1 INTRUSION TOLERANT SYSTEMS WORKSHOP Phoenix, AZ 4 August 1999 Jaynarayan H. Lala ITS Program...
Click here to load reader
-
Upload
laura-mclaughlin -
Category
Documents
-
view
215 -
download
0
description
Transcript of 1 INTRUSION TOLERANT SYSTEMS WORKSHOP Phoenix, AZ 4 August 1999 Jaynarayan H. Lala ITS Program...
1
INTRUSION TOLERANT SYSTEMSWORKSHOP
Phoenix, AZ4 August 1999
Jaynarayan H. LalaITS Program Manager
2
TOPICS
A Dependability Framework for ITSSharing of Documents & ResultsProgram Review MeetingsReportingExperimentationCoordination with other IA&S ProgramsOther issues
3
A DEPENDABILITY FRAMEWORK FOR ITS
Goal: Establish a multi-dimensional, hierarchical framework for Intrusion Tolerant Systems program
Approach: Put forward a strawman Solicit your inputs
4
WHY DO WE NEED A FRAMEWORK?
To provide a system view of intrusion tolerance.To show inter-relationships between various
techniques and tools.To provide a context for evaluating applicability&
effectiveness of each technique and tool.To partition ITS into its various components and
assign roles & responsibilities to those components.
To design & implement ITS components.
5
PITAC RECOMMENDATIONS
President’s Information Technology Advisory Committee (PITAC) recommended recently (Aug. ‘98) that Federal govt. should
“… foster projects of broader scope and longer duration.” “Increase the emphasis on projects involving multiple
investigators over several years.”Each PI must look beyond his/her own research to
see how it fits in the big picture, relates to other PIs’ work, and advances the strategic vision.
6
ITS DEPENDABILITY FRAMEWORK
Dependability BackgroundA Strawman ITS Framework
7
DEPENDABILITY*: AN OVERARCHING CONCEPT
Dependability is defined as the trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers.
*J.C. Laprie (ed.), Dependability: Basic Concepts and Terminology, Springer-Verlag, 1992.
8
DEPENDABILITY PROPERTIES
Availability is the readiness for usage.Reliability is the continuity of service.Maintainability is the ease of performing
maintenance actions.Safety is the avoidance of catastrophic
consequences on the environment.Security is the prevention of unauthorized access
(Confidentiality) and/or handling of information (Integrity).
9
IMPAIRMENTS TO DEPENDABILITY
Faults, errors and failures may affect dependability properties.
Faults can be categorized by Nature
Accidental or Intentional Origin
Physical or Human madeInternal or ExternalDesign or Operational
PersistenceTemporary or Permanent
NATUREORIGIN
PERSISTENCEPhenomenological
Cause System Boundaries Phase of Creation UsualLabelling
Physical Faults
Transient Faults
IntermittentFaults
Design Faults
Interaction Faults
MaliciousLogic
Intrusions
AccidentalFaults
IntentionalFaults
PhysicalFaults
Human-madeFaults
InternalFaults
ExternalFaults
DesignFaults
OperationalFaults
PermanentFaults
TemporaryFaults
XXXXXXX
XXXX
XXXX
XXXXXXX
XX
XXX
XXX
X
XX
XX
XX
XXXX
X
XX
X
X
X
XX
XXX
X
X
X
FAULT CLASSIFICATION
11
FAILURE CLASSIFICATION
Consequence Viewpoint Benign vs. Catastrophic Fail-Safe vs. Critical
Domain Viewpoint Timing Value Both
Perception Viewpoint Consistent Byzantine
12
MEANS FOR DEPENDABILITY
Methods and techniques that provide the ability to deliver a service on which reliance can be placed.
Fault/Attack PreventionFault Removal
Verification, Diagnosis, CorrectionFault/Attack Tolerance
Error Processing, Fault TreatmentFault/Attack Forecasting
System Evaluation wrt Fault/Attack Occurrence
13
A STRAWMANITS FRAMEWORK
14
POTENTIAL DIMENSIONS OF ITS FRAMEWORK (1 of 4)
Dependability Property Confidentiality Integrity Availability Other dependability properties
Attack Classification Malicious Logic Intrusions
Fault/Attack Persistence Temporary Permanent
15
POTENTIAL DIMENSIONS OF ITS FRAMEWORK(2 of 4)
Means for Dependability Avoidance (Prevention, Removal) Detection Isolation/Identification Response (Recovery, Reconfiguration, Graceful Degradation) System Evaluation/ Validation
Attack Severity Ankle Biters, Single Target, Benign Terrorist, Multiple Targets, Destructive Rate of Attack
16
POTENTIAL DIMENSIONS OF ITS FRAMEWORK(3 of 4)
Avoidance & Detection Techniques Formal Methods Execution Monitors Others
Tolerance Techniques Data Redundancy Programs Redundancy Hardware Redundancy Communication Codes Redundancy Information (Analytic)/Design Redundancy Temporal Redundancy
17
POTENTIAL DIMENSIONS OF ITS FRAMEWORK(4 of 4)
Maturity for Fielding Concept Exploration Design/Implementation Demonstration Validation