Transcript Dissemination of Security Updates

Dissemination of
Security Updates
Jun Li
Dissertation Proposal
Outline







Motivation, challenges, and thesis
Related work
Protection against attacks
Dissemination mechanism
One strategy in initial study
Dissertation plans
Summary
Dissemination of security updates
2
Motivation
 Consider network security in general
Dissemination of security updates
3
Dissemination of security updates
4
Motivation
 Consider network security in general
 Security attack on just a single machine in a
network environment is usually not the case

For instance, before taking action an attack may
hide itself and penetrate into many machines
 Wide-spread information sharing in a timely
way is necessary

The information is called security update
Dissemination of security updates
5
Security Update Examples
 Virus signature (and remedy)
 Special events in distributed intrusion
detection
 Offending characteristics to be filtered by a
firewall
 Characteristics of a potential attack
Dissemination of security updates
6
Observation
 They all share a common need of doing
security update dissemination
 But the need is addressed in various
unsatisfactory ways (to be discussed later)
Dissemination of security updates
7
Solution to the problem
 Provide a common facility for security
update dissemination
Dissemination of security updates
8
Challenges
 Scalability
 Low latency
 High assurance






some machines may be subverted
some machines may be disconnected
Topological adaptability
Heterogeneity
Low overhead
High security itself
Dissemination of security updates
9
Thesis
Dissemination of security updates while
simultaneously addressing each of the
above challenges is feasible.
 Design and build a system that does the work
 Call the system Revere
Dissemination of security updates
10
Outline







Motivation, challenges, and thesis
Related work
Protection against attacks
Dissemination mechanism
One strategy in initial study
Dissertation plans
Summary
Dissemination of security updates
11
Related Work
 Information dissemination





simple transmission techniques
mailing list
distribution of software, virus signature, or key
network time protocol
push technology
 Element management


replicated data management
intrusion detection
Dissemination of security updates
12
Simple Transmission Techniques




Unicasting(one-to-one)
Broadcasting
Flooding
Multicasting
Dissemination of security updates
network
13
Mailing List
 Scalability
 Single path to reach
recipients
 Hard to interface with
other software ...
Dissemination of security updates
network
14
Distribution of
Software, Virus Signature, or Key
 Software distribution
 Virus signature distribution
 Key distribution
Dissemination of security updates
15
Network Time Protocol
 Disseminating clock time to synchronize
machines on network


manually configured
no retransmission
Dissemination of security updates
16
Push Technology
 Some commercial products: BackWeb,
Ifusion, InCommon, Intermind, Marimba,
NETdelivery, Wayfarer

poll the server periodically, fetch if needed
 Salamander




build a substrate
push data from suppliers to clients through the
substrate
only single path from a supplier to a client
no handling for disconnected machines
Dissemination of security updates
17
Element Management
 Replicated data management

each machine in Revere has a replica of
security update
 Intrusion detection

if we know which machines are subverted ...
Dissemination of security updates
18
Outline







Motivation, challenges, and thesis
Related work
Protection against attacks
Dissemination mechanism
One strategy in initial study
Dissertation plans
Summary
Dissemination of security updates
19
Protecting Revere
 Revere must protect itself against attacks


otherwise, security update won’t be
disseminated successfully
corrupted Revere is more dangerous if used by
enemy for own purpose
Dissemination of security updates
20
Attacks on Revere
 Corrupting a message


modification
fabrication or forgery
 Corrupting the transmission path



blockage
misdirection
denial of service by replay overloading
 Leakage of security update
Dissemination of security updates
21
Fight Against Attacks
 Message corruption

digital signature
 Transmission path corruption


redundancy by multiple paths
be ready for replay attacks by logging
signatures of previous security updates
 leakage of security update

no secrecy when many millions of machines
are receivers to share same information
Dissemination of security updates
22
Outline







Motivation, challenges, and thesis
Related work
Protection against attacks
Dissemination mechanism
One strategy in initial study
Dissertation plans
Summary
Dissemination of security updates
23
Dissemination Mechanism





