Distributed Computer Security

8320 Advanced Operating Systems - Section 8.1

Qiong ChengFall 2007

Outline

Characteristics in Robust Systems Security Threats

Examples: Denial-of-Service

Layered Approach for Defense Security Policy, Mechanism and Model

Example: Enterprise Access Security Architecture

Security Issues in Distributed Systems

Distributed Computer Security Security and Fault Tolerance

Robust System Secrecy

Protection from unauthorized disclosure of system objects

IntegrityOnly authorized users modify system objects

AvailabilityAuthorized users are not prevented from accessing respective objects

Reliability and Safety are fault-tolerant features

Security Threats

Interruption (availability) Loss of data and denial of service

Interception Related to secrecy

Modification and Fabrication are violations of system integrity

Threats from Web/Network Client Side

What can the server do to the client? Fool it Install or run unauthorized software, inspect/alter files

Server Side What can the client do to the server?

Bring it down (denial of service) Gain access (break-in)

Network Is anyone listening? (Sniffing) Is the information genuine? Are the parties genuine?

Source : www.cse.sc.edu/~farkas/csce522-2003/lectures/csce522-lect22.ppt

Packet Sniffer

Client

Packet Sniffing (Network threat)

Server

NETWORK INTERFACE CARDALLOWS ONLY PACKETS

FOR THIS MAC ADDRESS

EVERY NETWORK INTERFACE CARD HAS A UNIQUE 48-BIT MEDIA ACCESS CONTROL (MAC) ADDRESS, e.g. 00:0D:84:F6:3A:10

24 BITS ASSIGNED BY IEEE; 24 BY CARD VENDOR

PACKET SNIFFER SETS HIS CARDTO PROMISCUOUS MODE TO

ALLOW ALL PACKETS THROUGH

Network Security Problem

SOURCE: CERT

REMOVABLEMEDIA

USER

MODEM +TELEPHONE

LOCAL AREANETWORK

REMOTELOCATION

INTERNETCONNECTION

“BACKDOOR”INTERNET

CONNECTION

ISP

REMOTEUSER

VENDORS ANDSUBCONTRACTORS

RADIOEMISSIONS

WIRELESS

USER

Sophistication v. Intruder Knowledge

SOURCE: CERT

Denial-of-Service

Attack to disable a machine (server) by making it unable to respond to requests

Use up resources Bandwidth, swap space, RAM, hard disk

Some attacks yield millions of service requests per second

Ping Flooding

Victim System

Attacking System(s)

Internet

SOURCE: PETER SHIPLEY

Three-Way Handshake

ClientServer

SYNSYN | ACK

ACK

1: Send SYN seq=x

2: Send SYN seq=y, ACK x+1

3: Send ACK y+1SOURCE: PETER SHIPLEY

SMURF ATTACK

INTERNET

PERPETRATORVICTIM

ICMP echo (spoofed source address of victim) Sent to IP broadcast address

ICMP echo reply

SOURCE: CISCO

ICMP = Internet Control Message Protocol

INNOCENTREFLECTOR SITES

BANDWIDTH MULTIPLICATION:A T1 (1.54 Mbps) can easilyyield 100 MBbps of attack

1 SYN

10,000 SYN/ACKs -- VICTIM IS DEAD

Distributed Denial of Service Attack

SOURCE: CERT

VICTIM

INTRDER

INTRUDER SENDSCOMMANDS TO

HANDLERS

DDOS Attack

SOURCE: CERT

DDOS Attack

SOURCE: CERT

A Layered Approach for Defense Increases an attacker’s risk of detection Reduces an attacker’s chance of success

Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness

Guards, locks, tracking devicesPhysical securityPhysical security

Application hardeningApplication

OS hardening, authentication, security update management, antivirus updates, auditing

Host

Network segments, NIDSInternal network

Firewalls, boarder routers, VPNs with quarantine proceduresPerimeter

Strong passwords, ACLs, backup and restore strategy

Data

Security Policy

Access Control Policy Describes how objects are accessed by subjects

Flow Control Policy Regulates the information flow between objects and subjects

• SubjectsActive entities that access objects

• ObjectsPassive entities that must be protectedExamples: data, hardware, software and communication links

Security Mechanism

Authentication Verification

Authorization Extending permission

Fault Tolerance Sustaining faults

Encryption Prevents exposure of information and maintains privacy

Auditing Passive form of protection

Discretionary Provides separation of users and data E.g. access control matrix

Mandatory Requires access control of all subjects and orders under its control on a

system wide basis E.g. multilevel security, all subjects and objects in the system are assigned a

sensitivity label. The labels are used as the basis for mandatory access control decisions.

Security Model

Firewall A device placed between two networks or

machines All traffic in and out must pass through the firewall Only authorized traffic is allowed to pass The firewall itself is immune to penetration

Internet

FirewallCompany Network

SOURCE: ADAM COLDWELL

Enterprise Access Security

Web Server

Firewall

Authentication Server

RAS

Intranet

Mainframe

Enterprise

UNIXRSA Agent

Remote Access

InternetRSA

Agent

Internet Access

RSA Agent

Enterprise Access

RSA Agents

SOURCE: RSA

Security Issues in Distributed Systems

Interoperability and Transparency Gives rise to security issues

Approaches to Implementing New Services Add an additional layer of software that runs on top of the

existing system to provide the new services Redesign the system so that the new services can be

executed more efficiently in the kernel mode

Comprehensive Consideration

Security policies, procedures, and educationPolicies, procedures, and awarenessPolicies, procedures, and awareness

Guards, locks, tracking devicesPhysical securityPhysical security

Application hardeningApplication

OS hardening, authentication, security update management, antivirus updates, auditing

Host

Network segments, NIDSInternal network

Firewalls, boarder routers, VPNs with quarantine proceduresPerimeter

Strong passwords, ACLs, backup and restore strategy

Data

References

1.http://www.owasp.org/index.php/Top_10_2007

2. www.cert.org

3. www.cse.sc.edu/~farkas/csce522-2003/lectures/csce522-lect22.ppt

4. Randy Chow, Theodore Jognson. Distributed Operating Systems and Algorithms, Addison-Wesley 1997