asynchronous intrusion recovery for interconnected web
play

Asynchronous intrusion recovery for interconnected web services - PowerPoint PPT Presentation

Jun 02, 2023 •338 likes •1.17k views

Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim , Nickolai Zeldovich MIT CSAIL Today's web services are highly interconnected Many web services provide APIs to other sites Many websites

  1. Asynchronous intrusion recovery for interconnected web services Ramesh Chandra, Taesoo Kim , Nickolai Zeldovich MIT CSAIL

  2. Today's web services are highly interconnected ● Many web services provide APIs to other sites ● Many websites integrate those APIs: — Authentication: Facebook Connect, Google+ ... — Data sharing: Dropbox ... — Business process management: Salesforce … — ...

  3. Example: online shopping mall ... Customer Relationship Management (CRM)

  4. Example: online shopping mall Adobe Echo Sign (E-Signature Service) ... Financial Force (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  5. Example: online shopping mall Facebook Twitter Allow Facebook users Adobe Echo Sign to buy our products (E-Signature Service) without registration ... Financial Force (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  6. Example: online shopping mall Facebook Twitter Allow Facebook users Adobe Echo Sign to buy our products (E-Signature Service) without registration ... Financial Force Address in Facebook (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  7. Attack in one service can spread between services Facebook Twitter Adobe Echo Sign (E-Signature Service) Ship purchased products to ... ... Address modifjed Financial Force by Attacker (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  8. Bugs in web services are commonplace ● Facebook (Mar 29 th 2013): — Attackers can intercept full permission access tokens

  9. Bugs in web services are commonplace ● Facebook (Mar 29 th 2013): — Attackers can intercept full permission access tokens ● Many web services have similar bugs Twitter (Aug 20 th 2013) — Instagram (May 2 nd 2013) — Microsoft Yammer (Aug 4 th 2013) —

  10. Goal ● Recovering integrity in interconnected services — Repair the state of afgected services as if the attack never occurred ● State-of-the-art: manual recovery — Admin doesn't trust other sites for recovery — Require manual interaction (e.g., email other admin)

  11. General plan for automatic recovery ● Use rollback-and-replay for recovering integrity in single machine — Prior works: Retro [OSDI '10], Warp [SOSP '11] ● Extend rollback-and-replay to many web services !

  12. Challenges ● Rollback-and-replay requires global coordinator — Each service cannot decide what to do for repair ● All services must be available during recovery — We want to repair some services even if others are down — Consistency problem: some services are not repaired yet

  13. Contributions Enable automatic intrusion recovery in distributed web services 1. Repair protocol between services • No central coordinator • Each service controls its repair 2. Asynchronous repair • Proceed repair even with unavailable services • Consistency in partially repair state

  14. Running example of an attack Facebook Twitter Adobe Echo Sign (E-Signature Service) Ship purchased products to ... ... Address modifjed Financial Force by Attacker (Accounting Service) CRM Bill.ON (Invoices and Billing Service)

  15. Running example of an attack Facebook ... CRM Bill.ON (Invoices and Billing Service)

  16. Running example of an attack Attacker Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  17. Running example of an attack Attacker Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  18. Running example of an attack Attacker Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  19. Running example of an attack Attacker Modify address Facebook ... Victim CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  20. Running example of an attack Attacker Modify address Facebook ... Victim Address modifjed by Attacker CRM http://bit.ly/1xoTn Bill.ON (Invoices and Billing Service)

  21. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON

  22. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON Time

  23. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON Time

  24. Timeline of the attack Attacker Victim Facebook Shopping Mall Bill.ON Time

  25. Goal: attack did not take place Attacker Victim Facebook Shopping Mall Bill.ON Time

  26. Goal: attack did not take place Attacker Victim Facebook Shopping Mall Bill.ON Time

  27. Overview of system execution ● Normal execution : — Record enough information for rollback-and-replay ● Repair: — Identify an attack to initiate repair — Repair local state: rollback and replay recorded requests — Propagate repair whenever local repair afgects others