High assurance
Pulling by disconnected node
Receiver based policy
Opportunistic use of transmission options
Scalability
 Dissemination structure
Dissemination of security updates
24
1. High Assurance
 Using acknowledgement
implosion
ack can be dropped
need to figure out what is missed by whom
retransmission probably follows same old path




 Using negative ack


only avoid implosion, and
only feasible when knowing a security update is missed
 Using redundancy



harder to corrupt all
to achieve best effort
accompanied with additional techniques,
such as pulling
Dissemination of security updates
25
2. Pulling By Disconnected Node
 Pulling from  is
not scalable and
hard to handle
network
 Repository nodes
 High assurance pulling

find best repository nodes
Dissemination of security updates
26
3. Receiver Based Policy
 Heterogeneous Revere node in terms of

different resiliency request
• different environment (hostile or safe)
• different context itself


different transmission characteristics
different platform
• different ability of being aware of above
Dissemination of security updates
27
4. Opportunistic Use of Transmission Options
 When security update forwarded from
machine to machine(s), choose best option
of available transmission type
 Tradeoff among




best performance
resource usage
delivery guarantee
simplicity of
implementation
Dissemination of security updates
network
28
5. Scalability
 Be ready for millions of receivers, or even
more



resource usage
performance
security
 Any machine can only have partial
information of the whole system

distributed computing
Dissemination of security updates
29
Dissemination Structure
 Automatic configuration

an easy-to-use user interface needed
• manual configuration hurts
 Dynamic adjustment adaptively





when a new node joins
when an existing node quits
when transmission characteristics changes
when detecting security problems
and so on …..
Dissemination of security updates
30
Outline







Motivation, challenges, and thesis
Related work
Protection against attacks
Dissemination mechanism
One Strategy in initial study
Dissertation plans
Summary
Dissemination of security updates
31
Dissemination w/ Sending Table
 Each Revere node has an associated
sending table locally
A
unicast
B,C
multicast
D
………….
B floppy
X broadcast
(empty)
C unicast w/
IP source routing
(empty)
Dissemination of security updates
32
Building the Sending Table
 Requirements



automatic
match dissemination mechanisms
dynamically adjustable
 Some information about dissemination
sources are common knowledge



addresses
type of security updates to disseminate
public keys
 Maybe similar information of some
existing Revere nodes
Dissemination of security updates
33
Recursive Enrollment of Newborn
 Recommending
Algorithm
 Decision Making
Algorithm
Selected
Detected
machinesmachines
info
list between
newborn and recommended
Recommended
list
Join Request
Machines listed in ’s sending table
A Newborn
Machines recommended to newborn
Machines selected
Dissemination of security updates
34
Enrollment Flexibility
 A new Revere machine can attach itself to
Revere system by sending enroll request(s)
to any existing Revere node(s)


based on trustfulness, or
contact more than one
Dissemination of security updates
35
Outline







Motivation, challenges, and thesis
Related work
Protection against attacks
Dissemination mechanism
One Strategy in initial study
Dissertation plans
Summary
Dissemination of security updates
36
A Prototype w/ Basic Functionality
 Security update delivery analysis
 Dissemination structure formation and
management
 Dissemination process


push
pull
Dissemination of security updates
37
Security Enforcement
 Authentication of security update


signing and verification of security update
key management
 Replay prevention

don’t be fooled to send lots of replays since
Revere has big fan-out
Dissemination of security updates
38
Test the System
 Build a testbed


composed of heterogeneous machines and
transmission media
small scale
 Simulate possible attacks
Dissemination of security updates
39
Simulation
 Large scale
 With some Revere nodes subverted

and actively thwarting the dissemination
 Understand the effects when lots of
machines pull missed information
 ……………...
Dissemination of security updates
40
Outline







Motivation, challenges, and thesis
Related work
Protection against attacks
Dissemination mechanism
One Strategy in initial study
Dissertation plans
Summary
Dissemination of security updates
41
Summary
 The goal is to be able to disseminate
security updates securely, quickly,
adaptively, to large number of
heterogeneous machines with high
assurance and low overhead
 The work includes design, prototype, test,
simulation, evaluation
Dissemination of security updates
42
Questions?
Dissemination of security updates
43