View
214
Download
1
Embed Size (px)
Citation preview
Dissemination of Security Updates
Jun Li
Dissertation ProposalDissertation Proposal
Dissemination of security updatesDissemination of security updates 2
Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One strategy in initial study Dissertation plans Summary
Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One strategy in initial study Dissertation plans Summary
Outline
Dissemination of security updatesDissemination of security updates 3
Motivation
Consider network security in general
Dissemination of security updatesDissemination of security updates 4
Dissemination of security updatesDissemination of security updates 5
Motivation
For instance, before taking action an attack may hide itself and penetrate into many machines
Wide-spread information sharing in a timely way is necessary The information is called security update
Consider network security in general
Security attack on just a single machine in a network environment is usually not the case
Dissemination of security updatesDissemination of security updates 6
Security Update Examples
Virus signature (and remedy) Special events in distributed intrusion
detection Offending characteristics to be filtered by
a firewall Characteristics of a potential attack
Dissemination of security updatesDissemination of security updates 7
Observation
They all share a common need of doing security update dissemination
But the need is addressed in various unsatisfactory ways (to be discussed later)
Dissemination of security updatesDissemination of security updates 8
Solution to the problem
Provide a common facility for security update dissemination
Dissemination of security updatesDissemination of security updates 9
Challenges Scalability Low latency High assurance
some machines may be subverted some machines may be disconnected
Topological adaptability Heterogeneity Low overhead High security itself
Dissemination of security updatesDissemination of security updates 10
Thesis Dissemination of security updates while
simultaneously addressing each of the above challenges is feasible. Design and build a system that does the work
Call the system Revere
Dissemination of security updatesDissemination of security updates 11
Outline Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One strategy in initial study Dissertation plans Summary
Dissemination of security updatesDissemination of security updates 12
Related Work Information dissemination
simple transmission techniques mailing list distribution of software, virus signature, or key network time protocol push technology
Element management replicated data management intrusion detection
Dissemination of security updatesDissemination of security updates 13
Simple Transmission Techniques
Broadcasting
network
Unicasting(one-to-one)
Flooding Multicasting
Dissemination of security updatesDissemination of security updates 14
Mailing List Scalability Single path to reach
recipients Hard to interface with
other software ...
network
Dissemination of security updatesDissemination of security updates 15
Distribution of Software, Virus Signature, or Key
Software distribution Virus signature distribution
Key distribution
Dissemination of security updatesDissemination of security updates 16
Network Time Protocol Disseminating clock time to synchronize
machines on network manually configured no retransmission
Dissemination of security updatesDissemination of security updates 17
Push Technology Some commercial products: BackWeb,
Ifusion, InCommon, Intermind, Marimba, NETdelivery, Wayfarer poll the server periodically, fetch if needed
Salamander build a substrate push data from suppliers to clients through the
substrate only single path from a supplier to a client no handling for disconnected machines
Dissemination of security updatesDissemination of security updates 18
Element Management
Replicated data management each machine in Revere has a replica of
security update
Intrusion detection if we know which machines are subverted ...
Dissemination of security updatesDissemination of security updates 19
Outline Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One strategy in initial study Dissertation plans Summary
Dissemination of security updatesDissemination of security updates 20
Protecting Revere
Revere must protect itself against attacks otherwise, security update won’t be
disseminated successfully corrupted Revere is more dangerous if used by
enemy for own purpose
Dissemination of security updatesDissemination of security updates 21
Attacks on Revere Corrupting a message
modification fabrication or forgery
Corrupting the transmission path blockage misdirection denial of service by replay overloading
Leakage of security update
Dissemination of security updatesDissemination of security updates 22
Fight Against Attacks Message corruption
digital signature
Transmission path corruption redundancy by multiple paths be ready for replay attacks by logging
signatures of previous security updates
leakage of security update no secrecy when many millions of machines
are receivers to share same information
Dissemination of security updatesDissemination of security updates 23
Outline Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One strategy in initial study Dissertation plans Summary
Dissemination of security updatesDissemination of security updates 24
Dissemination Mechanism
High assurance Pulling by disconnected node Receiver based policy Opportunistic use of transmission options Scalability
Dissemination structure
Dissemination of security updatesDissemination of security updates 25
implosion
1. High Assurance Using acknowledgement
ack can be dropped need to figure out what is missed by whom
Using negative ack only avoid implosion, and only feasible when knowing a security update is missed
Using redundancy
retransmission probably follows same old path
to achieve best effort
harder to corrupt all
accompanied with additional techniques, such as pulling
Dissemination of security updatesDissemination of security updates 26
network
2. Pulling By Disconnected Node
Pulling from is not scalable and hard to handle
Repository nodes
High assurance pulling find best repository nodes
Dissemination of security updatesDissemination of security updates 27
3. Receiver Based Policy Heterogeneous Revere node in terms of
different resiliency request• different environment (hostile or safe)
• different context itself different transmission characteristics different platform
• different ability of being aware of above
Dissemination of security updatesDissemination of security updates 28
4. Opportunistic Use of Transmission Options When security update forwarded from
machine to machine(s), choose best option of available transmission type
Tradeoff among best performance resource usage delivery guarantee simplicity of
implementation
network
Dissemination of security updatesDissemination of security updates 29
5. Scalability Be ready for millions of receivers, or even
more resource usage performance security
Any machine can only have partial information of the whole system distributed computing
Dissemination of security updatesDissemination of security updates 30
Dissemination Structure Automatic configuration
an easy-to-use user interface needed• manual configuration hurts
Dynamic adjustment adaptively when a new node joins when an existing node quits when transmission characteristics changes when detecting security problems and so on …..
Dissemination of security updatesDissemination of security updates 31
Outline
Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One Strategy in initial study Dissertation plans Summary
Dissemination of security updatesDissemination of security updates 32
Dissemination w/ Sending Table Each Revere node has an associated
sending table locallyA unicast
B,C multicast
D ………….
(empty)
B floppyX broadcast
(empty)
C unicast w/ IP source routing
Dissemination of security updatesDissemination of security updates 33
Building the Sending Table Requirements
automatic match dissemination mechanisms dynamically adjustable
Some information about dissemination sources are common knowledge addresses type of security updates to disseminate public keys
Maybe similar information of some existing Revere nodes
Dissemination of security updatesDissemination of security updates 34
Join Request
Recommending Algorithm
Decision Making Algorithm
A Newborn
Machines listed in ’s sending table
Machines recommended to newborn
Machines selected
Detected info between newborn and recommendedRecommended machines listSelected machines list
Recursive Enrollment of Newborn
Dissemination of security updatesDissemination of security updates 35
Enrollment Flexibility
A new Revere machine can attach itself to Revere system by sending enroll request(s) to any existing Revere node(s) based on trustfulness, or contact more than one
Dissemination of security updatesDissemination of security updates 36
Outline
Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One Strategy in initial study Dissertation plans Summary
Dissemination of security updatesDissemination of security updates 37
A Prototype w/ Basic Functionality Security update delivery analysis Dissemination structure formation and
management Dissemination process
push pull
Dissemination of security updatesDissemination of security updates 38
Security Enforcement Authentication of security update
signing and verification of security update key management
Replay prevention don’t be fooled to send lots of replays since
Revere has big fan-out
Dissemination of security updatesDissemination of security updates 39
Test the System
Build a testbed composed of heterogeneous machines and
transmission media small scale
Simulate possible attacks
Dissemination of security updatesDissemination of security updates 40
Simulation Large scale
With some Revere nodes subverted and actively thwarting the dissemination
Understand the effects when lots of machines pull missed information
……………...
Dissemination of security updatesDissemination of security updates 41
Outline
Motivation, challenges, and thesis Related work Protection against attacks Dissemination mechanism One Strategy in initial study Dissertation plans Summary
Dissemination of security updatesDissemination of security updates 42
Summary
The goal is to be able to disseminate security updates securely, quickly, adaptively, to large number of heterogeneous machines with high assurance and low overhead
The work includes design, prototype, test, simulation, evaluation
Dissemination of security updatesDissemination of security updates 43
Questions?