1 / 18

Reliability & Security Distinctions and Interactions

Reliability & Security Distinctions and Interactions. Hal Lockhart BEA Systems. Topics. Similarities and differences Denial of Service Layering Principles Security Services Reliability Services Combining Security and Reliability. Are Security & Reliability Different?.

norina
Download Presentation

Reliability & Security Distinctions and Interactions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reliability & SecurityDistinctions and Interactions Hal Lockhart BEA Systems

  2. Topics • Similarities and differences • Denial of Service • Layering Principles • Security Services • Reliability Services • Combining Security and Reliability

  3. Are Security & Reliability Different? • Some Security Objectives • Service availability • Error detection • Prevent data loss • Prevent data duplication or reordering • Some Reliability Objectives • Service availability • Error detection • Prevent data loss • Prevent data duplication or reordering

  4. Information Security Definition • Technologies and procedures intended to implement organizational policy in spite of human efforts to the contrary. • Suggested by Authorization • Applies to all security services • Protection against accidents is incidental • Suggests four areas of attention

  5. Information Security Areas • Policy determination • Expression: code, permissions, ACLs, Language • Evaluation: semantics, architecture, performance • Policy enforcement • Maintain integrity of Trusted Computing Base (TCB) • Enforce variable policy

  6. Reliability Service • Protects against accidental errors • Services available in spite of random failures • Many distinct guarantees possible • Data complete • Data in order • No duplication • End to end transactions • Queue to queue transactions • Can be combined with security mechanisms

  7. Different Assumptions • Reliability: messages come from cooperating entity • Security: network is untrusted • Any message can be read by attackers • Any message can be modified by attackers • Assume some Trusted Computing Base (TCB) • Reliability • Check CRC – retransmit • Ignore low probability events • Security • Use secure hash function, e.g. SHA1 • Assume any event sequence is possible

  8. Denial of Service • Commonly misunderstood • Attacker modifies every message • Even if modifications are detected – zero throughput • Attack is easily detected and source located • No benefit to attack • Must assume “enough” messages get through

  9. Types of Denial of Service • Type 1 – Silver Bullet • Some message(s) cause crash • Example: Ping O’ Death • Clearly a bug, not in specification or design • Type 2 – Amplifier Attack • Small attacker effort - big effect • Example: Smurf • Harder to fix, possibly alter specification or design • Type 3 – Flood Attack • Overload slows server to a crawl • Examples: Distributed attack against public web servers • May be indistinguishable from legitimate usage • May be no real way to fix • Important to identify and locate source

  10. Layering Layer 3 Layer 3 Layer 2 Layer 2 Layer 1 Layer 1

  11. Layering Principles • A form of encapsulation • Corresponding layers communicate via peer protocol • Messages pass through all active layers • Guidelines • Layers must operate sequentially • Layers must operate on distinct data • Layers should not duplicate each other • Composability • Stronger condition • Layers may be omitted

  12. WS Consumer Rental Car Reservation Web Service Airline Reservation Web Service Hotel Reservation Web Service Travel Agency Web Service Composable Services

  13. Composable Layers Routing Routing Routing or Reliability or Reliability Security Security

  14. Basic Security Services • Not relevant to Reliability • Authentication • Confidentiality (encryption) • Authorization • Integrity service • Check signature • Discard invalid • Non-duplication service • Integrity service • Include nonce and timestamp under signature • Discard if nonce is duplicated or message too old

  15. Basic Reliability Service • Reliability in face of network failures • Implementation • Number all messages • Request retransmission if out of order message received • Discard duplicate messages • Present data in order • Care must be taken when ending session – flush data • Efficiency considerations • TCP does this • HTTP can start and stop TCP sessions • SOAP can travel over multiple protocols, not just HTTP

  16. End to End Reliability • Ensure consistency and recovery in face of node failures as well as network failures • Two levels • Distributed transactions • ACID properties • Application rollback on error • Not feasible for loosely coupled systems • Queue to queue transactions • Acid properties from queue to queue (no loss, no duplicates) • Rollback by compensating transactions only (hard) • Desirable approach for public web services

  17. Combining Security & Reliability • Security should be below Reliability • Discard invalid messages • Reliability (if present) will retransmit • SSL/TLS are “broken” in this regard • Security should be below other layers • Validate signatures • Decrypt data • Issue: must pass along metadata with message (e.g. what was signed, who was authenticated) • Security & Reliability could be intertwined • Loss of composibility

  18. Summary • Security and Reliability share some goals, but • Reliability assumes random errors • Security assumes human attacks • Several distinct types of Denial of Service • Denial of service is not necessarily bad, if we know it is happening and can locate the source • Composability of services is desirable • Security can detect modified and duplicated data • Reliability can protect against network failures alone or network and system failures • Queue to queue transactions are useful for B2B • Security should be the bottom layer

More Related