Biological systems exhibit remarkable adaptation and robustness in the face of widely changing environments. By adopting properties of biological systems, we hope to design systems that operate adequately even in the presence of catastrophic failures and large scale attacks. We describe a programming paradigm based on the actions of biological cells and demonstrate the ability of systems built using our model to survive massive failures. Traditional methods of system design require explicit programming for fault tolerance, which adds substantial costs and complexity to the design, implementation and testing phases. Our approach provides implicit fault tolerance by using simple programs constructed following guiding principles derived from observing nature. We illustrate our model with experiments producing simple structures and apply it to design a distributed wireless file service for ad hoc wireless networks.
{"title":"A biological programming model for self-healing","authors":"S. George, David E. Evans, Steven A. Marchette","doi":"10.1145/1036921.1036929","DOIUrl":"https://doi.org/10.1145/1036921.1036929","url":null,"abstract":"Biological systems exhibit remarkable adaptation and robustness in the face of widely changing environments. By adopting properties of biological systems, we hope to design systems that operate adequately even in the presence of catastrophic failures and large scale attacks. We describe a programming paradigm based on the actions of biological cells and demonstrate the ability of systems built using our model to survive massive failures. Traditional methods of system design require explicit programming for fault tolerance, which adds substantial costs and complexity to the design, implementation and testing phases. Our approach provides implicit fault tolerance by using simple programs constructed following guiding principles derived from observing nature. We illustrate our model with experiments producing simple structures and apply it to design a distributed wireless file service for ad hoc wireless networks.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121902690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Keromytis, Janak J. Parekh, Philip Gross, G. Kaiser, V. Misra, Jason Nieh, D. Rubenstein, S. Stolfo
We present SABER (Survivability Architecture: Block, Evade, React), a proposed survivability architecture that blocks, evades and reacts to a variety of attacks by using several security and survivability mechanisms in an automated and coordinated fashion. Contrary to the ad hoc manner in which contemporary survivable systems are built-using isolated, independent security mechanisms such as firewalls, intrusion detection systems and software sandboxes-SABER integrates several different technologies in an attempt to provide a unified framework for responding to the wide range of attacks malicious insiders and outsiders can launch.� This coordinated multi-layer approach will be capable of defending against attacks targeted at various levels of the network stack, such as congestion-based DoS attacks, software-based DoS or code-injection attacks, and others. Our fundamental insight is that while multiple lines of defense are useful, most conventional, uncoordinated approaches fail to exploit the full range of available responses to incidents. By coordinating the response, the ability to survive successful security breaches increases substantially.� We discuss the key components of SABER, how they will be integrated together, and how we can leverage on the promising results of the individual components to improve survivability in a variety of coordinated attack scenarios. SABER is currently in the prototyping stages, with several interesting open research topics.
{"title":"A holistic approach to service survivability","authors":"A. Keromytis, Janak J. Parekh, Philip Gross, G. Kaiser, V. Misra, Jason Nieh, D. Rubenstein, S. Stolfo","doi":"10.1145/1036921.1036923","DOIUrl":"https://doi.org/10.1145/1036921.1036923","url":null,"abstract":"We present SABER (Survivability Architecture: Block, Evade, React), a proposed survivability architecture that blocks, evades and reacts to a variety of attacks by using several security and survivability mechanisms in an automated and coordinated fashion. Contrary to the ad hoc manner in which contemporary survivable systems are built-using isolated, independent security mechanisms such as firewalls, intrusion detection systems and software sandboxes-SABER integrates several different technologies in an attempt to provide a unified framework for responding to the wide range of attacks malicious insiders and outsiders can launch.\u0000 This coordinated multi-layer approach will be capable of defending against attacks targeted at various levels of the network stack, such as congestion-based DoS attacks, software-based DoS or code-injection attacks, and others. Our fundamental insight is that while multiple lines of defense are useful, most conventional, uncoordinated approaches fail to exploit the full range of available responses to incidents. By coordinating the response, the ability to survive successful security breaches increases substantially.\u0000 We discuss the key components of SABER, how they will be integrated together, and how we can leverage on the promising results of the individual components to improve survivability in a variety of coordinated attack scenarios. SABER is currently in the prototyping stages, with several interesting open research topics.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130295809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many distributed services are susceptible to attacks by malicious clients that can significantly degrade their performance. Scalable distributed services make use of a variety of techniques which are vulnerable to such attacks. We explore the survivability of services when attacks target the scalability techniques employed by the services. In particular, we explore how the effectiveness of caching can be degraded when malicious clients manipulate cache management algorithms. We present an attack resistant replacement algorithm and show that it is much more effective in dealing with attacks compared to other widely deployed replacement algorithms.
{"title":"Attack resistant cache replacement for survivable services","authors":"V. Manivel, M. Ahamad, H. Venkateswaran","doi":"10.1145/1036921.1036928","DOIUrl":"https://doi.org/10.1145/1036921.1036928","url":null,"abstract":"Many distributed services are susceptible to attacks by malicious clients that can significantly degrade their performance. Scalable distributed services make use of a variety of techniques which are vulnerable to such attacks. We explore the survivability of services when attacks target the scalability techniques employed by the services. In particular, we explore how the effectiveness of caching can be degraded when malicious clients manipulate cache management algorithms. We present an attack resistant replacement algorithm and show that it is much more effective in dealing with attacks compared to other widely deployed replacement algorithms.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132293805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise.� Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.
{"title":"Modeling insecurity: policy engineering for survivability","authors":"P. Naldurg, R. Campbell","doi":"10.1145/1036921.1036931","DOIUrl":"https://doi.org/10.1145/1036921.1036931","url":null,"abstract":"We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise.\u0000 Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121893841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: