SlideShare ist ein Scribd-Unternehmen logo

Atc ny friday-talk_slides_20080808

Todd Deshane
Todd Deshane
Technologie
1 von 54
Downloaden Sie, um offline zu lesen
System Support for Rapid Recovery and Attack Resistance A Friday ATC-NY Talk by Todd Deshane
Overview Motivation Goals Background Architecture Evaluation Plan of Work
Motivation Computers on the Internet are vulnerable Even with latest updates and virus definitions Zero day exploits Malware effects User data compromised System controlled by attacker Restoration of system and user data Time-consuming Difficult for users Not always possible (i.e. digital photos)
Motivation "New methods are being invented, new tricks, and every year it gets worse... We are losing the battle... Most companies don't know they have been attacked." - Bruce Schneier "The average top executive doesn't understand security, but we have to change that... Security is an imperative. It's no longer just a good idea." - Allen Kerr "Virus incidences had surged between 2003, when they detected just over 10,000, and 2006, when they found 80,000. Criminal activity accounted for most of that increase." - Kaspersky Labs
Motivation "Very sophisticated tools are commercially available in black markets... This has made [the Internet] more attractive for organized crime: [criminals] no longer have to be geeks." - James Lewis "Although security awareness continues to improve, hackers and malicious code authors are releasing threats faster than ever before, with approximately 200 per cent more malicious threats per day than two years ago." - Stuart McClure (2006) "Over one third [of IT Companies] were hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack." - 2007 Secure64 Survey
Motivation Ooooh! I got some pics from my buddy Joe :) John is a typical desktop user that uses his computer to communicate with friends on IM and email, and surf the web.
Without the Rapid Recovery System 010010000100000101000011010010110100010101 Credit Card Numbers, Email Contacts, Passwords
With the Rapid Recovery System John tries to load the pictures in his photo VM, but the action is denied, since the “pics” are actually executables. An error message is displayed to John.
With the Rapid Recovery System John really wants to see the pics, so he ignores the error and copies the “pics” to his Internet VM and clicks on them. The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.
With the Rapid Recovery System Either of these actions cause the Internet VM to be reset. The built-in firewall of the Rapid Recovery System disallows the Internet VM to create a server. An error message appears when the Internet VM restarts. John finds out that these were not pics.
THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Open an attachment containing a mass emailing virus Without the Rapid Recovery System Notice a slow down of the machine, unsure of cause. Reboot machine, still slow. Look in process list, attempt to kill suspicious process, regenerates itself. Call tech support, make an appointment to take the computer to be fixed. Newest backup is 1 month old, some recent reports and pictures lost. 3 weeks later get the machine back with the OS re-installed.
THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Open an attachment containing a mass emailing virus With the Rapid Recovery System The attachment is written into the email log. The NET-VM flags a violation of the network contract and pauses the VM. The system asks the user if they want to rollback to the last known good image. Rollback and remount personal data store. Some system data (logs, etc.) in VM appliance is lost, but no personal data is lost. The machine is back in working order in less than 1 hour.
THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Surf to the wrong website Without the Rapid Recovery System A malicious program scans the hard drive for credit card numbers. The user does not notice any sign of trouble. The program sends out a small amount of data containing the information discovered. The program installs a backdoor for later use by the attacker.
THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Surf to the wrong website With the Rapid Recovery System The malicious programs begins to read the hard drive for credit card numbers. The FS-VM triggers a violation of the data access contract and pauses the VM. The system asks the user if they want to rollback to the last known good image. Rollback and remount personal data store. The scan is not completed, the information is not sent, the backdoor is prevented.
THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Install a required software update Without the Rapid Recovery System After the update, several applications cannot find some required components. The user calls tech support and they confirm the problems with the patch. The best recommendation is to completely uninstall and re- install the applications. It takes a few hours to assemble the installation media, to find the product keys, and to follow the instructions.
THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Install a required software update With the Rapid Recovery System After the update, several applications cannot find some required components. The user calls tech support and they confirm the problems with the patch. The user decides to rollback to the last known good image. The machine is back up in running in minutes.
Goals Provide attack resistance and rapid recovery Isolate and protect user data from attacks Provide automatic and user-triggered checkpoints Safe testing of system and application updates Facilitate forensic analysis
Background: Security Early Internet based on openness/trust First documented Internet worm – 1988 Malware: large scale problem – late 1990s Criminal malware networks (botnets) DDOS, digital blackmail, account/credit info Attack defenses Antivirus software Firewalls Intrusion detection systems
Background: Virtualization Virtual Machine Monitor Pioneered by IBM Software/hardware co-evolution Intel VT and AMD-V Software/hardware co-evolution (again) Next generation virtualization hardware Xen hypervisor (VMM) Paravirtual guests (i.e. Linux, *BSD) HVM guests (i.e. Microsoft Windows)
Background: Virtualization+Security VMs used as sandboxes VMs can be monitored from below System security and fault tolerance Replicate system state to a backup VM Secure logging and replay Backtracking intrusions Safe testing/integration of untrusted code Protection against root kits
Background: System Reset Facilities DeepFreeze Restore to trusted checkpoint on each boot Windows System Restore Keep checkpoints of system state for rollback Both of these lack: User data protection/rollback Attack prevention/detection
System Architecture Isolated Network FS-VM Management VMA 1 VMA 2 VMA N Management Internal Network Domain 0 Management NET-VM Xen Hypervisor Disk Hardware NIC Internet
Benefits Intrusion detection and attack prevention Protection of user data Checkpoint and restart of virtual machine appliances Rapid first time installation Model for software distribution Complement and enhance backups
Evaluation Resistance/protection against attacks Categorize attacks Defense strategies against attacks Performance overhead Overhead of virtualization technology Overhead of file system virtual machine
Evaluation: Attacks Backdoor attacks Initiate/listen for connections Send and receive data Malicious attacks Copy infected executables to shared folders Attempt to destroy data Spyware attacks Harvest email addresses and other personal data Vulnerability attacks Exploit vulnerability in specific server software
Evaluation: Defenses Block unused ports Backdoor attacks can't access the Internet Vulnerable services are not running Restrictions on read, write, and/or append access Malicious attacks can't write/delete user data Spyware attacks can't read user data Detect unexpected behavior and rollback Anomalies raise errors/warnings Prompt user or automatic rollback
Evaluation: Performance
Plan of Work Construction and integration of a separate NET-VM component Tight integration of NET-VM and FS-VM into virtual machine support layer of Xen A comprehensive virtual machine appliance contract system Evaluation of system Performance Functionality
System Architecture Isolated Network FS-VM Management VMA 1 VMA 2 VMA N Management Internal Network Domain 0 Management NET-VM Xen Hypervisor Disk Hardware NIC Internet
Plan: Construct and Integrate NET-VM Network Intrusion Detection System (snort) Firewall (iptables) Xen driver domain
Plan: Xen Support for NET-VM/FS-VM NET-VM already possible (driver domain) FS-VM granted file system access/control Xen communicates rules to NET-VM and FS-VM when new domain created NET-VM and FS-VM detect violations Violations enforced/communicated to Xen Appropriate actions taken by Xen Shutdown Restart Restore guest Notify user Prepare guest for forensic analysis
Plan: Comprehensive Contract System Virtual machine appliance contracts Specify the behavior of appliances Network access File system access Use existing NIDS and firewall rules Build upon existing Xen configuration file Add file system and network rule support
Plan: Evaluation of Modified System Performance I/O: read, write Network: send, receive CPU overhead Functionality Resistance to attack Recovery from attack Construct virtual machine appliances
Related/Proposed Projects at Clarkson Log-Structured File System (LFS) for FS-VM Enable rollback of writes with LFS Isolation testing of virtualization systems Performance isolation testing methodology and results Power testing of virtualization systems Recommend/improve power-friendly VMMs Tools for forensic analysis Capture/export compromised VM Recommend defense strategies Tools for contract inspection Visualize access granted by contract
Questions/Comments?
Backup Slides This won't fit in the presentation, but if there are questions, some of these slides might help
Virtualization Motivation Backup Slides More virtualization basics and why to use virtualization
Terminology Virtual Machine Monitor (VMM) Also know as: hypervisor Thin software layer between the hardware and “guest” operating system First to the hardware Examples of VMMs: VMware, Xen, Parallels, Z/vm, MS Viridian, Qemu, KVM, ...
VMM with a Picture
Virtualization Predictions 9 of 10 enterprises will have virtualization by 2007 - Yankee Group (August 2007) Physical servers growth near zero within 2012 - Bernstein (August 2007) Over 50% physical servers will be virtualized in 2011 - IDC (July 2007) Virtualization services market to reach $11.7 billion by 2011 - IDC (July 2007) Server market to hardly grow over 2% annually through 2011 because of virtualization - IDC (July 2007)
Virtualization Predictions 25% of enterprise data center servers to be virtual by 2010 - Intel (July 2007) A Microsoft hypervisor for Vista expected in mid-2009 - Gartner (July 2007) Virtualization will be part of nearly every aspect of IT by 2015 – Gartner (May 2007) 3 million virtual machines expected in 2009 - Gartner (May 2007)
Virtualization Predictions Virtualization and multicore will cost $2.4 billion in customer spending between 2006 and 2010 - IDC (March 2007) OS Virtualization to become mainstream by 2010 - Gartner (December 2006) Virtualization market to grow to $15 billion worldwide by 2009 - IDC (October 2006)
Performance Backup Slides Xen vs. VMware performance
System Performance
Guest Configuration File Backup Slides More details of the syntax
Plan: File System Rule Language # Example file system rule set for an email client. fs_rule = [ 'id=1, read, 1024, 5' ] # read at most 1024 bytes of data in 5 seconds fs_rule = [ 'id=2, append, 1024, 3' ] # append at most 1024 bytes of data in 3 seconds. fs_rule = [ 'id=3, write, 320, 3' ] # write at most 320 bytes in 3 seconds # The email mount point is accessible to the email client, and fs_rules # with id=1 and id=2 are applied disk = [ 'fsvm:/mnt/email, /home/user/mail,fs_rule=1:2' ] # The email mount point is accessible to the email client, and fs_rules # with id=1 and id=3 are applied. disk = [ 'fsvm:/mnt/email, /home/user/attachments,fs_rule=1:3' ]
Plan: Network Rule Language #Email client example continued network_rule = ['id=1, iptables, file=/etc/iptables/email_client'] network_rule = ['id=2, snort, file=/etc/snort/rules/email_client'] vif = [ 'rate=2Mb/s, network_rule=1:2' ]
Attacks Backup Slides More details/example attacks looked at
Evaluation of Prototype: Attacks Category/Behavior: Backdoor attacks initiate and listen for connections to send and receive data Examples: W32.MyDoom, W32.Bagel Defenses: Block unused ports Detect unexpected behavior and rollback to trusted image
Evaluation of Prototype: Attacks Category/Behavior: Attacks that copy infected executables to shared folders or attempt to destroy data Examples: W32.Netsky, W32.Netad Defenses: Restrictions on write access to personal data Detect unexpected behavior and rollback to trusted image
Evaluation of Prototype: Attacks Category/Behavior: Attacks that harvest email addresses and other personal data Examples: W32.Zafi.D, PWSteal.Ldpinch.E Defenses: Restrictions on read access to personal data Detect unexpected behavior and rollback to trusted image
Evaluation of Prototype: Attacks Category/Behavior: Attacks that exploit vulnerability in specific server software Examples: MySQL UDF, Blaster, Slammer Defenses: Block unused ports (if not running the server software) Detect unexpected behavior and rollback to trusted image (if running the server software)
Atc ny friday-talk_slides_20080808