  28. Overview of system execution ● Normal execution : — Record enough information for rollback-and-replay ● Repair: — Identify an attack to initiate repair — Repair local state: rollback and replay recorded requests — Propagate repair whenever local repair afgects others

  29. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Identify an attack for repair Shopping Mall Bill.ON Time

  30. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Time

  31. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Time

  32. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Error Time

  33. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Error Original address Time

  34. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Rollback state before the attack occurred Shopping Mall Bill.ON Error Error Original address Time

  35. Strawman: repair with global coordinator using rollback-and-replay Attacker Victim Facebook Remove access token Restore victim's address Shopping Mall Bill.ON Error Error Time

  36. Problems in Strawman design ● P1. All services must be available → Support asynchronous repair with speculation ● P2. Require global coordinator → Defjne repair APIs between services

  37. Problems in Strawman design ● P1. All services must be available → Support asynchronous repair with speculation ● P2. Require global coordinator → Defjne repair APIs between services

  38. Challenge: cooperating with unavailable web services Attacker Victim Facebook Unavailable Offmine Shopping Mall Bill.ON Error Error Error Error Time Wait for other services to come up?

  39. Solution: asynchronous repair ● Asynchronously deliver repair requests ● Speculatively proceed local repair with past responses (or timeout responses) ● Expose repaired state after local repair ● Intuition: why asynchronous repair works? — Many web services are designed for independent operation, prepared for handling others failures

  40. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Error Error Time

  41. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Speculatively proceed Error Error with past request Time Asynchronously deliver new response

  42. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Speculatively proceed Error Error with past request Time Asynchronously deliver new response

  43. Example: asynchronous repair Attacker Victim Facebook Repair queues Shopping Mall Bill.ON Error Error Speculatively proceed Error Error with past request Time Asynchronously deliver new response

  44. Example: exposing state after local repair Attacker Victim Facebook Shopping Mall Bill.ON ... Another Time web service Two services are still repairing

  45. What if speculation fails? ● If service responds difgerently, — Restart local repair with the new response — In fact, it is not difgerent from initiating new repair ● Asynchronous repair will converge to the correctly repaired state at the end

  46. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

  47. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: Following request depends on previous request ok

  48. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

  49. Example: speculation failure Facebook Shopping Mall Message: Message: Mall Mall Ready for shipping to: Ready for shipping to: ok Respond with difgerent result

  50. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

  51. Example: speculation failure Facebook Shopping Mall Message: Mall Ready for shipping to: ok

Recommend

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and

Detecting and Surviving Intrusions Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches Ph.D. Thesis Defense December 17th, 2019 1 HP Labs (ronny.chevalier@hp.com) 2 CIDRE Team, CentraleSuplec/Inria/CNRS/IRISA

1.66k views • 140 slides
Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems ACSAC, December 13th, 2019 1 HP Labs, United Kingdom (ronny.chevalier@hp.com, david.plaquin@hp.com, cid@hp.com) 2 CIDRE Team,

820 views • 56 slides
Asynchronous Replication and Bayou Asynchronous Replication and Bayou Asynchronous Replication

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Asynchronous Replication

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Asynchronous Replication Asynchronous Replication Idea: build available/scalable information services with read-any-write-any replication and a weak consistency model. - no

738 views • 48 slides
Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin

Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin

Asynchronous Logging and Fast Recovery for a Large-Scale Distributed In-Memory Storage Kevin Beineke, Florian Klein, Michael Schttner Institut fr Informatik, Heinrich-Heine-Universitt Dsseldorf Outline Motivation The In-Memory

323 views • 21 slides
Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of

Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of

Automatic intrusion recovery with system-wide history Taesoo Kim MIT CSAIL Current focus of system security: preventing attacks System hardening tools/techniques (e.g.,) Firewall, AntiVirus 2 My work on preventing attacks

1.76k views • 116 slides
Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah,

Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah,

Intrusion Recovery for Database-backed Web Applications Ramesh Chandra , Taesoo Kim, Meelap Shah, Neha Narula, Nickolai Zeldovich MIT CSAIL Web applications routinely compromised Web applications routinely compromised Web applications

1.44k views • 75 slides
Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M.

