Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services
- 2.1k Downloads
Web servers are primary targets for cyber attack because of the documents they may contain, transactions they support, or the opportunity to cause brand damage or reputational embarrassment to the victim organization. Today most web services are implemented by employing a fixed software stack that includes a web server program, web application programs, an operating system, and a virtualization layer. This software mix as a whole constitutes the attack surface of the web service and a vulnerability in one of the components that make up the web service is a potential threat to the entire service. This chapter presents an approach that employs a rotational scheme for substituting different software stacks for any given request in order to create a dynamic and uncertain attack surface area of the system. In particular, our approach automatically creates a set of diverse virtual servers (VSs), each configured with a unique software mix, producing diversified attack surfaces. Our approach includes a rotational scheme with a set of diversified offline servers rotating in to replace a set of diversified online servers on either a fixed rotation schedule or an event-driven basis. Assuming N different VSs, M < N of them will serve online at a time while off-line VSs are reverted to predefined pristine state. By constantly changing the set of M online VSs and introducing randomness in their selections, attackers will face multiple, constantly changing, and unpredictable attack surfaces.
KeywordsVirtual Machine Intrusion Detection System Virtualization Technology Virtual Server Mongrel Cluster
Unable to display preview. Download preview PDF.
- 1.The Top Cyber Security Risks in Year 2009, http://www.sans.org/top-cyber-security-risks.
- 2.Yih Huang; Ghosh, A.K.; Bracewell, T.; Mastropietro, B.;, “A security evaluation of a novel resilient web serving architecture: Lessons learned through industry/academia collaboration,” Dependable Systems and Networks Workshops (DSN-W), International Conference on, June 28 to July 1, 2010.Google Scholar
- 3.Yih Huang, Anup K. Ghosh, “Automating Intrusion Response via Virtualization for Realizing Uninterruptible Web Services,” Eighth IEEE International Symposium on Network Computing and Applications (NCA’09), 2009.Google Scholar
- 4.Fielding, R. T. and Taylor, R. N. 2002. “Principled design of the modern Web architecture,” ACM Trans. Internet Technology. 2, 2 (May. 2002), 115–150.Google Scholar
- 5.Microsoft WCF Data Service, http://msdn.microsoft.com/en-us/data/odata.aspx
- 6.Google Dalvik VM, http://www.dalvik.com
- 7.E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovic. “Randomized instruction set emulation,” ACM Trans. Info. & System Security, 8(1):3 40, Feb. 2005.Google Scholar
- 8.Java Servlet Technologies, http://www.oracle.com/technetwork/java/index-jsp-135475.html
- 9.http://en.wikipedia.org/wiki/List of Linux distributions
- 10.Hovav Shacham, “The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86),” CCS ’07 Proceedings of the 14th ACM conference on Computer and communications security. Whistler, BC, October 2007.Google Scholar
- 11.Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. 2003. “Countering codeinjection attacks with instruction-set randomization,” In Proceedings of the 10th ACM conference on Computer and communications security (CCS ’03). ACM, New York, NY, USA, 272–280.Google Scholar
- 12.National Institute of Standards, NIST. National vulnerability database, http://nvd.nist.gov.
- 13.R. Wojtczuk. “Subverting the Xen hypervisor,” in Black Hat USA, 2008.Google Scholar
- 14.Fabrice Bellard. Qemu, “A fast and portable dynamic translator,” In Proceedings of the USENIX 2005 Annual Technical Conference, FREENIX Track, pages 41–46, 2005.Google Scholar
- 15.VMware, Inc. http://www.vmware.com.
- 16.Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. “Xen and the art of virtualization,” In Proceedings of the nineteenth ACM symposium on Operating systems principles (SOSP ’03). New York, NY, USA, 2003.Google Scholar
- 17.OpenVZ lightweigt virtualization, http://openvz.org.
- 18.D. Price and A. Tucker. “Solaris zones: Operating system support for consolidating commercial workloads,” In Proceedings of the 18th Usenix LISA Conference., 2004.Google Scholar
- 20.Virtualbox, http://www.virtualbox.org/
- 21.D. Teigland and H. Mauelshagen. “Volume managers in linux,” In Proceedings of USENIX 2001 Technical Conference, June 2001.Google Scholar
- 22.Neiger, Gil; A. Santoni, F. Leung, D. Rodgers, R. Uhlig. “Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization”. Intel Technology Journal (Intel) 10 (3): 167–178. Available at http://download.intel.com/technology/itj/2006/v10i3/v10-i3- art01.pdf
- 23.AMD Virtualization (AMD-V) Technology, http://sites.amd.com/us/business/itsolutions/ virtualization/Pages/amd-v.asp
- 24.Pratyusa K. Manadhata, Jeannette M. Wing, “An Attack Surface Metric,” IEEE Transactions on Software Engineering, 01 Jun. 2010.Google Scholar
- 25.Pratyusa K. Manadhata, Jeannette M. Wing and Mark Flynn, “Measuring the attack surfaces of two FTP daemons,” Conference on Computer and Communications Security: Proceedings of the 2nd ACM workshop on Quality of protection; 30–30 Oct. 2006.Google Scholar
- 26.T. Newsham and J. Hoaglan. “Windows Vista Network Attack Surface Analysis: A Broad Overview,” CanSecWest, 2007.Google Scholar
- 27.M. Howard. “Fending off future attacks by reducing attack surface,” Available at http://msdn.microsoft.com/library/default.asp?url=/library/enus/ dncode%/html/secure02132003.asp, 2003.
- 29.Microsoft Hyper-V Server, http://www.microsoft.com/hyper-v-server/en/us/default.aspx
- 30.Rinard, M., C. Cadar, D. Dumitran, D. Roy, T. Leu, and J.W. Beebee, “Enhancing server availability and security through failure-oblivious computing,” in Proceedings of the 6th Symposium on OSDI, December 2004.Google Scholar
- 31.Sidiroglou, M.E. Locasto, S.W. Boyd and A. Keromytis, “Building a Reactive Immune System for Software Services,” in Proceedings of the USENIX Technical Conference, 2000.Google Scholar
- 32.Qin, F., J. Tucek, J. Sundaresan, and Y. Zhou, “Rx: treating bugs as allergies—a safe method to survive software failures,” in Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP), pp. 235–248, 2005.Google Scholar
- 33.Sidiroglou, S., O. Laadan, A. Keromytis, “Using Rescue points to Navigate Software Recovery (Short Paper),” in Proceedings of the IEEE Symposium on Security %26 Privacy, pp. 273–278, May 2007, Oakland, CA.Google Scholar
- 34.Kil, C., Jun, J., Bookholt, C., Xu, J., and Ning, P. 2006. “Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software,” In Proceedings of ACSAC’06, 2006.Google Scholar
- 35.A. Nguyen-Tuong, D. Evans, J. C. Knight, B. Cox, and J.W. Davidson. “Security through redundant data diversity.” In 38th IEEE/IFPF International Conference on Dependable Systems and Networks (DSN’08), Anchorage, Alaska, USA, 2008.Google Scholar
- 36.A. Bessani, A. Daidone, I. Gashi, R. Obelheiro, P. Sousa and V. Stankovic. “Enhancing Fault- /Intrusion Tolerance through Design and Configuration Diversity,” 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009).Google Scholar
- 37.M. Chew and D. Song. “Mitigating Buffer Overflows by Operating System Randomization,” Tech Report CMUCS-02-197. December 2002.Google Scholar
- 38.Yih Huang, David Arsenault, and Arun Sood. “Incorruptible System Self-Cleansing for Intrusion Tolerance,” Performance, Computing, and Communications Conference, IPCCC 2006.Google Scholar
- 39.The Terracotta project, http://www.terrracotta.org