Empfohlen

Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Todd Deshane
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksErdem Erdogan
 
Real-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware InfectionReal-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware InfectionWebroot
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
Security presentation
Security presentationSecurity presentation
Security presentationNathan Bateman
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot SecurityIRJET Journal
 

Empfohlen

Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Todd Deshane
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Mitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksMitigating Rapid Cyberattacks
Mitigating Rapid CyberattacksErdem Erdogan
 
Real-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware InfectionReal-Time Protection From Every Malware Infection
Real-Time Protection From Every Malware InfectionWebroot
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
Security presentation
Security presentationSecurity presentation
Security presentationNathan Bateman
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot SecurityIRJET Journal
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart StuxnetGil Megidish
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet wormsommerville-videos
 
PPT_Compiled
PPT_CompiledPPT_Compiled
PPT_CompiledAvineshwar Singh
 
Privacy, Security
Privacy, SecurityPrivacy, Security
Privacy, Securityguestf77c65c
 
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware PresentationLucy Denver
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Byres Security Inc.
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMfaraz hussain
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORNeha Rana
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the futureHardeep Bhurji
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Policy report barrat & associates ltd
Policy report barrat & associates ltdPolicy report barrat & associates ltd
Policy report barrat & associates ltdEugene Mukuka, BSc. MBA, MSc
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?SolarWinds
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flameSantosh Khadsare
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Cs seminar 20071207
Cs seminar 20071207Cs seminar 20071207
Cs seminar 20071207Todd Deshane
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware PresentationLucy Denver
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Byres Security Inc.
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMfaraz hussain
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORNeha Rana
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the futureHardeep Bhurji
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?SolarWinds
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 

Was ist angesagt? (20)

Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet worm
 
PPT_Compiled
PPT_CompiledPPT_Compiled
PPT_Compiled
 
Privacy, Security
Privacy, SecurityPrivacy, Security
Privacy, Security
 
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
'We Eat Cryptolocker for Breakfast' - How to Beat Ransomware Presentation
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attack
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasure
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEM
 
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISORINLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
INLINE_PATCH_PROXY_FOR_XEN_HYPERVISOR
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Policy report barrat & associates ltd
Policy report barrat & associates ltdPolicy report barrat & associates ltd
Policy report barrat & associates ltd
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.
 
Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Stuxnet flame
Stuxnet flameStuxnet flame
Stuxnet flame
 

Ähnlich wie Atc ny friday-talk_slides_20080808

Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Cs seminar 20071207
Cs seminar 20071207Cs seminar 20071207
Cs seminar 20071207Todd Deshane
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809Todd Deshane
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008ClubHack
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control AddressAngie Lee
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer OverviewScott Suhy
 
Cs seminar 20070426
Cs seminar 20070426Cs seminar 20070426
Cs seminar 20070426Todd Deshane
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentTALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentDawn Yankeelov
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring BasicsRob Dunn
 

Ähnlich wie Atc ny friday-talk_slides_20080808 (20)

Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 
Cs seminar 20071207
Cs seminar 20071207Cs seminar 20071207
Cs seminar 20071207
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
The Media Access Control Address
The Media Access Control AddressThe Media Access Control Address
The Media Access Control Address
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacion
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer Overview
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cs seminar 20070426
Cs seminar 20070426Cs seminar 20070426
Cs seminar 20070426
 
OS-Anatomy-Article
OS-Anatomy-ArticleOS-Anatomy-Article
OS-Anatomy-Article
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentTALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring Basics
 

Mehr von Todd Deshane

Why Choose Xen For Your Cloud?
Why Choose Xen For Your Cloud? Why Choose Xen For Your Cloud?
Why Choose Xen For Your Cloud? Todd Deshane
 
Xenorgs open stack_related_initiatives
Xenorgs open stack_related_initiativesXenorgs open stack_related_initiatives
Xenorgs open stack_related_initiativesTodd Deshane
 
Project kronos open_stack_design_summit
Project kronos open_stack_design_summitProject kronos open_stack_design_summit
Project kronos open_stack_design_summitTodd Deshane
 
Xen versus kvm_20080623
Xen versus kvm_20080623Xen versus kvm_20080623
Xen versus kvm_20080623Todd Deshane
 
