Security in autonomic communication
-
Upload
stavros-geordi -
Category
Documents
-
view
26 -
download
1
description
Transcript of Security in autonomic communication
Security in autonomic communication
Shuping Liu
Networking Lab
HUT
Contents
Why autonomic? Why security? Security characteristic Security challenge Security solution Policy-based solution conclusion
Why autonomic?
Communication system becomes more complex, more interconnected, more dynamic and more tightly woven into our lives.
Human resources involved in managing and administering them have grown rapidly and constitute a steadily larger fraction of the cost.
Autonomic communication is aimed to be autonomous, managing their own evolution, performance, security and fault concerns without explicit user or administrator actions.
Why security? (1/3)
Why security? (2/3)
Why security? (3/3)
Security characteristic
Autonomic communication will not create an entirely new security.
All the traditional securities will arise in autonomic communication systems. Some in more complex and urgent form.
Autonomic communication will give rise to unique security threats of their own.
Security challenge New technologies and architectures, whose security
implications are not yet well understood. Anomalous behavior caused by security compromises
due to reduced human activities. Span different administrative domains Deal with a constantly changing set of other systems.
Need flexible new methods for trust establishing, attack and compromise detecting, recovering.
Deal with personal information. Need to obey privacy policies required by nation laws and business ethics.
Security solution
Software solution
policy control (the details followed)
access control
autonomic distributed firewalls (ADF)
… Hardware solution
security enhanced chip multiprocessor
…
Policy-based solution(1/21)
Security policy is the primary tool for security in autonomic communication.
The unit of autonomic communication, generally referred to as “autonomic element”, is anticipated as follows,
simple and of fixed function at small scales
function dynamically at higher levels
Policy-based solution(2/21)
An autonomic element will involve two parts: function unit: perform whatever basic
function the element provide
management unit: oversees the operation
of the functional unit
Policy-based solution(3/21)
Logical structural of an autonomic element
Policy-based solution(4/21)
Management unit carries with them, or otherwise has access to,
policies that govern and constrain their behaviors at a comparatively high level
task and state representations that functionally describe their current mission, strategy, and status at a lower level
Policy-based solution(5/21) Some of the policies will be security policies Some of the task and state representations will
also be relevant to the element’s security By explicitly representing both security policies
and security-related tasks and states, autonomic elements will be able to automatically handle a wide range of security issues that are currently addressed by human
Policy-based solution(6/21) Many autonomic communication systems span
different administrative domains It is not enough for an autonomic element to ensure
its own security Autonomic elements are capable of negotiating
security and policy, and to gather and securely exchange the info.
Another problem is trust-establishment, because autonomic element has less control over, and less complete and reliable info. about the element in other domain
Policy-based solution(7/21)
Hierarchy trust model
Policy-based solution(8/21)
Mesh trust model
Policy-based solution(9/21)
Bridge trust model
Policy-based solution(10/21)
Hybrid trust model
Policy-based solution(11/21)
Trust model based on Gateway CA’s
Policy-based solution(12/21)
Trust problem also exist between user and policy systems.
How can we trust a policy system to make the best decision?
Hoi Chan et. al. suggests a policy system with trust building tools
Policy-based solution(13/21)
Notations,
ITI: instantaneous trust index, to each execution of each
policy
ITI = f (m1,m2,…), where m1,m2 … are weights
assigned to each user modification, and 0<=ITI<=1
OTI:overall trust index, for a policy and reflects the level
of trust that the user has in a particular policy or
group of policies
OTI = f1(ITI1,ITI2,…), where f1 is average function
Policy-based solution(14/21)
a policy system with trust building tools
Policy-based solution(15/21) KB, knowledge base, uses the information, through some
reinforcement learning algorithms, to adjust the behavior of the policy in a way to maximize the OTI.
There are 3 modes of operation, Minimal trust (supervised) mode Partial trust (modify) mode Full trust (automatic) mode
The user is able to place the system into one of these modes at will on a per-policy base.
Policy-based solution(16/21) Minimal trust mode, start mode by default
Policy generates the actions not executed the user exams the actions the user accepts, or propose his own actions, or denies return ITI by an expert-defined function KB actions
As the policy system evolves to a point where OTI≈1, the user may change to next trust level for the policy
Partial trust mode
This mode is similar to Minimal mode. But in this case, user can only change the parameters, instead of actions.
Full trust mode
The policy system fully execute the actions without user intervention
Policy-based solution(17/21)
We should know that, the policies, and the task and state representation provide high-value targets to a potential attacker.
Let us consider a scenario, the attacker insert a piece of code that causes the system to silently send him or her a copy of some important information at a particular email address at a particular time.
Policy-based solution(18/21) In traditional communication system, the leak will stop if tha
t email address becomes unavailable, or a network gateway blocks it.
However, in an autonomic element, if the code is inserted as a policy piece, the autonomic element would then use every resource at its disposal to ensure that the information is delivered to the attacker. The attacker would have harnessed the element’s own ability to adapt to changing conditions and adopt new strategies for the purpose of stealing the desired information.
Preventing such high-level subversion will be an important part of the security of autonomic systems.
Policy-based solution(19/21)
On the other hand, the security policies that govern an autonomic element can provide new levels of resistance to attack.
Policy-based solution(20/21)
data leak in traditional systems
Policy-based solution(21/21)
data leak in autonomic systems
Conclusion No functioning system is perfectly secure, autonomic
communication system will be no exception. The development of autonomic systems cannot be delayed
until the final security solution is available, since it is impossible
Recent advances, including autonomic intrusion detection systems, secure embedded processors, proactive security measures, and automated virus response, have taken some burden of security maintenance off overloaded system administrators.
But there is much more which is waiting for us…
Thanks!
Any comments and questions?