Secure Active Network Environment (SANE) Trust, but Verify

Similar documents
Security in Active Networks: Problems, Approaches, Results and Challenges

A Secure PLAN (extended version)

Active Networks: A Tutorial

Security Issues in Active Networking

액티브네트워크보안및관리 채기준 이화여자대학교컴퓨터학과. KRnet

KeyNote: Trust Management for Public-Key. 180 Park Avenue. Florham Park, NJ USA.

Safety and Security of Programmable Network. infrastructure.

Survivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee*

Trusted Intermediaries

AIT 682: Network and Systems Security

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

SCALABLE VEHICULAR AD-HOC NETWORKS DISTRIBUTED SOFTWARE-DEFINED NETWORKING

CHAINING LAYERED INTEGRITY CHECKS. Computer and Information Science

Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Link Security Considerations in the. Enterprise

Towards Recoverable Hybrid Byzantine Consensus

Wireless LAN Security. Gabriel Clothier

Instructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Instructions 1 Elevation of Privilege Instructions

CONTENTS IN DETAIL INTRODUCTION

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Secure Quality of Service Handling: SQoSH

THOUGHTS ON TSN SECURITY

CIS 5373 Systems Security

IoT It s All About Security

Boundary control : Access Controls: An access control mechanism processes users request for resources in three steps: Identification:

What did we talk about last time? Public key cryptography A little number theory

Network Security - ISA 656 Routing Security

Advanced Systems Security: Principles

Feature Comparison Summary

Advanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96

Outline More Security Protocols CS 239 Computer Security February 6, 2006

Resilient IoT Security: The end of flat security models

Abstract. main advantage with cloud computing is that, the risk of infrastructure maintenance reduces a

Feature Comparison Summary

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Building firmware update: The devil is in the details

Secure Multi-Hop Infrastructure Access

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University

ES623 Networked Embedded Systems

Once all of the features of Intel Active Management Technology (Intel

Network Security - ISA 656 Routing Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Networking interview questions

Formal Methods for Assuring Security of Computer Networks

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Outline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Firmware Updates for Internet of Things Devices

Active Networks. IEEE Infocom 1999 Tutorial March 22nd, Jonathan Smith University of Pennsylvania

Wireless Network Security Spring 2015

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Protecting Keys/Secrets in Network Automation Solutions. Dhananjay Pavgi, Tech Mahindra Ltd Srinivasa Addepalli, Intel

Security Issues In Mobile IP

Securing IoT with the ARM mbed ecosystem

Network Encryption 3 4/20/17

Network Models. Behrouz A. Forouzan Data communication and Networking Fourth edition

Wireless Network Security Spring 2016

SSL/TLS. How to send your credit card number securely over the internet

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

Some Lessons Learned from Designing the Resource PKI

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Software Defined Networking

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

Mobile Platform Security Architectures A perspective on their evolution

HDDkey The KEY for your undisturbed sleep...

Defenses against Wormhole Attack

Uses of Cryptography


Configuring your Home Wireless Network

Security of Mobile Ad Hoc and Wireless Sensor Networks

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Outline More Security Protocols CS 239 Computer Security February 4, 2004

Hardware Acceleration for Cryptographic Functions

ARM Security Solutions and Numonyx Authenticated Flash

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Indicate whether the statement is true or false.

Configure Basic Firewall Settings on the RV34x Series Router

INFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2

Active Systems Management

Security+ SY0-501 Study Guide Table of Contents

Auth. Key Exchange. Dan Boneh

Who s Protecting Your Keys? August 2018

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Green Lights Forever: Analyzing the Security of Traffic Infrastructure

Operating Systems Design Exam 3 Review: Spring 2011

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Distributed Systems. Lecture 14: Security. 5 March,

ISA100.11a. Pengfei Ren.

Transcription:

Secure Active Network Environment (SANE) Trust, but Verify Old Russian Saying Scott Alexander Bill Arbaugh Angelos Keromytis Jonathan Smith University of Pennsylvania

Network Infrastructures Shared, so Virtualization Matters Need Timing, Privacy and Authentication Focus Must be on Protection of the Network Elements (What will be Programmed), in Spite of Improved Flexibility Node Security, then Network Security

Security is not Cryptography! Is your Message secure if it Doesn t Get There? (e.g., Denial of Service) Security is Adherence to a Security Policy Unfortunately, in Many Systems Policy is Informal, Defined in ad hoc Manner, and Focused only on Selected Attacks NB: Attacker may Differ on Selection...