Xen versus kvm_20080623
Xen versus kvm_20080623Xen versus kvm_20080623
Xen versus kvm_20080623Todd Deshane
 
Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)Todd Deshane
 
Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)Todd Deshane
 
Computer Security for Mission Assurance
Computer Security for Mission AssuranceComputer Security for Mission Assurance
Computer Security for Mission AssuranceTodd Deshane
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622Todd Deshane
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622Todd Deshane
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809Todd Deshane
 
Cs seminar 20071207
Cs seminar 20071207Cs seminar 20071207
Cs seminar 20071207Todd Deshane
 
Cs seminar 20070426
Cs seminar 20070426Cs seminar 20070426
Cs seminar 20070426Todd Deshane
 
Cs seminar 20061207
Cs seminar 20061207Cs seminar 20061207
Cs seminar 20061207Todd Deshane
 
Cs seminar 20061207
Cs seminar 20061207Cs seminar 20061207
Cs seminar 20061207Todd Deshane
 
Csaw research poster_20071204
Csaw research poster_20071204Csaw research poster_20071204
Csaw research poster_20071204Todd Deshane
 
Xen versus kvm_slides_20080623
Xen versus kvm_slides_20080623Xen versus kvm_slides_20080623
Xen versus kvm_slides_20080623Todd Deshane
 

Mehr von Todd Deshane (20)

opensourceiaas
opensourceiaasopensourceiaas
opensourceiaas
 
Why Choose Xen For Your Cloud?
Why Choose Xen For Your Cloud? Why Choose Xen For Your Cloud?
Why Choose Xen For Your Cloud?
 
Xenorgs open stack_related_initiatives
Xenorgs open stack_related_initiativesXenorgs open stack_related_initiatives
Xenorgs open stack_related_initiatives
 
Project kronos open_stack_design_summit
Project kronos open_stack_design_summitProject kronos open_stack_design_summit
Project kronos open_stack_design_summit
 
Xen versus kvm_20080623
Xen versus kvm_20080623Xen versus kvm_20080623
Xen versus kvm_20080623
 
Xen versus kvm_20080623
Xen versus kvm_20080623Xen versus kvm_20080623
Xen versus kvm_20080623
 
Usenix04 20040702
Usenix04 20040702Usenix04 20040702
Usenix04 20040702
 
Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (PDF)
 
Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)
Open Source Cloud Computing: Practical Solutions For Your Online Presence (ODP)
 
Computer Security for Mission Assurance
Computer Security for Mission AssuranceComputer Security for Mission Assurance
Computer Security for Mission Assurance
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622
 
S4 xen hypervisor_20080622
S4 xen hypervisor_20080622S4 xen hypervisor_20080622
S4 xen hypervisor_20080622
 
Ph d proposal_20070809
Ph d proposal_20070809Ph d proposal_20070809
Ph d proposal_20070809
 
Cs seminar 20071207
Cs seminar 20071207Cs seminar 20071207
Cs seminar 20071207
 
Cs seminar 20070426
Cs seminar 20070426Cs seminar 20070426
Cs seminar 20070426
 
Cs seminar 20061207
Cs seminar 20061207Cs seminar 20061207
Cs seminar 20061207
 
Cs seminar 20061207
Cs seminar 20061207Cs seminar 20061207
Cs seminar 20061207
 
Csaw research poster_20071204
Csaw research poster_20071204Csaw research poster_20071204
Csaw research poster_20071204
 
2010 xen-lisa
2010 xen-lisa2010 xen-lisa
2010 xen-lisa
 
Xen versus kvm_slides_20080623
Xen versus kvm_slides_20080623Xen versus kvm_slides_20080623
Xen versus kvm_slides_20080623
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Atc ny friday-talk_slides_20080808

