Countering Evolving Threats in Distributed Applications: Scientific Principles

Countering Evolving Threats in Distributed Applications: Scientific Principles
Slide Note
Embed
Share

Distributed systems are crucial for critical infrastructure like banking, military planning, and power grids. With multiple machines and users, the dynamic environment poses security challenges. The presentation discusses the special aspects of distributed system security, trends in threats, current approaches, and desired characteristics of solutions.

  • Distributed systems
  • Security
  • Threats
  • Applications
  • Scientific principles
kang304
kang304 Follow

Uploaded on Mar 07, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Countering Evolving Threats in Distributed Applications: Scientific Principles Saurabh Bagchi The Center for Education and Research in Information Assurance and Security (CERIAS) School of Electrical and Computer Engineering Purdue University Joint work with: Gaspar Howard, Chris Gutierrez, Jeff Avery, Alan Qi (Purdue); Guy Lebanon (Amazon); Donald Steiner (Northrop Grumman) Work Supported By: Northrop Grumman, NSF Slide 1/13

  2. What is Special about Distributed System Security? Most of our critical infrastructure is built out of careful orchestration of multiple distributed services Banking, Military mission planning, Power grid, Distributed infrastructure means Many machines, possibly under different admin domains Many users, external and internal Dynamic environment where software gets upgraded, new users are added, new machines are added Attack surface is large and changing All of the above dynamic factors cause this Attack may originate from outside or inside Slide 2/13

  3. Three Big Trends in Threats Against Distributed Systems 1. Attack at the point of least resistance Find a vulnerable outward-facing service, OR Initiate an insider attack 2. Exploit zero-day vulnerabilities in any constituent service Thriving black market in zero-day vulnerabilities Tweak existing attack vectors to bypass rigid defense systems 3. Set up a covert channel for leaking sensitive information Relevant for systems with highly sensitive but low volume data Timing channels, storage channels Slide 3/13

  4. Current Approaches against These Three Threat Vectors 1. Attack at the point of least resistance Create an ever more rigid perimeter Improve the IDS alerting mechanisms, built alert correlation 2. Exploit zero-day vulnerabilities in any constituent service Hope white hats (vendors, open source devs) find these before the black hats Some impactful work in detecting metamorphic malware 3. Set up a covert channel for leaking sensitive information Only ad-hoc techniques leading to an arms race Timing channels: perturb timing of actions indiscriminately Storage channels: null out values of all unused storage elements Slide 4/13

  5. Desired Characteristics of Solutions Clean slate design approach Build individual services following secure design principles Includes randomization, use of type safe programming languages, static vulnerability checking, dynamic taint analysis OR Bolt security on Embed secure layer on constituent services, not relying only on an impenetrable perimeter Use the power of big data lots of users, lots of machines, lots of workloads Learn from mistakes, i.e., the attacks that succeed allow expert security admins to provide input to automated system Slide 5/13

  6. A Glimpse into Our Solution Approaches Slide 6/13

  7. Distributed Inferencing from Individual Sensor Information D1 D5 D2 D6 D4 D3 Slide 7/13

  8. Automatic Generation and Update of IDS Signatures: SQLi First for SQL injection attacks 2. Extracts a rich set of features from the attack 3. Applies a clustering technique to the samples, 4. A generalized signature is created for each cluster, 1. Crawls multiple public cybersecurity portals to collect attack samples samples giving the distinctive features for each cluster using logistic regression modeling 8 Slide 8/13

  9. Automatic General and Update of Signatures: Phishing Next for phishing attacks Phishing specific features are created Word features determined using word frequency counting Based on common phishing features, e.g., # links, # image tags Sentiment analysis for determining words conveying sense of change and urgency that attackers attempt to portray to the user Parsing phishing emails (corpus from Purdue s IT organization) input as mbox files Slide 9/13

  10. Phishing: Preliminary Results This cluster includes features such as: "below ,need, dear, update, customer, account, bank" Each cluster forms a general story about the emails contained within it from which the basis of the attack can be deduced For example, for cluster 4, the attack is trying to get the user to update information for their banking account. It is much easier training the user based on the attack signature for clusters, than the mass of individual emails Slide 10/13

