Active security

In this paper we introduce active security, a new methodology which introduces programmatic control within a novel feedback loop into the defense infrastructure. Active security implements a unified programming environment which provides interfaces to (i) protect the infrastructure under common attack scenarios (e.g., configure a firewall), (ii) sense the current state of the infrastructure through a wide variety of information, (iii) adjust the configuration of the infrastructure at run time based on sensed information, (iv) collect forensic evidence on-demand, at run-time for attribution, and (v) counter the attack through more advanced mechanisms such as migrating malicious code to a quarantined system. We built an initial prototype that extends the FloodLight software-defined networking controller to automatically interface with the Snort intrusion detection system to detect anomalies, the Linux Memory Extractor to collect forensic evidence at run-time, and the Volatility parsing tool to extract an executable from physical memory and analyze information about the malware (which can then be used by the active security system to better secure the infrastructure).

[1]  Editors , 1986, Brain Research Bulletin.

[2]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[3]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  Jonathan M. Smith,et al.  The Architecture of ALIEN , 1999, IWAN.

[5]  Avishai Wool,et al.  Firmato: A novel firewall management toolkit , 2004, TOCS.

[6]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[7]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[8]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[9]  Hong Yan,et al.  A clean slate 4D approach to network control and management , 2005, CCRV.

[10]  L. Wilkinson Immunity , 1891, The Lancet.

[11]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[12]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[13]  Martín Casado,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM '07.

[14]  Brendan Dolan-Gavitt,et al.  The VAD tree: A process-eye view of physical memory , 2007, Digit. Investig..

[15]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[16]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[17]  Matthew Caesar,et al.  Toward Interactive Debugging for ISP Networks , 2009, HotNets.

[18]  Milo M. K. Martin,et al.  SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.

[19]  Andreas Haeberlen,et al.  Accountable Virtual Machines , 2010, OSDI.

[20]  Zhi Wang,et al.  HyperSentry: enabling stealthy in-context measurement of hypervisor integrity , 2010, CCS '10.

[21]  Jeremy Andrus,et al.  Cells: a virtual mobile smartphone architecture , 2011, SOSP '11.

[22]  Anja Feldmann,et al.  OFRewind: Enabling Record and Replay Troubleshooting for Networks , 2011, USENIX Annual Technical Conference.

[23]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[24]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[25]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[26]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[27]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[28]  Dirk Grunwald,et al.  Jobber: Automating Inter-Tenant Trust in the Cloud , 2013, HotCloud.

[29]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[30]  S. C. S. Corneliussen New York Times: "Universities face a rising barrage of cyberattacks" , 2013 .