Advertisement

Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services

  • Yih HuangEmail author
  • Anup K. Ghosh
Chapter
  • 2.1k Downloads
Part of the Advances in Information Security book series (ADIS, volume 54)

Abstract

Web servers are primary targets for cyber attack because of the documents they may contain, transactions they support, or the opportunity to cause brand damage or reputational embarrassment to the victim organization. Today most web services are implemented by employing a fixed software stack that includes a web server program, web application programs, an operating system, and a virtualization layer. This software mix as a whole constitutes the attack surface of the web service and a vulnerability in one of the components that make up the web service is a potential threat to the entire service. This chapter presents an approach that employs a rotational scheme for substituting different software stacks for any given request in order to create a dynamic and uncertain attack surface area of the system. In particular, our approach automatically creates a set of diverse virtual servers (VSs), each configured with a unique software mix, producing diversified attack surfaces. Our approach includes a rotational scheme with a set of diversified offline servers rotating in to replace a set of diversified online servers on either a fixed rotation schedule or an event-driven basis. Assuming N different VSs, M < N of them will serve online at a time while off-line VSs are reverted to predefined pristine state. By constantly changing the set of M online VSs and introducing randomness in their selections, attackers will face multiple, constantly changing, and unpredictable attack surfaces.

Keywords

Virtual Machine Intrusion Detection System Virtualization Technology Virtual Server Mongrel Cluster 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    The Top Cyber Security Risks in Year 2009, http://www.sans.org/top-cyber-security-risks.
  2. 2.
    Yih Huang; Ghosh, A.K.; Bracewell, T.; Mastropietro, B.;, “A security evaluation of a novel resilient web serving architecture: Lessons learned through industry/academia collaboration,” Dependable Systems and Networks Workshops (DSN-W), International Conference on, June 28 to July 1, 2010.Google Scholar
  3. 3.
    Yih Huang, Anup K. Ghosh, “Automating Intrusion Response via Virtualization for Realizing Uninterruptible Web Services,” Eighth IEEE International Symposium on Network Computing and Applications (NCA’09), 2009.Google Scholar
  4. 4.
    Fielding, R. T. and Taylor, R. N. 2002. “Principled design of the modern Web architecture,” ACM Trans. Internet Technology. 2, 2 (May. 2002), 115–150.Google Scholar
  5. 5.
  6. 6.
    Google Dalvik VM, http://www.dalvik.com
  7. 7.
    E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovic. “Randomized instruction set emulation,” ACM Trans. Info. & System Security, 8(1):3 40, Feb. 2005.Google Scholar
  8. 8.
  9. 9.
    http://en.wikipedia.org/wiki/List of Linux distributions
  10. 10.
    Hovav Shacham, “The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86),” CCS ’07 Proceedings of the 14th ACM conference on Computer and communications security. Whistler, BC, October 2007.Google Scholar
  11. 11.
    Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. 2003. “Countering codeinjection attacks with instruction-set randomization,” In Proceedings of the 10th ACM conference on Computer and communications security (CCS ’03). ACM, New York, NY, USA, 272–280.Google Scholar
  12. 12.
    National Institute of Standards, NIST. National vulnerability database, http://nvd.nist.gov.
  13. 13.
    R. Wojtczuk. “Subverting the Xen hypervisor,” in Black Hat USA, 2008.Google Scholar
  14. 14.
    Fabrice Bellard. Qemu, “A fast and portable dynamic translator,” In Proceedings of the USENIX 2005 Annual Technical Conference, FREENIX Track, pages 41–46, 2005.Google Scholar
  15. 15.
    VMware, Inc. http://www.vmware.com.
  16. 16.
    Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. “Xen and the art of virtualization,” In Proceedings of the nineteenth ACM symposium on Operating systems principles (SOSP ’03). New York, NY, USA, 2003.Google Scholar
  17. 17.
    OpenVZ lightweigt virtualization, http://openvz.org.
  18. 18.
    D. Price and A. Tucker. “Solaris zones: Operating system support for consolidating commercial workloads,” In Proceedings of the 18th Usenix LISA Conference., 2004.Google Scholar
  19. 19.
  20. 20.
  21. 21.
    D. Teigland and H. Mauelshagen. “Volume managers in linux,” In Proceedings of USENIX 2001 Technical Conference, June 2001.Google Scholar
  22. 22.
    Neiger, Gil; A. Santoni, F. Leung, D. Rodgers, R. Uhlig. “Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization”. Intel Technology Journal (Intel) 10 (3): 167–178. Available at http://download.intel.com/technology/itj/2006/v10i3/v10-i3- art01.pdf
  23. 23.
    AMD Virtualization (AMD-V) Technology, http://sites.amd.com/us/business/itsolutions/ virtualization/Pages/amd-v.asp
  24. 24.
    Pratyusa K. Manadhata, Jeannette M. Wing, “An Attack Surface Metric,” IEEE Transactions on Software Engineering, 01 Jun. 2010.Google Scholar
  25. 25.
    Pratyusa K. Manadhata, Jeannette M. Wing and Mark Flynn, “Measuring the attack surfaces of two FTP daemons,” Conference on Computer and Communications Security: Proceedings of the 2nd ACM workshop on Quality of protection; 30–30 Oct. 2006.Google Scholar
  26. 26.
    T. Newsham and J. Hoaglan. “Windows Vista Network Attack Surface Analysis: A Broad Overview,” CanSecWest, 2007.Google Scholar
  27. 27.
    M. Howard. “Fending off future attacks by reducing attack surface,” Available at http://msdn.microsoft.com/library/default.asp?url=/library/enus/ dncode%/html/secure02132003.asp, 2003.
  28. 28.
    R. J. Creasy. “The origin of the VM/370 time-sharing system,” IBM J. Research and Development, 25(5):483–490, September 1981.CrossRefGoogle Scholar
  29. 29.
  30. 30.
    Rinard, M., C. Cadar, D. Dumitran, D. Roy, T. Leu, and J.W. Beebee, “Enhancing server availability and security through failure-oblivious computing,” in Proceedings of the 6th Symposium on OSDI, December 2004.Google Scholar
  31. 31.
    Sidiroglou, M.E. Locasto, S.W. Boyd and A. Keromytis, “Building a Reactive Immune System for Software Services,” in Proceedings of the USENIX Technical Conference, 2000.Google Scholar
  32. 32.
    Qin, F., J. Tucek, J. Sundaresan, and Y. Zhou, “Rx: treating bugs as allergies—a safe method to survive software failures,” in Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP), pp. 235–248, 2005.Google Scholar
  33. 33.
    Sidiroglou, S., O. Laadan, A. Keromytis, “Using Rescue points to Navigate Software Recovery (Short Paper),” in Proceedings of the IEEE Symposium on Security %26 Privacy, pp. 273–278, May 2007, Oakland, CA.Google Scholar
  34. 34.
    Kil, C., Jun, J., Bookholt, C., Xu, J., and Ning, P. 2006. “Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software,” In Proceedings of ACSAC’06, 2006.Google Scholar
  35. 35.
    A. Nguyen-Tuong, D. Evans, J. C. Knight, B. Cox, and J.W. Davidson. “Security through redundant data diversity.” In 38th IEEE/IFPF International Conference on Dependable Systems and Networks (DSN’08), Anchorage, Alaska, USA, 2008.Google Scholar
  36. 36.
    A. Bessani, A. Daidone, I. Gashi, R. Obelheiro, P. Sousa and V. Stankovic. “Enhancing Fault- /Intrusion Tolerance through Design and Configuration Diversity,” 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009).Google Scholar
  37. 37.
    M. Chew and D. Song. “Mitigating Buffer Overflows by Operating System Randomization,” Tech Report CMUCS-02-197. December 2002.Google Scholar
  38. 38.
    Yih Huang, David Arsenault, and Arun Sood. “Incorruptible System Self-Cleansing for Intrusion Tolerance,” Performance, Computing, and Communications Conference, IPCCC 2006.Google Scholar
  39. 39.
    The Terracotta project, http://www.terrracotta.org

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations