Docstoc

Research Achievements.ppt

Document Sample
Research Achievements.ppt Powered By Docstoc
					  Research Roadmap on network security:
from practical firewall to anti-spam/spyware

           PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚
                                        Dept. of Electrical Engineering
                                            National Taiwan University
                                               benson@ee.ntu.edu.tw
                                    http://www.ee.ntu.edu.tw/~benson



                  Benson Wu, 2005                                1
                     Questions to Answer

    What have I done?                            Changes in Security
                                                     Perimeter
     Brief background
                                                     Depth
     Research                                       Granularity
    What does Internet                           Case studies
    Security look like today?                        Anti-spyware
     Changes in Internet users               Conclusions
      and applications
     Changes in Threat
     Legacy security measures



                            Benson Wu, 2005                             2
                                                  1992~1996
          Brief Background                              English

                                                               馬尼拉美國學校
                                                                     ISM
2003~2005
Domain knowledge           Leadership                 Implementation




台大電機分散式網路實驗室                   台網資訊中心                    資訊工業策進會
     Dependable and         台灣新世代網路菁英                  Information Industry
 Distributed Network Lab     TaiWan Internet                Institution
                             Next Generation
2000~2003
                           Discipline




交大資科高速網路實驗室                工研院交大網路測試中心                       利基網路
                                Benson Wu, 2005                            3
High Speed Network Lab     Network Benchmarking Lab        L7 Networks
Research
                               Security

                       Security Gateway
                        Benchmarking
                         XML Firewall
                         Anti-spyware
                          Anti-spam
      Connectivity

      P2P Gateway
      Web Services
      Digital Home

                 Public interests…

                 Open Source Dev.
                 Textbook writing
                 Mag. article writing
                     Benson Wu, 2005      4
Internet Evolution

   Changes in Networking Technologies
   Changes in Internet Users and Internet
    Applications
   Changes in Security Accessories




                     Benson Wu, 2005         5
Changes in Internet Applications:
Primitive Web becoming Web Services

   Is Primitive Web enough?
       When they are still newbie…they want to “join”
           ALL Client-to-Server
       When they become big enough…they want to
        “share”
           Some Peer-to-Peer (P2P)
           Some Server-to-Server (Web Services)




                              Benson Wu, 2005            6
Changes in Internet Users:
from Browsing towards Clicking

   Necessary services at one-click: Web
    Services
        e.g. One-stop shopping
   Necessary authentications at one-time: Single
    Sign-On
        e.g. One-click cart/basket
   Necessary confidentiality with higher-
    granularity: XML Enc.
        e.g. Interleaved workflow

                            Benson Wu, 2005    7
    Such changes are more like a
    reality…
    Some numbers about P2P
        2 millions of Kuro users and 50.2% of
         teenagers (15~22) have visited either Kuro or
         EZPeer (創市際市場研究顧問公司, 2003/09)
        Some NT$9.6 billions lost due to P2P sharing
         (資策會網路通訊雜誌, 2003/06)
    Some numbers about Web Services…
        79% are evaluating (Accenture)
        52% are using or testing (TechMetrix)
        45.5% consider security to be the biggest
                         Benson Wu, 2005             8
         obstacle (BusinessWeek)
The Evolution of P2P: Darwinism




             Benson Wu, 2005      9
                 2004 P2P Popularity and User Rating
                                      Top 20 Popular P2P File-Sharing Applications

                 400,000,000                                                         100
                 350,000,000                                                         90
                                                                                     80
                 300,000,000                                                               Total
                                                                                     70
# of Downloads




                                                                                           Downloads
                 250,000,000                                                         60
                 200,000,000                                                         50
                                                                                           User Rating
                 150,000,000                                                         40
                                                                                     30
                 100,000,000
                                                                                     20
                  50,000,000                                                         10
                          0                 Piolet                                   0
                                           iMesh




                                                 e
                           K azaa




                                                 s
                                          XoloX




                                                er
                                                er
                                                X
                                               ter
                                               ter




                                              aza
                                             heus




                                             hare
                                            Wire




                                           z P2P




                                           apster
                                                3
                                                y
                                                y




                                          iTune
                                           eMul
                                          d MP
                                         Galax
                                          galax




                                        WinM




                                         Twist
                                         Napst
                                        Blubs
                                       Groks




                                       Share
                                      BearS
                               Morp