Restricting Programs Node Safe Versus Network Safe All Programs Node Safe Programs Network Safe Programs

How Do We Control Programs? Safety & Security: P.L., O.S. or Hybrid? Programming Language Environment O.S. Kernel, e.g., Linux Device Driver Device Driver

A Language-Oriented Model Switchlet Language for Users (SL) Formal Semantics Restrict Programs (e.g., Packet Filters use regexps) Wire Language for Communicating (WL) Formal Semantics Across Boundaries Infrastructure Language for Virtual Machine (IL) Formal Semantics Supported on Metal: Run-time

Secure Active Network Environment (SANE) Again, Trust, but Verify! Network Level Node-Node Authentication PLAN Caml/O.S. Dynamic Integrity Checks (Maybe perpacket/switchlet?) Node Level Recovery AEGIS http://www.cis.upenn.edu/~waa http://www.cis.upenn.edu/~angelos Static Integrity Checks (Done Once)

Per-module/Per-packet Integrity Checking Active Bridging (Scott Alexander) Caml System Loaded modules.. Input NIC Linux Kernel Output NIC LAN #1 LAN #2 Frame Frame http://oilhead.cis.upenn.edu/~salex

REAL Security: Model to Actions and NOTHING ELSE! Syntax, Semantics, Node vs. Network Example: Securing a Network 1. System Model 2. Modules loaded into nodes Us Checker Them 3. Resulting in a robust Network

The Node Problem Every Computer System is Currently Invoked by an Untrusted Process- Even Secure Systems. This Leads to a False Sense of Security for the Users of those Systems.

Definition We Define the Guaranteed Secure Bootstrap of an Active Network Node in Two Parts. 1. No Code is Executed Unless Explicitly Trusted or its Integrity is Verified Prior to Use. 2. When an Integrity Failure Occurs, There Exists a Method to Recover a Suitable Replacement.

Approach Layer Crossing Protected by Public Key Crypto Extended Trust Level (n+1) Trust Base Case (n) Integrity and Trust Must be Grounded at the Lowest Possible Point. Chaining Layered Integrity Checks (CLIC) Extends Trust Beyond the Base Case.

AEGIS Architecture Trusted Repository Active Network Env. Level 4 Boot Block Level 3 Network Expansion BIOS ROMs 2 Level 2 BIOS 2 Level 1 Netcard BIOS 1 Level 0

Previous Work Previous research on the Secure Bootstrap Problem Yee RATBAG Lampson / Birlix Arnold / Jablon sun Bits Secure? Prototype? Yes / no no / yes no yes no / no no / yes no / no?? /?? Probably yes no yes

The Network Problem Network of Mutually Suspicious Active Nodes Nodes Need to Cooperate for the Network to Function Network Users Need to Interact with the NEs in a Controlled Manner Different from the Current Internet!

Mutually Suspicious Nodes Nodes Authenticate their Neighbors A1 A3 A4 B1 B2 B3 Establish Trust Relations with Peers (PolicyMaker?) Use Trust Relations to Solve Existing Problems (eg. Routing) A2 Active Network Optimize Authentication

Node to Node Authentication Once at Boot Time, Periodically Thereafter (Crypto heartbeat ) Modified STS Protocol (Well Known and Understood) Key Can be Used to Authenticate on a Hop-by-Hop Basis, Encrypt Sensitive Information Make Traffic Analysis Hard

User to Node Authentication Users Need to Prove Resource Usage Rights: To Install Permanent Services To have their Packets Identified for Further Processing Perform other Privileged Operations Authentication in a Telescopic Manner ( scout packets) Again, use of a Modified STS Protocol

Make Use of Established Trust Prove Credentials Once per Administrative Cloud Same Authentication Inside that Cloud Cross-Domain Authentication Acceptance Subject to Policy (Credential Forwarding, Session Key Sharing) We Still Need Language Safety (Accidents Happen)

Open Problems Public Key Infrastructure Needed Malicious Nodes and Byzantine Failures One Way Authentication Negotiation too Costly in Some Cases (?) Credential-Use Prediction? Protect Against Replay? Do We Need Synchronized Clocks?

SwitchWare: Accelerating SECURE Network Evolution! Active Nets: changing the tempo of network evolution from political to technological with programmable architecture Secure Active Network Environment (SANE) Architecture: Moving from Secure NODES to Secure NETWORKS Security by design, not afterthought! http://www.cis.upenn.edu/~switchware

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback