Security in autonomic communication

Shuping Liu

Networking Lab

HUT

Contents

Why autonomic? Why security? Security characteristic Security challenge Security solution Policy-based solution conclusion

Why autonomic?

Communication system becomes more complex, more interconnected, more dynamic and more tightly woven into our lives.

Human resources involved in managing and administering them have grown rapidly and constitute a steadily larger fraction of the cost.

Autonomic communication is aimed to be autonomous, managing their own evolution, performance, security and fault concerns without explicit user or administrator actions.

Why security? (1/3)

Why security? (2/3)

Why security? (3/3)

Security characteristic

Autonomic communication will not create an entirely new security.

All the traditional securities will arise in autonomic communication systems. Some in more complex and urgent form.

Autonomic communication will give rise to unique security threats of their own.

Security challenge New technologies and architectures, whose security

implications are not yet well understood. Anomalous behavior caused by security compromises

due to reduced human activities. Span different administrative domains Deal with a constantly changing set of other systems.

Need flexible new methods for trust establishing, attack and compromise detecting, recovering.

Deal with personal information. Need to obey privacy policies required by nation laws and business ethics.

Security solution

Software solution

policy control (the details followed)

access control

autonomic distributed firewalls (ADF)

… Hardware solution

security enhanced chip multiprocessor

…

Policy-based solution(1/21)

Security policy is the primary tool for security in autonomic communication.

The unit of autonomic communication, generally referred to as “autonomic element”, is anticipated as follows,

simple and of fixed function at small scales

function dynamically at higher levels

Policy-based solution(2/21)

An autonomic element will involve two parts: function unit: perform whatever basic

function the element provide

management unit: oversees the operation

of the functional unit

Policy-based solution(3/21)

Logical structural of an autonomic element

Policy-based solution(4/21)

Management unit carries with them, or otherwise has access to,

policies that govern and constrain their behaviors at a comparatively high level

task and state representations that functionally describe their current mission, strategy, and status at a lower level

Policy-based solution(5/21) Some of the policies will be security policies Some of the task and state representations will

also be relevant to the element’s security By explicitly representing both security policies

and security-related tasks and states, autonomic elements will be able to automatically handle a wide range of security issues that are currently addressed by human

Policy-based solution(6/21) Many autonomic communication systems span

different administrative domains It is not enough for an autonomic element to ensure

its own security Autonomic elements are capable of negotiating

security and policy, and to gather and securely exchange the info.

Another problem is trust-establishment, because autonomic element has less control over, and less complete and reliable info. about the element in other domain

Policy-based solution(7/21)

Hierarchy trust model

Policy-based solution(8/21)

Mesh trust model

Policy-based solution(9/21)

Bridge trust model

Policy-based solution(10/21)

Hybrid trust model

Policy-based solution(11/21)

Trust model based on Gateway CA’s

Policy-based solution(12/21)

Trust problem also exist between user and policy systems.

How can we trust a policy system to make the best decision?

Hoi Chan et. al. suggests a policy system with trust building tools

Policy-based solution(13/21)

Notations,

ITI: instantaneous trust index, to each execution of each

policy

ITI = f (m1,m2,…), where m1,m2 … are weights

assigned to each user modification, and 0<=ITI<=1

OTI:overall trust index, for a policy and reflects the level

of trust that the user has in a particular policy or

group of policies

OTI = f1(ITI1,ITI2,…), where f1 is average function

Policy-based solution(14/21)

a policy system with trust building tools

Policy-based solution(15/21) KB, knowledge base, uses the information, through some

reinforcement learning algorithms, to adjust the behavior of the policy in a way to maximize the OTI.

There are 3 modes of operation, Minimal trust (supervised) mode Partial trust (modify) mode Full trust (automatic) mode

The user is able to place the system into one of these modes at will on a per-policy base.

Policy-based solution(16/21) Minimal trust mode, start mode by default

Policy generates the actions not executed the user exams the actions the user accepts, or propose his own actions, or denies return ITI by an expert-defined function KB actions

As the policy system evolves to a point where OTI≈1, the user may change to next trust level for the policy

Partial trust mode

This mode is similar to Minimal mode. But in this case, user can only change the parameters, instead of actions.

Full trust mode

The policy system fully execute the actions without user intervention

Policy-based solution(17/21)

We should know that, the policies, and the task and state representation provide high-value targets to a potential attacker.

Let us consider a scenario, the attacker insert a piece of code that causes the system to silently send him or her a copy of some important information at a particular email address at a particular time.

Policy-based solution(18/21) In traditional communication system, the leak will stop if tha

t email address becomes unavailable, or a network gateway blocks it.

However, in an autonomic element, if the code is inserted as a policy piece, the autonomic element would then use every resource at its disposal to ensure that the information is delivered to the attacker. The attacker would have harnessed the element’s own ability to adapt to changing conditions and adopt new strategies for the purpose of stealing the desired information.

Preventing such high-level subversion will be an important part of the security of autonomic systems.

Policy-based solution(19/21)

On the other hand, the security policies that govern an autonomic element can provide new levels of resistance to attack.

Policy-based solution(20/21)

data leak in traditional systems

Policy-based solution(21/21)

data leak in autonomic systems

Conclusion No functioning system is perfectly secure, autonomic

communication system will be no exception. The development of autonomic systems cannot be delayed

until the final security solution is available, since it is impossible

Recent advances, including autonomic intrusion detection systems, secure embedded processors, proactive security measures, and automated virus response, have taken some burden of security maintenance off overloaded system administrators.

But there is much more which is waiting for us…

Thanks!

Any comments and questions?