2. Self-protection refers to the ability for a system to detect
illegal behaviors and to fight-back intrusions with counter-
measures. Self protection in a clustered distributed system is
based on the structural knowledge of the cluster and of the
distributed applications. This knowledge allows to detect
known and unknown attacks if an illegal communication
channel is used.
3.
The complexity of today’s distributed computing
environments is such that the presence of bugs and
security holes is statistically unavoidable.
A very promising approach to this issue is to
implement a self protected system which refers to the
capability of a system to protect itself against
intrusions.
4.
Self -protection in a clustered distributed system presents a
self- protected system context of cluster –based
applications.
We consider that hardware environment is composed of a
cluster of machines interconnected through a local area
network.
The software environment is composed of a set of
application components deployed on the cluster.
5.
A number of surveys focused on classifying security
patterns. Using metrics such as purpose and abstraction
level
Security patterns which are applicable to classifying selfprotection approaches based on:
Confidentiality, Integrity, and Availability.
6.
The main tools and techniques currently used are
Intrusion detection
Two main approaches have been explored to ensure intrusion
detection :
I)misuse intrusion detection and
II)Anomaly intrusion detection.
These approaches are used in firewalls and intrusion detection
system.
7. Backtracking tools:
Backtracking tools record data about system activity so
that once intrusion attempt has been detected, it is
possible to detect sequence of events that led to
intrusion and potential extent of damage.
8.
Misuse intrusion detection cannot detect unknown
attacks, Anomaly intrusion detection can detect
unknown attacks but price a lot.
Backtracking tools can help to automate parts but
human expertise is required for accurate
understanding of attack.
9.
Any attempt to use an undeclared communication
channel is trapped and a recovery procedure is
executed automatically.
Legal communication channels are automatically
calculated from hardware and software architectures of
the system and are used to generate protection rules
that forbid the use of unspecified channels.
10.
11.
Automates the configuration of security components
when the system evolves.
Detects and blocks any deviation from communication
channels.
Isolate the machine belonging to cluster that breaks
communication channels.
12. In future self-protection in a clustered distributed
system has to be focused on spotting intruders
targeting different protocols.
13. The detection of an illegal behavior triggers a counter
-measure to isolate the compromised resources and
prevent further damages. Self -protection in a clustered
distributed system targets controlled environments and
silent attacks rather than open grid and denial-of-service
attacks.