requests from the same IP address or requests are taking longer that expected, then the ARM can place an Application Guard in front of the load balancer where any incoming request or outgoing response is intercepted. The ARM can instruct the Application Guard to cut off requests from a suspicious users or adjust their trustworthiness. Or the ARM can instruct the Application Guard to enforce policies on certain events. This technique is used before in TALNET[2] system where it proactively revive the system to a good state. It uses cyber moving target approach by migrating the system across different platform. The ARM can utilize a pool of idle and active servers where it can issue a rejuvenation commands periodically. It can as well utilize properties like threat level to adjust the rejuvenation interval if it senses that the attack level has increased. The ARM can be more sophisticated where it alternates between two web server implementations such as Microsoft IIS and Apache. The ARM can exploit past knowledge, for example restart a more powerful server based on recent work loads. 1 Wang et al. 2003 2 Okhravi et al. 2010, 2012 6

Architecture Patterns For Self-Protection Agreement-based Redundancy This technique is a middleware level defense that configures a cluster of redundant application servers under a Byzantine agreement protocol [3]. The ARM maintains a number of identical active database servers. A DB Guard connector is placed between the web servers and the databases. The ARM will inform the DB Guard of the number of replicas and the quorum thresholds that can be used to check the requests against. DB Guard will execute all database requests on the primary database node and it will execute an algorithm to detect malicious requests such as checking predefined properties like the number of news articles. Once a malicious request is detect, the DB Guard will inform the ARM that will in turn take countermeasures such as nullifying the attacker session or disable his account. 3 Castro and Liskov [2002] 7

Rainbow Framework Overview Rainbow framework can be utilized as the ARchitectural Manger (ARM). Rainbow uses architectural models of a software system as the basis for reasoning about whether the system is operating within an acceptable criteria. Otherwise, Rainbow chooses appropriate adaptation strategies to return the system to normality. Rainbow has different customization points. Types and Properties such as the request rates of clients and the probability that a client is engaging a DoS for example Rules/Constraints Check the correctness of the model. If it is not within the acceptable criteria then the mitigation strategy is applied Tactics and Strategies Operators such as AddService or RemoveService operators Mappings When attack is detected, rainbow aggregates this data into actionable information within gauges. It then uses this information to update the architectural model via effectors 8

Tactics in Rainbow Different tactics exists to thwart different attacks. For example The table shows the tactics that can be used to change the system configuration if a system is under DoS attack, either absorb the attack or suppress it. Tactics in Rainbow are expressed through the Stitch adaptation language. Line2 a condition that says the tactic is chosen if any load balancer does not have Captcha enabled Line 4-6 an action that selects the set of load balancers with Captcha disabled and call an operation to enable it Line 9 says the tactic will proceed only if all load balancers will have Captcha enabled 9

Strategies in Rainbow Strategies Common patterns that combine different tactics. For example, in the case of DoS the conditions under which throttling is applicable overlap the condition under which blackholding applies. which tactic to choose first? What about uncertainty and timing? What is the effect on the system of choosing one over the other? Strategies in Rainbow are expressed through the Stitch adaptation language. 10

Choosing Strategies in Rainbow 1. Define the quality objective (Utility functions) Four quality objectives are defined in deciding how to mitigate DoS: Cost: organization is interested in minimizing the cost incurring from operating the infrastructure such as number of active servers Maliciousness : organization is interested in minimizing the cost that corresponds to resources exploited by malicious clients Response time : users are interested in experiencing service with minimum response time Annoyance : user s level of annoyance as a side effect of defensive mechanism such as completing a Captcha Business preferences for DoS scenarios - to allow reasoning about multiple concerns we assign a specific weight to each one of them 11

Choosing Strategies in Rainbow 2. What is the impact of a tactic on the quality of concern? - All tactics reduce response time. Some cause more reduction than others like enlistservers and blackholeattacker. - The tactics addcaptcha and blackholeattacker reduces the percentage of malicious clients, whereas enlistservers and lowerfidelity has no effect. - Cost is increased in case of enlistservers and addcaptcha since additional resources are needed to absorb extra traffic or to process a captcha. - User s level of annoyance is increased in case of addcaptcha and forcereauthenticate. It also increases as well in case of blackholeattacker and throttlesuspicious in the sense that there is a risk of misdetection of a malicious client. 12

Choosing Strategies in Rainbow 2. What is the impact of a strategy? How can Rainbow can choose the best among them. Example: Suppose the adaptation cycle is triggered in system state [1500 (R), 90 (M), 2 (C), 0 (A)] Rainbow will evaluate the three different strategies: Challenge, Eliminate and Outgun to choose the one that gives the best utility For Challenge 1- The adaptation manager in Rainbow uses Stochastic Model of strategy. The strategy tree results from the aggregate impacts of its children 2- Merge it with the current system condition to get the expected system condition after strategy execution 3- Map it to the utility space 4- apply the utility preferences Challenge score 0.6425, Eliminate score 0.6325 and Outgun score 0.553. Therefore Challenge will be selected. 13

Conclusion The papers utilizes architectural patterns and threat mitigation strategies for self-protecting purposes. The papers relate security concerns to other business properties which is a challenge where security concerns can conflict with other quality attributes such as response time. Software architecture provides a holistic view of the system and therefore it is the correct instrument to choose to evaluate tradeoffs automatically. The papers do not describe how to restore the system once the attack is over Future work There is a lack of good system security estimators in the literature. Most research do not separate self-protecting system from the base-system. Most research in the literature assume that the self-protecting system is safe. I start to explore ways to extend architecture-based self-protection by utilizing cyber moving target approach and residual resources in the cloud infrastructure to anticipate attacks on the self-protecting system and move it accordingly by using predictive and moving target techniques. 14

References E. Yuan, S. Malek, B. Schmerl, D. Garlan, and J. Gennari. Architecture-based self-protecting software systems. In Proceedings of the Ninth International ACM Sigsoft Conference on the Quality of Software Architectures (QoSA 2013), 17-21 June 2013. Bradley Schmerl, Javier Camara, Jeffrey Gennari, David Garlan, Paulo Casanova, Gabriel A. Moreno, Thomas J. Glazier, and Jeffrey M. Barnes. Architecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service Mitigations. In Symposium and Bootcamp on the Science of Security (HotSoS), Raleigh, USA, 8-9 April 2014. Bradley Schmerl, Javier Cámara, Gabriel A. Moreno, David Garlan and Andrew Mellinger. Architecture- Based Self-Adaptation for Moving Target Defense. Technical report, CMU-ISR-14-109, Institute for Software Research, Carnegie Mellon University, 2014. Shang-Wen Cheng and David Garlan. Stitch: A language for architecture-based self-adaptation. Journal of Systems and Software, Special Issue on State of the Art in Self-Adaptive Systems, 85(12), December 2012. Garlan, D., Cheng, S.-W., Huang, A.-C., Schmerl, B., and Steenkiste, P. 2004. Rainbow: Architecture-based self-adaptation with reusable infrastructure. Computer 37, 10, 46 54. Cheng, S.-W., Garlan, D., and Schmerl, B. 2006. Architecture-based self-adaptation in the presence of multiple objectives. In Proceedings of the International Workshop on Self-Adaptation and Self-Managing Systems. ACM, 2 8. 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback