1 / 23

The Starfish System: Intrusion Detection and Intrusion Tolerance for Middleware Systems

The Starfish System: Intrusion Detection and Intrusion Tolerance for Middleware Systems Kim Potter Kihlstrom Westmont College Santa Barbara, CA, USA Priya Narasimhan Carnegie Mellon University Pittsburgh, PA, USA Motivation Previous work SecureRing [ACM TISSEC 2001] Eternal [TAPOS 1998]

emily
Download Presentation

The Starfish System: Intrusion Detection and Intrusion Tolerance for Middleware Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Starfish System:Intrusion Detection and Intrusion Tolerance for Middleware Systems Kim Potter Kihlstrom Westmont College Santa Barbara, CA, USA Priya Narasimhan Carnegie Mellon University Pittsburgh, PA, USA

  2. Motivation • Previous work • SecureRing [ACM TISSEC 2001] • Eternal [TAPOS 1998] • Immune [ICDCS 1999] • Byzantine fault detectors [Computer Journal 2003] • Insights and lessons learned • Cost of survivability • Replication of objects • Input and output majority voting • Guarantees of underlying multicast protocol • Detection and removal of faulty processors/replicas Kihlstrom and Narasimhan

  3. Immune: Looking Back Majority voting Secure multicast protocols • Interception • Replication Kihlstrom and Narasimhan

  4. Immune: Looking Ahead • Issues left open • Scalability • Increasing number of objects • Increasing number of processors • Local area to wide area • Bandwidth • Survivability of Immune itself • Voting • Other middleware systems besides CORBA • Led to development of Starfish Kihlstrom and Narasimhan

  5. Starfish Goals • Intrusion detection and intrusion tolerance for middleware applications • Not specific to any middleware system • Infrastructural support for majority voting • End-to-end intrusion detection • Applicable to local and wide area systems • Currently under development Kihlstrom and Narasimhan

  6. Starfish Organization Kihlstrom and Narasimhan

  7. Starfish Philosophy • Central core • Highly secure • Tightly coupled • Arms • Less tightly coupled • Less stringent security guarantees • Can be removed in event of security compromise • New arms can be grown Kihlstrom and Narasimhan

  8. Starfish Structure Kihlstrom and Narasimhan

  9. System Model • Assumptions • Distributed object system • Asynchronous • Determinism • Faults • Communication • Processor • Object Kihlstrom and Narasimhan

  10. Support for Voting • Objects are replicated • Replica consistency in event of malicious processor and object replica faults • Object group abstraction Kihlstrom and Narasimhan

  11. Support for Voting • Voting in a dynamic environment • Knowledge of how many votes constitute a majority • Voter must know the number of replicas in the originating object group • Hierarchical membership structure • Object groups and voting groups Kihlstrom and Narasimhan

  12. Support for Voting Kihlstrom and Narasimhan

  13. End-to-End Intrusion Detection • Removal of faulty replica from object group and all voting groups • To remove a faulty replica, all replicas in object group must receive evidence of value fault • Special Value_Fault_Vote message • Value fault detector Kihlstrom and Narasimhan

  14. End-to-End Intrusion Detection Kihlstrom and Narasimhan

  15. End-to-End Intrusion Detection Kihlstrom and Narasimhan

  16. End-to-End Intrusion Detection Kihlstrom and Narasimhan

  17. End-to-End Intrusion Detection Kihlstrom and Narasimhan

  18. End-to-End Intrusion Detection Kihlstrom and Narasimhan

  19. End-to-End Intrusion Detection • Removal of processor hosting faulty replica from system • Byzantine fault detector • To remove the processor, all processors must vote locally on the same set of votes • Special base group • Problem with cascading: fault must be handled first at the object level Kihlstrom and Narasimhan

  20. Survivability in Starfish Kihlstrom and Narasimhan

  21. Conclusions • Development underway • Prior experience in building systems • SecureRing • Eternal • Immune • Take insights and lessons in building next generation survivable object system: Starfish Kihlstrom and Narasimhan

  22. Starfish • Intrusion detection and intrusion tolerance for middleware applications • Not specific to any middleware system • Infrastructural support for majority voting • End-to-end intrusion detection • Applicable to local and wide area systems Kihlstrom and Narasimhan

  23. Questions and Feedback Kim Potter Kihlstrom kimkihls@westmont.edu http://homepage.westmont.edu/~kimkihls/ Priya Narasimhan priya@cs.cmu.edu http://www.cs.cmu.edu/~priya/ Kihlstrom and Narasimhan

More Related