230 likes | 253 Views
The Starfish System: Intrusion Detection and Intrusion Tolerance for Middleware Systems. Kim Potter Kihlstrom Westmont College Santa Barbara, CA, USA Priya Narasimhan Carnegie Mellon University Pittsburgh, PA, USA. Motivation. Previous work SecureRing [ACM TISSEC 2001]
E N D
The Starfish System:Intrusion Detection and Intrusion Tolerance for Middleware Systems Kim Potter Kihlstrom Westmont College Santa Barbara, CA, USA Priya Narasimhan Carnegie Mellon University Pittsburgh, PA, USA
Motivation • Previous work • SecureRing [ACM TISSEC 2001] • Eternal [TAPOS 1998] • Immune [ICDCS 1999] • Byzantine fault detectors [Computer Journal 2003] • Insights and lessons learned • Cost of survivability • Replication of objects • Input and output majority voting • Guarantees of underlying multicast protocol • Detection and removal of faulty processors/replicas Kihlstrom and Narasimhan
Immune: Looking Back Majority voting Secure multicast protocols • Interception • Replication Kihlstrom and Narasimhan
Immune: Looking Ahead • Issues left open • Scalability • Increasing number of objects • Increasing number of processors • Local area to wide area • Bandwidth • Survivability of Immune itself • Voting • Other middleware systems besides CORBA • Led to development of Starfish Kihlstrom and Narasimhan
Starfish Goals • Intrusion detection and intrusion tolerance for middleware applications • Not specific to any middleware system • Infrastructural support for majority voting • End-to-end intrusion detection • Applicable to local and wide area systems • Currently under development Kihlstrom and Narasimhan
Starfish Organization Kihlstrom and Narasimhan
Starfish Philosophy • Central core • Highly secure • Tightly coupled • Arms • Less tightly coupled • Less stringent security guarantees • Can be removed in event of security compromise • New arms can be grown Kihlstrom and Narasimhan
Starfish Structure Kihlstrom and Narasimhan
System Model • Assumptions • Distributed object system • Asynchronous • Determinism • Faults • Communication • Processor • Object Kihlstrom and Narasimhan
Support for Voting • Objects are replicated • Replica consistency in event of malicious processor and object replica faults • Object group abstraction Kihlstrom and Narasimhan
Support for Voting • Voting in a dynamic environment • Knowledge of how many votes constitute a majority • Voter must know the number of replicas in the originating object group • Hierarchical membership structure • Object groups and voting groups Kihlstrom and Narasimhan
Support for Voting Kihlstrom and Narasimhan
End-to-End Intrusion Detection • Removal of faulty replica from object group and all voting groups • To remove a faulty replica, all replicas in object group must receive evidence of value fault • Special Value_Fault_Vote message • Value fault detector Kihlstrom and Narasimhan
End-to-End Intrusion Detection Kihlstrom and Narasimhan
End-to-End Intrusion Detection Kihlstrom and Narasimhan
End-to-End Intrusion Detection Kihlstrom and Narasimhan
End-to-End Intrusion Detection Kihlstrom and Narasimhan
End-to-End Intrusion Detection Kihlstrom and Narasimhan
End-to-End Intrusion Detection • Removal of processor hosting faulty replica from system • Byzantine fault detector • To remove the processor, all processors must vote locally on the same set of votes • Special base group • Problem with cascading: fault must be handled first at the object level Kihlstrom and Narasimhan
Survivability in Starfish Kihlstrom and Narasimhan
Conclusions • Development underway • Prior experience in building systems • SecureRing • Eternal • Immune • Take insights and lessons in building next generation survivable object system: Starfish Kihlstrom and Narasimhan
Starfish • Intrusion detection and intrusion tolerance for middleware applications • Not specific to any middleware system • Infrastructural support for majority voting • End-to-end intrusion detection • Applicable to local and wide area systems Kihlstrom and Narasimhan
Questions and Feedback Kim Potter Kihlstrom kimkihls@westmont.edu http://homepage.westmont.edu/~kimkihls/ Priya Narasimhan priya@cs.cmu.edu http://www.cs.cmu.edu/~priya/ Kihlstrom and Narasimhan