  11. Covert Timing Channels Designed a covert network timing channel imitating long range dependent (LRD) legitimate traffic Can be hidden in the Web traffic, the most observed traffic on Internet today Statistically indistinguishable from real traffic Evades the best available detection methods. Data Rate: 2 6 bits/second Decoding Error: 3% 6 % Solution approach Look for autocorrelation function values Look for Hurst value that characterizes LRD traffic Slide 11/13

  12. Take Aways Distributed applications need to be protected Three emerging trends 1. Attack at the point of least resistance 2. Exploit zero-day vulnerabilities in any constituent service 3. Set up a covert channel for leaking sensitive information Lessons in solving these trends If clean slate design is possible for some services, use a comprehensive set of secure design principles: randomization, use of type safe programming languages, static vulnerability checking, dynamic taint analysis If security needs to be bolted on, look at internal security, not just perimeter security Big data advances can enable learning from large volumes of existing data to extrapolate to new attack types Slide 12/13

  13. Presentation available at: Dependable Computing Systems Lab (DCSL) web site engineering.purdue.edu/dcsl Slide 13/13

Related


Overview of Distributed Systems: Characteristics, Classification, Computation, Communication, and Fault Models

Overview of Distributed Systems: Characteristics, Classification, Computation, Communication, and Fault Models

paulina
Parallel and Distributed Computing Systems

Parallel and Distributed Computing Systems

aleeza
Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments

Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments

adelheide
Preventing & Countering Violent Extremism in Kenya: The NCTC Efforts

Preventing & Countering Violent Extremism in Kenya: The NCTC Efforts

freddy
Coastal Challenges: Threats and Uses Analysis

Coastal Challenges: Threats and Uses Analysis

bade614
Security Threats and Vulnerabilities in Computer Systems

Security Threats and Vulnerabilities in Computer Systems

nathanlo
Fusion Science Department Enabling Research Projects 2021-2023

Fusion Science Department Enabling Research Projects 2021-2023

alay_596
The Role of Women in Preventing and Countering Violent Extremism

The Role of Women in Preventing and Countering Violent Extremism

inabinet_a
Countering Violent Extremism Through Anti-Corruption in Eastern Africa

Countering Violent Extremism Through Anti-Corruption in Eastern Africa

hcase
Challenges in Detecting and Characterizing Failures in Distributed Web Applications

Challenges in Detecting and Characterizing Failures in Distributed Web Applications

roma_win
Google Spanner: A Distributed Multiversion Database Overview

Google Spanner: A Distributed Multiversion Database Overview

dain_s
Role of Civil Society and Indigenous Peoples in Countering Cybercrime

Role of Civil Society and Indigenous Peoples in Countering Cybercrime

lan_gl
Mobile Issues and Cyber Threats in Nigeria - Presentation by Dr. J.O. Atoyebi, NCC

Mobile Issues and Cyber Threats in Nigeria - Presentation by Dr. J.O. Atoyebi, NCC

skyl_6
Distributed Hash Table (DHT) in Distributed Systems

Distributed Hash Table (DHT) in Distributed Systems

zerahw
Distributed Database Management and Transactions Overview

Distributed Database Management and Transactions Overview

amilia
Recognizing and Preventing Insider Threats in National Security

Recognizing and Preventing Insider Threats in National Security

rana_1
Threat Assessment in Conservation: Direct, Stress, and Indirect Threats

Threat Assessment in Conservation: Direct, Stress, and Indirect Threats

toma_les
Space Applications as Instruments to Face Terrorist Threats

Space Applications as Instruments to Face Terrorist Threats

eastland_a
Distributed Computing Systems Project: Distributed Shell Implementation

Distributed Computing Systems Project: Distributed Shell Implementation

nian164
Understanding Cyber Threats in Today's Digital Landscape

Understanding Cyber Threats in Today's Digital Landscape

geto159
Experiments and Threats to Validity

Experiments and Threats to Validity

phar_si
Evolution of Scientific Thought and the Scientific Method

Evolution of Scientific Thought and the Scientific Method

amcga

More Related Content