8.1 distributed computer security dr. yanqing zhang, csc 8320 presented by kireet kokala © 2009...

8.18.1 DISTRIBUTED COMPUTER SECURITY DISTRIBUTED COMPUTER SECURITY

Dr. Yanqing Zhang, CSc 8320

Presented by Kireet Kokala

© 2009 Georgia State University

OOUTLINEUTLINE

PART I: INTRODUCTIONo Brief Overview of Fundamentals

PART II: CURRENT RESEARCHo Types of Attackso Botnet Attack: detection and capacitance

PART III: FUTURE CYBER WARFAREo Compromising Super-Grid computing security

REFERENCES

Q&A

2


II: : IINTRODUCTION NTRODUCTION [R. Chow & T. Johnson, 1997][R. Chow & T. Johnson, 1997]

Distributed System SecurityDependable, robust, and secure systems uphold:

Secrecy – protection from unauthorized disclosure (info. leakage).

Integrity – protection from illegal access by unauthorized users.

Availability – system resources and functionality remain active for authorized users.

Reliability/Safety – fault tolerance mechanisms (i.e. both system and user)

3


II: : IINTRODUCTION NTRODUCTION [[R. Chow & T. Johnson, 1997]R. Chow & T. Johnson, 1997]

Distributed System Representation

Subjects: active entities that access objects Objects: passive entities that must be protected

Governed by Access Control Policy: describes how objects are accessed by subjects Flow Control Policy: regulates info flow between objects & subjects

Basic Intrusion types: Denial of Service (DoS), Masquerading attack.Important steppacket and sensitive data sniffing.Ex: get started with KnoppixHakin9PHLAK

4


II: : IINTRODUCTION NTRODUCTION [Packet Analyzer, Wiki, 2009][Packet Analyzer, Wiki, 2009]

Sniffing Overview5


“The unexamined life is not worth living.” –Socrates

“The examined life is painful.” –Malcolm X


IIII: : CCURRENT URRENT RRESEARCH ESEARCH [[R. Chow & T. Johnson, 1997]R. Chow & T. Johnson, 1997]

COMMON ATTACK TYPES [Botnets, Wiki, 2009]

Denial of Service: bombard the target machine with external communication requests slow it down or make it ineffective.

Masquerading: one person or program successfully masquerades as another by falsifying data and gaining illegitimate access.

Botnet: network of compromised computers using distributed computing software. Ex: Conficker targeted Windows machines server service.

Detected in 2008 and growing well past 5 million PCs. Est# bots is 10, 000, 000+ [Conficker, Wiki, 2009]

7


IIII: : CCURRENT URRENT RRESEARCH ESEARCH [[Zhichun Li et. al, 2009]]

Botnet DetectionStill isn’t an exact science, but has large academic value

and preventive measures that rise out of studying how the nodes connect and work.

Alarmingly large number of viruses, attacks, and security breaches are done via malware bots [Brett Gross et. al, 2006].

Keep tabs on probing activities on websites to observe host-level of single instances of bot activities.

Their method requires local info and analytical knowledge about botnet properties and behavior.

***Detection comes with the caveat that with the click of a button, the botmaster/Bot herder/Warlock can switch bot routes or change probe patterns to blend in.


IIII: : AAPPROACH PPROACH [[Zhichun Li et. al, 2009]]

1. Statistical approaches to assess attributes of large-scale probing events—hit list detection.

a. Subnet detection

b. Dependency checking

2. Employ 2 algorithms: based on some assumptions, but allow them to infer the global scanning scope of a probing event.

a. analysis of 293GB of Honeynet traffic data.


[Hiroshi Takemiya[Hiroshi Takemiya et. al, 2006]]

IIII: : AAPPROACH PPROACH [[Zhichun Li et. al, 2009]]

Graphical overview of system architecture and results: distribution of malicious payload in scans.


IIIIII: : FFUTURE UTURE PPOTENTIALOTENTIAL

A system is as strong as its weakest link. Analysis via simulation and practical experiments is key to facilitating system evolution!

11



Ideas on how to compromise Super-Grid security?

12




Security Distributed systems laid across

a heterogeneous array of hardware will help in the anti-malware initiative.

Centralized Firewalls with real-time monitoring.

Upgrading several W3 & IETF standards: TCP/IP, MIME type issues, etc. point to removing redundant ID misuse for transactions.

Academic study of cyber-specific development helps understand the nature of complicated threats (viz. botnet).

Attacks Attacks are moving away from

known exploit-routes to taking on trusted sources for DoS type attacks.

Dormant botnets evolve with time while awaiting instructions—an alarmingly growing number [Conficker, Wiki, 2009].

Consider mobile-botnets that are only limited to the number of devices allowed by IPv6 inception.

RREFERENCESEFERENCES

[1] “Distributed Operating Systems & Algorithms”, Randy Chow and Theodore Johnson, 1997.[2] “Your Botnet is My Botnet: Analysis of a Botnet Takeover,” Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna, ACM, 978-1-60558, 2009.[3] “A formal protection model of security in centralized, parallel, and distributed systems,” Glenn S. Benson, Ian F. Akyildiz, William F. Appelbe. ACM Transactions on Computer Systems, Vol 8, Issue 3, Pages:183-213, 1990.[4] “Automating analysis of large-scale botnet probing events”, Zhichun Li, Anup Goyal, Yan Chen, Vern Paxson, ASIAN ACM Symposium on Information, Computer and Communications Security, pages: 11-22, 2009.[5] “Sustainable adaptive grid supercomputing: multiscale simulation of semiconductor processing across the pacific,” Hiroshi Takemiya, Yoshio Tanaka, Satoshi Sekiguchi, Shuji Ogata, Rajiv K. Kalia, Aiichiro Nakano, Priya Vashishta, Conference on High Performance Networking and Computing archive Proceedings of the ACM, No. 106, 2006. [6] “Botnet”, http://en.wikipedia.org/wiki/Botnet [7] “Conficker”, http://en.wikipedia.org/wiki/Conficker

14


QQ&&AA15


8.1 distributed computer security dr. yanqing zhang, csc 8320 presented by kireet kokala © 2009...

Documents

georgia state university

botnet detection

objects objects

botnet ex

o utline p art

distributed computer

botnet properties

list detection