Intrusion Recovery using Selective Re-execution Taesoo Kim, Xi Wang, Nickolai Zeldovich , M. Frans Kaashoek MIT CSAIL Attackers routinely compromise system integrity Attackers routinely compromise system integrity Attackers routinely

1.23k views • 74 slides
Asynchronous sequence circuits An asynchronous sequence machine is a sequence circuit without

Asynchronous sequence circuits An asynchronous sequence machine is a sequence circuit without

Asynchronous sequence circuits An asynchronous sequence machine is a sequence circuit without flip-flops Asynchronous sequence machines are based on combinational gates with feedback Upon analysis it is assumed : Only one signal at a

1.34k views • 66 slides
Press intrusion. Identifying similar words with different connotations What is press intrusion?

Press intrusion. Identifying similar words with different connotations What is press intrusion?

Topic 12: Press intrusion. Identifying similar words with different connotations What is press intrusion? Press intrusion is an issue which has many stances, often depending on whether you are a member of the press or have been on the receiving

602 views • 9 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers

How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers

How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers for Asynchronous On- -chip Networks chip Networks On Wei Song Supervisor: Doug Edwards Advanced Processor Technologies Group Advanced

526 views • 26 slides
Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall 2000 Asynchronous Replication Asynchronous Replication Idea: build available/scalable information services with read-any-write-any replication and a

247 views • 24 slides
Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall

Asynchronous Replication and Bayou Asynchronous Replication and Bayou Jeff Chase CPS 212, Fall 2000 Asynchronous Replication Asynchronous Replication Idea: build available/scalable information services with read-any-write-any replication and a

688 views • 48 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Convergence of Iterative Hard Thresholding Variants with Application to Asynchronous Parallel

Convergence of Iterative Hard Thresholding Variants with Application to Asynchronous Parallel

Convergence of Iterative Hard Thresholding Variants with Application to Asynchronous Parallel Methods for Sparse Recovery Jamie Haddock Asilomar Conference on Signals, Systems, and Computers, November 4, 2019 Computational and Applied

1.21k views • 31 slides
An Asynchronous Fully Digital DLL for DDR SDRAM Data Recovery Jim Garside et al. University of

An Asynchronous Fully Digital DLL for DDR SDRAM Data Recovery Jim Garside et al. University of

MANCHE ST ER 1824 The University of Manchester An Asynchronous Fully Digital DLL for DDR SDRAM Data Recovery Jim Garside et al. University of Manchester MANCHE ST ER 1824 Contents The University of Manchester The problem Why

551 views • 15 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
THE VAPOR INTRUSION PATHWAY DANIEL G. GREENE, CPG MISCONCEPTIONS MISCONCEPTIONS VAPOR INTRUSION

THE VAPOR INTRUSION PATHWAY DANIEL G. GREENE, CPG MISCONCEPTIONS MISCONCEPTIONS VAPOR INTRUSION

engineers | scientists | architects | constructors THE VAPOR INTRUSION PATHWAY DANIEL G. GREENE, CPG MISCONCEPTIONS MISCONCEPTIONS VAPOR INTRUSION The migration of volatile chemical from the subsurface into overlying building (USEPA 2002)

585 views • 31 slides
Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and

Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and

Intrusion Detection W enke Lee Com puter Science Departm ent Colum bia University Intrusion and Computer Security Com puter security: confidentiality, integrity, and availability Intrusion: actions to com prom ise security W hy

1.09k views • 63 slides
AN ASYNCHRONOUS DIVIDER IMPLEMENTATION Navaneeth Jamadagni and Jo Ebergen 2 Asynchronous

AN ASYNCHRONOUS DIVIDER IMPLEMENTATION Navaneeth Jamadagni and Jo Ebergen 2 Asynchronous

Asynchronous Research Center Asynchronous Research Center AN ASYNCHRONOUS DIVIDER IMPLEMENTATION Navaneeth Jamadagni and Jo Ebergen 2 Asynchronous Research Center Acknowledgements Oracle Labs DARPA Asynchronous Research Center

1.04k views • 46 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides

More recommend