                                      Lime




                                     Ware




                                     NeoN
                                    Audio




                                    2 Fin
                                    Ares




                                                      Benson Wu, 2005                      10
    Extending Client-Server to P2P:
    Its Problems and Solutions
   Connectivity
       Internet transparency?
           How to connect resources successfully?
               Sol: middleman (e.g. gatekeeper in H.323, broker in middleware,
                renderzvous node in JXTA)

   Scalability
       size?
           How to locate MANY resources?
               Sol: smart routing (make use of DHT)
       time?
           How to locate resources INSTANTLY?
               Sol: Distributed hash table or DHT (resilience?)
                                      Benson Wu, 2005                      11
    Extending Client-Server to Web Services:
    Its Problems and Solutions

   What most XML firewall do?
       How to manipulate only parts of a document?
           Per-element XML encryption/signing
       How to authenticate/authorize between more than
        two parties
           Single-Sign On
       How to assure the validity of Web Services’ action?
           SOAP Schema validation
           SOAP Digital Signature verification

                                 Benson Wu, 2005          12
Changes in Threat:
Volume and Impact
   Security is tougher than ever
       In volume: >600%
           137,529 reported incidents during 2003, which is more
            than 6 times of 2000 (CERT)
       In impact: <10 minutes
           SQL slammer (aka. Sapphire) happened to own the
            Internet in less than 10 minutes in 2003




                           Benson Wu, 2005                    13
A Remind of Legacy Security
Measures
   Access security
       Firewall
       Content Filter
   Data security
       Virtual Private Network (VPN)
   System security
       Intrusion Detection System (IDS)
       Antivirus

                          Benson Wu, 2005   14
    Technical Analysis: Issues
   FW: must leave alone well-known ports, e.g. 80
   IDS: false alarm, new attack, correlation
   AV: new virus, signatures, where (desktop or
    network), polymorphism
   CF: false positives, false negatives
   VPN: management overhead, interoperability




                          Benson Wu, 2005            15
    Changes in Security:
    Perimeter, Depth and Granularity
        Existing security measures that protect you
           TCP/IP firewall: packet-level
           Virtual Private Network (VPN): IP-level tunneling
           Content filter: application-level
           Intrusion Detection System (IDS): application-level
           Antivirus: application-level
        Situation had changed
           Network perimeters have become less defined due to pervasive mobile devices
            (e.g. WLAN, PDA, etc.)
           80% of all attacks come from external parties, yet 80% of all security-related
            losses are due to remaining 20% of attacks
        Increasing Depth
           Stand-alone security measure  Integrated all-in-one approach
           Demand for internal security is emerging (plus more applications and more
            users requiring higher bandwidth)
        Finer Granularity
           Packet-level  Application-level
           Per-flow basis  Per-element basis
                                        Benson Wu, 2005                              16
    Anti-spyware:
    What are we dealing?
   Spyware
       Definition: a generic term referring to a class of software
        programs that could violate and potentially jeopardize people
        privacy and security concerns
       Examples: Gator, Cydoor, Aureate, Comet Cursor and Web3000
        could be found in many free applications (Kazaa, Bearshare,
        iMesh and Limewire)
           Read the EULA (End-user license agreement)
       How serious? nearly 70% spyware penetration in campus
        environment (Saroiu et al., 2004)
       Impact:
           credit card numbers could be stolen
           keystrokes could be captured
           browser settings could be modified
           users could be profiled
                                    Benson Wu, 2005              17
    Anti-spyware:
    Rootkits as an example
   Definition: software that comprise tools to
       erase traces of the intrusion from audit logs
       have "backdoors" that allow easy access
       hide the rootkit itself from administrators
   Types:
       User-mode rootkit
           replacing system binaries with trojaned ones
       Kernel-mode rootkit (with Linux Kernel Module support)
           insert a module that overrides kernel syscalls
   Runtime kernel patchings
           writing to /dev/kmem (with or without the LKM support)
   Tools for Rootkit Detection
       Tripwire
       AIDE (Advanced Intrusion Detection Environment)
       Chkrootkit (~56 rootkits) Benson Wu, 2005                    18
Conclusions
   Firewall
       Application-aware filtering
       Anti-spam
       Single-sign on
   IDS
       IPS
   VPN
       SSL VPN
   Anti-virus
       Anti-spyware
                           Benson Wu, 2005   19
Many thanks for your time :)




            Benson Wu, 2005    20

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:14
posted:10/9/2011
language:English
pages:20