  • 1. System Support for Rapid Recovery and Attack Resistance A Friday ATC-NY Talk by Todd Deshane
  • 2. Overview Motivation Goals Background Architecture Evaluation Plan of Work
  • 3. Motivation Computers on the Internet are vulnerable Even with latest updates and virus definitions Zero day exploits Malware effects User data compromised System controlled by attacker Restoration of system and user data Time-consuming Difficult for users Not always possible (i.e. digital photos)
  • 4. Motivation "New methods are being invented, new tricks, and every year it gets worse... We are losing the battle... Most companies don't know they have been attacked." - Bruce Schneier "The average top executive doesn't understand security, but we have to change that... Security is an imperative. It's no longer just a good idea." - Allen Kerr "Virus incidences had surged between 2003, when they detected just over 10,000, and 2006, when they found 80,000. Criminal activity accounted for most of that increase." - Kaspersky Labs
  • 5. Motivation "Very sophisticated tools are commercially available in black markets... This has made [the Internet] more attractive for organized crime: [criminals] no longer have to be geeks." - James Lewis "Although security awareness continues to improve, hackers and malicious code authors are releasing threats faster than ever before, with approximately 200 per cent more malicious threats per day than two years ago." - Stuart McClure (2006) "Over one third [of IT Companies] were hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack." - 2007 Secure64 Survey
  • 6. Motivation Ooooh! I got some pics from my buddy Joe :) John is a typical desktop user that uses his computer to communicate with friends on IM and email, and surf the web.
  • 7. Without the Rapid Recovery System 010010000100000101000011010010110100010101 Credit Card Numbers, Email Contacts, Passwords
  • 8. With the Rapid Recovery System John tries to load the pictures in his photo VM, but the action is denied, since the “pics” are actually executables. An error message is displayed to John.
  • 9. With the Rapid Recovery System John really wants to see the pics, so he ignores the error and copies the “pics” to his Internet VM and clicks on them. The executable runs and it instantly tries to run its built-in IRC server and starts scanning for personal data.
  • 10. With the Rapid Recovery System Either of these actions cause the Internet VM to be reset. The built-in firewall of the Rapid Recovery System disallows the Internet VM to create a server. An error message appears when the Internet VM restarts. John finds out that these were not pics.
  • 11. THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Open an attachment containing a mass emailing virus Without the Rapid Recovery System Notice a slow down of the machine, unsure of cause. Reboot machine, still slow. Look in process list, attempt to kill suspicious process, regenerates itself. Call tech support, make an appointment to take the computer to be fixed. Newest backup is 1 month old, some recent reports and pictures lost. 3 weeks later get the machine back with the OS re-installed.
  • 12. THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Open an attachment containing a mass emailing virus With the Rapid Recovery System The attachment is written into the email log. The NET-VM flags a violation of the network contract and pauses the VM. The system asks the user if they want to rollback to the last known good image. Rollback and remount personal data store. Some system data (logs, etc.) in VM appliance is lost, but no personal data is lost. The machine is back in working order in less than 1 hour.
  • 13. THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Surf to the wrong website Without the Rapid Recovery System A malicious program scans the hard drive for credit card numbers. The user does not notice any sign of trouble. The program sends out a small amount of data containing the information discovered. The program installs a backdoor for later use by the attacker.
  • 14. THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Surf to the wrong website With the Rapid Recovery System The malicious programs begins to read the hard drive for credit card numbers. The FS-VM triggers a violation of the data access contract and pauses the VM. The system asks the user if they want to rollback to the last known good image. Rollback and remount personal data store. The scan is not completed, the information is not sent, the backdoor is prevented.
  • 15. THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Install a required software update Without the Rapid Recovery System After the update, several applications cannot find some required components. The user calls tech support and they confirm the problems with the patch. The best recommendation is to completely uninstall and re- install the applications. It takes a few hours to assemble the installation media, to find the product keys, and to follow the instructions.
  • 16. THE MINEFIELD OF PERSONAL COMPUTER USE Scenario: Install a required software update With the Rapid Recovery System After the update, several applications cannot find some required components. The user calls tech support and they confirm the problems with the patch. The user decides to rollback to the last known good image. The machine is back up in running in minutes.
  • 17. Goals Provide attack resistance and rapid recovery Isolate and protect user data from attacks Provide automatic and user-triggered checkpoints Safe testing of system and application updates Facilitate forensic analysis
  • 18. Background: Security Early Internet based on openness/trust First documented Internet worm – 1988 Malware: large scale problem – late 1990s Criminal malware networks (botnets) DDOS, digital blackmail, account/credit info Attack defenses Antivirus software Firewalls Intrusion detection systems
  • 19. Background: Virtualization Virtual Machine Monitor Pioneered by IBM Software/hardware co-evolution Intel VT and AMD-V Software/hardware co-evolution (again) Next generation virtualization hardware Xen hypervisor (VMM) Paravirtual guests (i.e. Linux, *BSD) HVM guests (i.e. Microsoft Windows)
  • 20. Background: Virtualization+Security VMs used as sandboxes VMs can be monitored from below System security and fault tolerance Replicate system state to a backup VM Secure logging and replay Backtracking intrusions Safe testing/integration of untrusted code Protection against root kits
  • 21. Background: System Reset Facilities DeepFreeze Restore to trusted checkpoint on each boot Windows System Restore Keep checkpoints of system state for rollback Both of these lack: User data protection/rollback Attack prevention/detection
  • 22. System Architecture Isolated Network FS-VM Management VMA 1 VMA 2 VMA N Management Internal Network Domain 0 Management NET-VM Xen Hypervisor Disk Hardware NIC Internet
  • 23. Benefits Intrusion detection and attack prevention Protection of user data Checkpoint and restart of virtual machine appliances Rapid first time installation Model for software distribution Complement and enhance backups
  • 24. Evaluation Resistance/protection against attacks Categorize attacks Defense strategies against attacks Performance overhead Overhead of virtualization technology Overhead of file system virtual machine
  • 25. Evaluation: Attacks Backdoor attacks Initiate/listen for connections Send and receive data Malicious attacks Copy infected executables to shared folders Attempt to destroy data Spyware attacks Harvest email addresses and other personal data Vulnerability attacks Exploit vulnerability in specific server software
  • 26. Evaluation: Defenses Block unused ports Backdoor attacks can't access the Internet Vulnerable services are not running Restrictions on read, write, and/or append access Malicious attacks can't write/delete user data Spyware attacks can't read user data Detect unexpected behavior and rollback Anomalies raise errors/warnings Prompt user or automatic rollback
  • 28. Plan of Work Construction and integration of a separate NET-VM component Tight integration of NET-VM and FS-VM into virtual machine support layer of Xen A comprehensive virtual machine appliance contract system Evaluation of system Performance Functionality
  • 29. System Architecture Isolated Network FS-VM Management VMA 1 VMA 2 VMA N Management Internal Network Domain 0 Management NET-VM Xen Hypervisor Disk Hardware NIC Internet
  • 30. Plan: Construct and Integrate NET-VM Network Intrusion Detection System (snort) Firewall (iptables) Xen driver domain
  • 31. Plan: Xen Support for NET-VM/FS-VM NET-VM already possible (driver domain) FS-VM granted file system access/control Xen communicates rules to NET-VM and FS-VM when new domain created NET-VM and FS-VM detect violations Violations enforced/communicated to Xen Appropriate actions taken by Xen Shutdown Restart Restore guest Notify user Prepare guest for forensic analysis
  • 32. Plan: Comprehensive Contract System Virtual machine appliance contracts Specify the behavior of appliances Network access File system access Use existing NIDS and firewall rules Build upon existing Xen configuration file Add file system and network rule support
  • 33. Plan: Evaluation of Modified System Performance I/O: read, write Network: send, receive CPU overhead Functionality Resistance to attack Recovery from attack Construct virtual machine appliances
  • 34. Related/Proposed Projects at Clarkson Log-Structured File System (LFS) for FS-VM Enable rollback of writes with LFS Isolation testing of virtualization systems Performance isolation testing methodology and results Power testing of virtualization systems Recommend/improve power-friendly VMMs Tools for forensic analysis Capture/export compromised VM Recommend defense strategies Tools for contract inspection Visualize access granted by contract
  • 36.
  • 37. Backup Slides This won't fit in the presentation, but if there are questions, some of these slides might help
  • 38. Virtualization Motivation Backup Slides More virtualization basics and why to use virtualization
  • 39. Terminology Virtual Machine Monitor (VMM) Also know as: hypervisor Thin software layer between the hardware and “guest” operating system First to the hardware Examples of VMMs: VMware, Xen, Parallels, Z/vm, MS Viridian, Qemu, KVM, ...
  • 40. VMM with a Picture
  • 41. Virtualization Predictions 9 of 10 enterprises will have virtualization by 2007 - Yankee Group (August 2007) Physical servers growth near zero within 2012 - Bernstein (August 2007) Over 50% physical servers will be virtualized in 2011 - IDC (July 2007) Virtualization services market to reach $11.7 billion by 2011 - IDC (July 2007) Server market to hardly grow over 2% annually through 2011 because of virtualization - IDC (July 2007)
  • 42. Virtualization Predictions 25% of enterprise data center servers to be virtual by 2010 - Intel (July 2007) A Microsoft hypervisor for Vista expected in mid-2009 - Gartner (July 2007) Virtualization will be part of nearly every aspect of IT by 2015 – Gartner (May 2007) 3 million virtual machines expected in 2009 - Gartner (May 2007)
  • 43. Virtualization Predictions Virtualization and multicore will cost $2.4 billion in customer spending between 2006 and 2010 - IDC (March 2007) OS Virtualization to become mainstream by 2010 - Gartner (December 2006) Virtualization market to grow to $15 billion worldwide by 2009 - IDC (October 2006)
  • 44. Performance Backup Slides Xen vs. VMware performance
  • 46. Guest Configuration File Backup Slides More details of the syntax
  • 47. Plan: File System Rule Language # Example file system rule set for an email client. fs_rule = [ 'id=1, read, 1024, 5' ] # read at most 1024 bytes of data in 5 seconds fs_rule = [ 'id=2, append, 1024, 3' ] # append at most 1024 bytes of data in 3 seconds. fs_rule = [ 'id=3, write, 320, 3' ] # write at most 320 bytes in 3 seconds # The email mount point is accessible to the email client, and fs_rules # with id=1 and id=2 are applied disk = [ 'fsvm:/mnt/email, /home/user/mail,fs_rule=1:2' ] # The email mount point is accessible to the email client, and fs_rules # with id=1 and id=3 are applied. disk = [ 'fsvm:/mnt/email, /home/user/attachments,fs_rule=1:3' ]
  • 48. Plan: Network Rule Language #Email client example continued network_rule = ['id=1, iptables, file=/etc/iptables/email_client'] network_rule = ['id=2, snort, file=/etc/snort/rules/email_client'] vif = [ 'rate=2Mb/s, network_rule=1:2' ]
  • 49. Attacks Backup Slides More details/example attacks looked at
  • 50. Evaluation of Prototype: Attacks Category/Behavior: Backdoor attacks initiate and listen for connections to send and receive data Examples: W32.MyDoom, W32.Bagel Defenses: Block unused ports Detect unexpected behavior and rollback to trusted image
  • 51. Evaluation of Prototype: Attacks Category/Behavior: Attacks that copy infected executables to shared folders or attempt to destroy data Examples: W32.Netsky, W32.Netad Defenses: Restrictions on write access to personal data Detect unexpected behavior and rollback to trusted image
  • 52. Evaluation of Prototype: Attacks Category/Behavior: Attacks that harvest email addresses and other personal data Examples: W32.Zafi.D, PWSteal.Ldpinch.E Defenses: Restrictions on read access to personal data Detect unexpected behavior and rollback to trusted image
  • 53. Evaluation of Prototype: Attacks Category/Behavior: Attacks that exploit vulnerability in specific server software Examples: MySQL UDF, Blaster, Slammer Defenses: Block unused ports (if not running the server software) Detect unexpected behavior and rollback to trusted image (if running the server software)