180 likes | 344 Views
Distributed Computer Security. 8320 Advanced Operating Systems Lanier Watkins. Outline. Distributed Computer Security-1997 Computer Security/Fault Tolerance Secure System Secrecy Integrity Availability Reliability Safety Fundamentals of Computer Security -1997 Subjects Objects
E N D
Distributed Computer Security 8320 Advanced Operating Systems Lanier Watkins
Outline • Distributed Computer Security-1997 • Computer Security/Fault Tolerance • Secure System • Secrecy • Integrity • Availability • Reliability • Safety • Fundamentals of Computer Security -1997 • Subjects • Objects • Security Policies, Models, and Mechanisms-1997
Outline (Continued) • Common Security Threats • Interruption • Interception • Modification • Fabrication • Security Approaches • Authentication • Authorization • Fault-Tolerance • Encryption • Auditing • Security Models • Security Issues in Distributed Systems-1997 • Interoperability • Transparency
Outline (Continued) • Grid-based Intrusion Detection System-2003 • Cluster Security with NvisionCC: Process Monitoring by Leveraging Emergent Properties-2005 • GHIDS:Defending Computational Grids against Misusing of Shared Resources-2006 • Passive Identification of Unauthorized Use of Grid Computing Resources-2007
Distributed Computer Security-1997 • Security and Fault Tolerance • Critical in Distributed Systems because of openness of environment • Solutions are closely related to design issues • Secure/Dependable System • Secrecy • Protection from unauthorized disclosure • Integrity • Only authorized users modify system objects • Availability • Authorized users are not prevented from accessing respective objects • Reliability and Safety are fault-tolerant features
Fundamentals of Computer Security-1997 • Computer Systems • Can be represented by: • Subjects • Active entities that access objects • Objects • Passive entities that must be protected • Examples: data, hardware, software and communication links • Access Control Policy • Describes how objects are accessed by subjects • Flow Control Policy • Regulates the information flow between objects and subjects
Security Policies, Models, and Mechanisms-1997 • 4 Categories of Security Threats • Interruption • Loss of data and denial of service • Interception • Related to secrecy • Modification and Fabrication are violations of system integrity • 3 Fundamental Approaches • Authentication • Verification • Authorization • Extending permission • Fault Tolerance • Sustaining faults • Encryption • Prevents exposure of information and maintains privacy • Auditing • Passive form of protection
Security Policies, Models, and Mechanisms-1997 • Security Model • Discretionary • Provides separation of users and data • E.g. access control matrix • Mandatory • Requires access control of all subjects and orders under its control on a system wide basis • E.g. multilevel security, all subjects and objects in the system are assigned a sensitivity label. The labels are used as the basis for mandatory access control decisions.
Security Issues in Distributed Systems-1997 • Interoperability and Transparency • Gives rise to security issues • System Architecture • 2 Approaches to Implementing New Services • Add an additional layer of software that runs on top of the existing system to provide the new services • Redesign the system so that the new services can be executed more efficiently in the kernel mode • Client/Server Model • Typically used by Distributed Operating Systems • Fits well with object oriented paradigm • Objects to be protected are associated with servers managing objects • Each object has a set of allowable well formed operations that can be invoked by the client processes
Security Issues in Distributed Systems-1997 • Client/Server Security • A client initiates an access to an object through the kernel • Kernel authenticates the client and then invokes the object server • Implemented via Interprocess Communication at transport layer • Supported by secure host-to-host communications at the network layer and node to node communication at the link layer • Secure distributed system consists of communicating security servers using trusted gateway. • Simulate a Secure Private Network Over the Public Network • Balances interoperability and transparency • Interdomain authentication • Authorized by Interdomain access control • Secure message transfer between domains • Depends on successful interdomain authentication • Interdomain access control • Depends on ability to transmits secure request/reply messages • Security Transparency maintained via secure APIs (TAPI) • E.g. GSS-API developed by DEC
Grid-Based Intrusion Detection System -(VChoon et al,2003) • Grid Based Intrusion Detection System Proposed • Design • Grid environment • GIDS must be applicable in Grid environment • Autonomous • GIDS must be independent of user intervention • Flexible • GIDS must be customizable • Scalable • GIDS must cover many nodes • Reusable • GIDS code must be easily deployed • Adaptable • GIDS must have on demand enablement • Low Overhead • GIDS must not have significant system impact • Timeliness • GIDS must solve problems just in time
Grid-Based Intrusion Detection System -(VChoon et al,2003) • Approach • GIDS acts as a Virtual Organization • GIDS shares its resources in the form of application services • Services • Auditing • Anomaly type of intrusion detection • Signature Matching • Policy Language • Secure Communication • Monitoring • Distributed Database • Architecture • Agent-daemon running on machine being protected • Server-Service provider • Manager-Control center of the VO • Secure Communicator-Provides secure communication for VO
Cluster Security with NVissionCC -(Koenig et al,2005) • Cluster Security Monitoring Tool • Design • Performance Impact • Central Control • Leverage Existing Software • Configurability • Effectiveness • Approach/Services • Monitors processes across cluster nodes • Looks for open network ports • Looks for irregular network traffic patterns • Looks for modifications to critical files • Raises alerts when deviations from profiles are detected • Architecture • PCP daemon • Collector Node • Data Analyzer • User Interface
GHIDS: Defending Computational Grids Against Misusing of Shared Resources -(Feng et al,2006) • Grid Specific Host Based Intrusion Detection System • Design • Performance Impact • Central Control • Leverage Existing Software • Configurability • Effectiveness • Approach/Services • Uses Bottleneck Verification (Host) • Detects users that go from user to super user improperly • Monitors process creation, modification and destruction (Host) • Monitors accessing of critical resources (Host) • Grid User ID and Host Level ID stores when Grid services used • Architecture • Host and Grid level deployment • Virtual Kernel Device created • Grid Middleware modified • Data Analyzer • User Interface
Non-Intrusive Security Monitoring in Cluster Grid Networks -(Watkins,2007) • Non-Intrusive Cluster Security Monitoring Tool • Design • Performance Impact • Central Control • Leverage Existing Software • Configurability • Effectiveness • Approach/Services • Host Level and Grid Level Support • Identifies unauthorized use resources • Identifies Misuse of resources • Raises alerts when deviations from profiles are detected • Architecture • NO daemons • Collector node
Non-Intrusive Security Monitoring in Cluster Grid Networks -(Watkins,2007) Packet Analysis (TCPdump) Preprocessor (Wavelet Transform) Feature Extraction (Energy + Transients) Detection & Decision CPU Utilization Identification
Min(PIII,PIV) Max(PIII,PIV) Average(PIII,PIV) Non-Intrusive Security Monitoring in Cluster Grid Networks -(Watkins,2007) • Problem has inherent uncertainty • Identification Scheme • Use Fuzzy Operators • Use Type I Fuzzy • Use Type II Fuzzy OR OR
References • Distributed Operating Systems & Algorithms, Randy Chow and Theodore Johnson, Addison Wesley, 1997 • “Grid Based Intrusion Detection System”, O. Tian, A. Samsudin, IEEE 2003 • “Cluster Security with NVisionCC:Process Monitoring by Leveraging Emergent Properties”, Koeng et al,IEEE 2005 • “GHIDS:Defending Computational Grids Against Misusing of Shared Resources”, Feng et all, IEEE2006