Loading in 2 Seconds...
Loading in 2 Seconds...
Unifying the conceptual levels of network security through use of patterns. PhD Proposal - Draft Ajoy Kumar Advisor: Dr. EF
Introduction • We analyze security mechanisms at the conceptual network layers and propose a unification of these levels using security patterns. We also develop several new patterns and study the existing patterns for this purpose.
Problem Statement • Three basic conceptual layers in the network are the network layer, the transport layer and the user application layer. Each of these layers is subjected to security threats and we need to consider security defenses at each of these layers. Security threats help form security policies which in turn lead to the development of protocol mechanisms and these mechanisms lead to security patterns at each of these layers.
Contd… • Some of the specific mechanisms used for security are Firewalls, IDS and VPN (Virtual Private Network). In this thesis we attempt to look at the involved security components such as Firewalls, IDS and VPN at these three primary layers and study the synergistic combination of these components. Then we look at the different security protocols controlling these layers such as IPSec (network or IP layer), TLS (the transport layer) and SOAP ( user application layer) which contribute to the defense at these layers. When Security is designed for these layers including these components and protocols, a systematic approach is required by the developers to enhance security.
Contd… • In this work we try to identify already existing security patterns for these components and protocols and then fill in the gaps for the missing security patterns. We will also try to compare and contrast the patterns developed at each of these layers and try to unify these levels using patterns. Once the patterns are developed, they will serve as a catalog to help designers build and maintain secure networks.
Software Patterns and Security • The primary objectives of security are to provide confidentiality, integrity, availability, and accountability to the information. Information or messages passed are usually vulnerable to attacks and are targeted by many people for political or personal reasons. Security countermeasures are usually classified into five groups: identification and authentication, access control and authorization, logging, cryptography, and intrusion detection.
Contd… • A way to counter the threats to security faced by these network layers is use of patterns. Patterns are solutions to recurrent problems in given contexts. Security patterns have been looked at extensively in the current world of threats and have been studied in detail. A good number of security patterns have been described in the literature [Fer06a, Sch06, Ste05]. In the ideal case the developer would be able to find one or more security patterns to provide guidance for specific security problems. Patterns in general capture knowledge and wisdom of developers in a highly accessible form for ordinary practitioners to apply.
Security Mechanisms • Three of the most common security mechanisms used are firewalls, VPN and IDS. • Firewalls have been shown to be very effective in providing security by basically creating a choke point of entry (and exit) into a local network [Bar99]. A firewall therefore restricts unauthorized clients from access to the local network and local networks from accessing external sites that are considered untrustworthy. A firewall can be used as a mechanism to enforce security policies and also allows a limited exposure of the protected network to outsiders.
Sec Mech. (Contd…) • VPN uses a technique called tunneling, in which data is transmitted across a public network in a private tunnel that simulates a end to end connection. • A system intrusion is any attempt to attack a system and compromise its integrity, confidentiality, or availability of a resource. Intrusion Detection Systems (IDS) are implemented to detect an intrusion when it occurs and on detection should trigger appropriate recovery measures [Fer05].
User Application Firewall IDS VPN Transport IP Overview of layers and security mechanisms at network layers
Network Architecture Security Mechanisms
Abstact Pattern for Sec. Mech. VPN/FW/IDS SAML Realize Realize Realize TLS V/F/I IPSec V/F/I XML V/F/I TLS IPSec Secure Channel Authentication
Proposed Research • General Goal We try to unify the security functions used in different network layers through security patterns. We identify the common security components of each layer and their protocols and try to discover the existing security patterns for each of these layers and identify the patterns yet to be developed and try to develop them.
Specific Goals and Outline • Survey security Components such as Firewall, IDS and VPN • Survey the existing protocols for each of these layers such as IPSec, TLS and SAML. • Identify the existing patterns for each of these security components for each of the network layers. • Identify the patterns yet to be developed for the security components for each of these network layers. • Develop these new security patterns yet to be developed for each of these layers. • Apply the new patterns developed on a Case Study and study the consequences in detail.
Contributions • A description of the three basic architectural layers using pattern diagrams showing the relationship between these patterns • A description of the protocols to provide security for these layers using security pattern diagrams. • An enumeration of the use cases and the security threats involved for the typical network functions. • Analysis of the existing countermeasures, eg. Firewalls, IDS, VPNs and their combinations. We will consider existing commercial products as possible sources of security patterns. • Specific patterns for the network architectural layers, their security standards, and mechanisms to defend against the identified threats. We have already published one of these [Fer05] and in the process of completing another. • Validation of the approach to applying it to a SCADA system.
Validation • A way to validate the proposed model is to apply it to a real system. We can analyze its main use cases and enumerate possible threats. Then we can see how our architectural model provides a structure to develop and evaluate a range of those systems. We intend to apply our model to a SCADA system and compare our results to other analysis of SCADA security such as [Nae07, NIST]. • The new patterns can be validated by publishing in conferences such as PLOP or similar conferences. (We did this with an early pattern [Fer05]).
Remaining Work: New Patterns • All the other patterns that need to be developed will be identified. The above existing patterns will be further expanded in detail. For example IDS pattern would be extended to include Misuse based IDS also. The VPN pattern will be expanded into different patterns for XML, Packet VPN and SSL VPNs. Patterns for the different Protocols. • Proposed TimeLine: Fall 2008 + Spring 2009
2. Synergy • Impact of synergistic combination of these security mechanisms VPN + FW + IDSSummer 2009.
4. Case Study (Validation) • Finally after all the missing pieces are developed it will be applied to the SCADA model which has been developed above and will be studied in detail. • Proposed Time Line: Fall 2009
Completed Work • Survey of existing patterns First we will identify all the patterns that have been developed by other researchers in these network layers such as the Packet filter pattern, proxy firewall pattern and XML firewall pattern and Survey of security mechanisms limiting to SCADA.
2. VPN Patterns Supports SAML XML VPN VPN Supports TLS TLS VPN IPSec Supports IP VPN
Class Diagram For VPN Network VPN * * Network End Point 1 1 * Authenticator Secure Channel 1 Identity Base * Identity
4. Case Study Identification • SCADA Architecture • SCADA can be used as an example of a distributed system where we apply these patterns. • Security Threats.
Example • An important example of SCADA application is electric power generation. • Context • A SCADA system such as electric power generation system with a Distributed Architecture and connected to the Internet.
Central Controller Comm. Network Field Unit Controller * 1 * Internet User Interface 1 Zone 1 Class Diagram (w/o Security Components)
Suggestions • Additions • Concerns • Modifications • Improvements