Towards an Attack-Resistant Desktop Todd Deshane Seminar Spring 2007 Advisor: Dr. Jeanna Matthews
Problem Definition and Motivation <ul><li>Many systems on the Internet are vulnerable </li></ul><ul><ul><li>Do not have th...
Proposed Solution <ul><li>Isolate user data </li></ul><ul><ul><li>Secured file server that provides rollback if corruption...
Terminology <ul><li>Virtual Machine Monitor (VMM) aka Hypervisor </li></ul><ul><ul><li>Platform that allows multiple opera...
Architecture Overview
File System Virtual Machine <ul><li>Isolated file server (i.e. AFS, NFS, Samba) </li></ul><ul><ul><li>Runs in a virtual ma...
Architecture Overview
Virtual Machine Appliances <ul><li>Applications separated (and possibly grouped) based on function installed in distinct v...
Network Intrusion Detection <ul><li>Snort </li></ul><ul><ul><li>De facto standard </li></ul></ul><ul><ul><li>Widely deploy...
File System Intrusion Detection <ul><li>Novel approach, distinct advantages over traditional host-based intrusion detectio...
Example Scenario <ul><li>Mass emailer worm takes over your email client </li></ul><ul><ul><li>Without our system: system s...
Current and Future Work <ul><li>System components </li></ul><ul><ul><li>Frontend file server  </li></ul></ul><ul><ul><ul><...
Questions/Comments?
Upcoming SlideShare
Loading in …5
×

Cs seminar 20070426

379 views
267 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
379
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Theme created by Sakari Koivunen and Henrik Omma Released under the LGPL license.
  • Cs seminar 20070426

    1. 1. Towards an Attack-Resistant Desktop Todd Deshane Seminar Spring 2007 Advisor: Dr. Jeanna Matthews
    2. 2. Problem Definition and Motivation <ul><li>Many systems on the Internet are vulnerable </li></ul><ul><ul><li>Do not have the latest virus definitions </li></ul></ul><ul><ul><li>Do not have the latest software security patches </li></ul></ul><ul><li>Anti-virus software ineffective against zero day attacks </li></ul><ul><li>System or application updates are imperfect </li></ul><ul><ul><li>Can break other apps or cause instability </li></ul></ul>
    3. 3. Proposed Solution <ul><li>Isolate user data </li></ul><ul><ul><li>Secured file server that provides rollback if corruption occurs </li></ul></ul><ul><li>Separate applications into appliances </li></ul><ul><ul><li>Applications stored in virtual machines that allow rollback to known good appliance state </li></ul></ul><ul><li>Network intrusion detection </li></ul><ul><li>File system intrusion detection </li></ul><ul><ul><li>Application-specific data protection contracts </li></ul></ul>
    4. 4. Terminology <ul><li>Virtual Machine Monitor (VMM) aka Hypervisor </li></ul><ul><ul><li>Platform that allows multiple operating systems to run on a host computer at the same time </li></ul></ul><ul><ul><li>Xen: the VMM that we will use for our prototype implementation </li></ul></ul><ul><ul><ul><li>High performance and open source </li></ul></ul></ul><ul><li>Virtual Machine (VM) aka Guest </li></ul><ul><ul><li>Execution environment running a distinct isolated operating system instance </li></ul></ul>
    5. 5. Architecture Overview
    6. 6. File System Virtual Machine <ul><li>Isolated file server (i.e. AFS, NFS, Samba) </li></ul><ul><ul><li>Runs in a virtual machine on a separate virtual network </li></ul></ul><ul><ul><li>Access controlled by application-specific contracts </li></ul></ul><ul><ul><li>Proposed implementation </li></ul></ul><ul><ul><ul><li>Small, simple operating system with a file server installed on a Linux initial RAM disk </li></ul></ul></ul><ul><ul><ul><ul><li>Loaded into RAM, changes to file server are non-persistent </li></ul></ul></ul></ul><ul><ul><ul><ul><li>SELinux policy that allows the file server to be the only entity that can modify the data being served </li></ul></ul></ul></ul>
    7. 7. Architecture Overview
    8. 8. Virtual Machine Appliances <ul><li>Applications separated (and possibly grouped) based on function installed in distinct virtual machines </li></ul><ul><li>Each appliance granted fine-grained access to network or file system resources </li></ul><ul><li>Proposed implementation </li></ul><ul><ul><li>Linux RAM disk or operating system install (i.e. Windows) with installed application(s) </li></ul></ul>
    9. 9. Network Intrusion Detection <ul><li>Snort </li></ul><ul><ul><li>De facto standard </li></ul></ul><ul><ul><li>Widely deployed in industry </li></ul></ul><ul><ul><li>Rule-based </li></ul></ul><ul><ul><ul><li>Attack signatures </li></ul></ul></ul><ul><ul><ul><li>Anomalous activity </li></ul></ul></ul><ul><ul><li>Strong community </li></ul></ul><ul><ul><li>Open source </li></ul></ul>
    10. 10. File System Intrusion Detection <ul><li>Novel approach, distinct advantages over traditional host-based intrusion detection </li></ul><ul><li>Application-specific contracts </li></ul><ul><ul><li>Applications have restricted access to specific mount points </li></ul></ul><ul><li>Proposed implementation </li></ul><ul><ul><li>Database of rules enforced by policy manager </li></ul></ul><ul><ul><ul><li>Attack or anomalous activity detected and system rolled back to working state appropriately </li></ul></ul></ul>
    11. 11. Example Scenario <ul><li>Mass emailer worm takes over your email client </li></ul><ul><ul><li>Without our system: system slows down, network traffic increases, patch needed, system restart likely needed, system rebuild might be necessary </li></ul></ul><ul><ul><li>With our system: scanning of address book detected as anomalous, increased network activity detected as anomalous, email appliance rolled back to working state, patch applied to secondary copy of email appliance then swapped in, no system downtime, no reboot necessary, minimal or no application downtime </li></ul></ul>
    12. 12. Current and Future Work <ul><li>System components </li></ul><ul><ul><li>Frontend file server </li></ul></ul><ul><ul><ul><li>Openfiler (NFS, AFS, Samba, etc.) </li></ul></ul></ul><ul><ul><li>Backend file system </li></ul></ul><ul><ul><ul><li>Log-structured file system (LFS) </li></ul></ul></ul><ul><ul><li>Data protection contracts and policy manager </li></ul></ul><ul><ul><li>High Availability support </li></ul></ul>
    13. 13. Questions/Comments?

    ×