skip to main content
10.1145/2535771.2535794acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article

Active security

Published: 21 November 2013 Publication History

Abstract

In this paper we introduce active security, a new methodology which introduces programmatic control within a novel feedback loop into the defense infrastructure. Active security implements a unified programming environment which provides interfaces to (i) protect the infrastructure under common attack scenarios (e.g., configure a firewall), (ii) sense the current state of the infrastructure through a wide variety of information, (iii) adjust the configuration of the infrastructure at run time based on sensed information, (iv) collect forensic evidence on-demand, at run-time for attribution, and (v) counter the attack through more advanced mechanisms such as migrating malicious code to a quarantined system. We built an initial prototype that extends the FloodLight software-defined networking controller to automatically interface with the Snort intrusion detection system to detect anomalies, the Linux Memory Extractor to collect forensic evidence at run-time, and the Volatility parsing tool to extract an executable from physical memory and analyze information about the malware (which can then be used by the active security system to better secure the infrastructure).

References

[1]
Arbor Networks Peakflow SP Threat Management System. http://www.arbornetworks.com/products/peakflow/tms.
[2]
Immunity debugger. http://www.immunityinc.com/products-immdbg.shtml.
[3]
Solarwinds. http://www.solarwinds.com/log-event-manager/active-response-library.aspx.
[4]
VMware Horizon Mobile. http://www.vmware.com/products/desktop_virtualization/mobile/overview.html.
[5]
Ballarat grammar secures byod with hp sentinel sdn. http://h20195.www2.hp.com/v2/GetPDF.aspx/4AA4-7496ENW.pdf, Aug. 2013.
[6]
Floodlight. http://floodlight.openflowhub.org, 2013.
[7]
Linux memory extrator. https://code.google.com/p/lime-forensics/, 2013.
[8]
Snort. http://www.snort.org/, 2013.
[9]
G. Abelar and D. Tesch. Role of CS-MARS in Your Network. http://www.ciscopress.com/articles/article.asp?p=664149, 2006.
[10]
D. S. Alexander and J. M. Smith. The Architecture of ALIEN. In Proc. International Working Conference on Active Networks (IWAN), 1999.
[11]
J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh. Cells: a virtual mobile smartphone architecture. In Proc. Symposium on Operating Systems Principles (SOSP), 2011.
[12]
D. G. Andy Sayler, Eric Keller. Jobber: Automating inter-tenant trust in the cloud. In Proc. Workshop on Hot Topics in Cloud Computing (HotCloud), 2013.
[13]
W. A. Arbaugh, D. J. Farber, and J. M. Smith. A secure and reliable bootstrap architecture. In Proc. IEEE Symposium on Security and Privacy, 1997.
[14]
A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In Proc. ACM conference on Computer and communications security (CCS), 2010.
[15]
Y. Bartal. Firmato: A novel firewall management toolkit. Proceedings of the 1999 IEEE Symposium on Security and Privacy, 22(4): 381--420, 2004.
[16]
B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and S. Eggers. Extensibility safety and performance in the spin operating system. In Proc. symposium on Operating systems principles (SOSP), 1995.
[17]
M. Canini, D. Venzano, P. Peresini, D. Kostic, and J. Rexford. A NICE way to test OpenFlow applications. In Proc. Network System Design and Implementation (NSDI), Apr. 2012.
[18]
M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: taking control of the enterprise. In Proc. SIGCOMM, 2007.
[19]
B. Dolan-Gavitt. The VAD tree: A process-eye view of physical memory. Digital Investigation, 4: 62--64, 2007.
[20]
P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the asbestos operating system. In Proc. symposium on Operating systems principles (SOSP), 2005.
[21]
S. Garfinkel. The criminal cloud. http://www.technologyreview.com/news/425770/the-criminal-cloud/, Oct 2011.
[22]
A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, J. Rexford, G. Xie, H. Yan, J. Zhan, and H. Zhang. A clean slate 4d approach to network control and management. SIGCOMM Comput. Commun. Rev. (CCR), 35(5): 41--54, Oct. 2005.
[23]
A. Haeberlen, P. Aditya, R. Rodrigues, and P. Druschel. Accountable virtual machines. In Proc. USENIX conference on Operating systems design and implementation (OSDI), 2010.
[24]
J. H. Jafarian, E. Al-Shaer, and Q. Duan. Openflow random host mutation: transparent moving target defense using software defined networking. In Proc. Workshop on Hot topics in software defined networks (HotSDN), 2012.
[25]
S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, editors. Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats, volume 54 of Advances in Information Security. Springer, 2011.
[26]
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, et al. seL4: Formal verification of an OS kernel. In Proc. symposium on Operating systems principles (SOSP), 2009.
[27]
M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard os abstractions. In Proc. symposium on Operating systems principles (SOSP), 2007.
[28]
C.-C. Lin, M. Caesar, and J. V. der Merwe. Towards Interactive Debugging for ISP Networks. In ACM Workshop on Hot Topics in Networks (HotNets), Oct. 2009.
[29]
N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. OpenFlow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. (CCR), 38(2), 2008.
[30]
S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. SoftBound: highly compatible and complete spatial memory safety for c. In Proc. conference on Programming language design and implementation (PLDI), 2009.
[31]
R. Perez-Pena. Universities face a rising barrage of cyberattacks. http://www.nytimes.com/2013/07/17/education/barrage-of-cyberattacks\\-challenges-campus-culture.html, Jul 2013.
[32]
N. L. Petroni, Jr., T. Fraser, J. Molina, and W. A. Arbaugh. Copilot - a coprocessor-based kernel runtime integrity monitor. In Proc. USENIX Security Symposium, 2004.
[33]
P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu. A security enforcement kernel for OpenFlow networks. In Proc. workshop on Hot topics in software defined networks (HotSDN), 2012.
[34]
M. Riley and B. Elgin. Chinas Cyberspies Outwit Model for Bonds Q. http://www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing\\-military-secrets.html, May 2013.
[35]
S. Shin, P. Porras, V. Yegneswaran, M. Fong, G. Gu, and M. Tyson. Fresco: Modular composable security services for software-defined networks. In Proc. Network and Distributed System Security Symposium (NDSS), February 2013.
[36]
A. Wool. A quantitative study of firewall configuration errors. Computer, 37: 62--67, 2004.
[37]
A. Wundsam, D. Levin, S. Seetharaman, and A. Feldmann. Ofrewind: enabling record and replay troubleshooting for networks. In USENIX Annual Technical Conference, 2011.
[38]
N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in histar. In Proc. symposium on Operating systems design and implementation (OSDI), 2006.

Cited By

View all
  • (2024)Modification and Adaptation of Methods and Algorithms of the Active Security Concept for Fog SystemsAISMA-2024: International Workshop on Advanced Information Security Management and Applications10.1007/978-3-031-72171-7_28(277-285)Online publication date: 16-Oct-2024
  • (2023)Memory Forensics of the OpenDaylight Software-Defined Networking (SDN) ControllerProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600196(1-8)Online publication date: 29-Aug-2023
  • (2022)Users’ Expectations About and Use of Smartphone Privacy and Security SettingsProceedings of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491102.3517504(1-24)Online publication date: 29-Apr-2022
  • Show More Cited By

Index Terms

  1. Active security

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    HotNets-XII: Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
    November 2013
    188 pages
    ISBN:9781450325967
    DOI:10.1145/2535771
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 21 November 2013

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. central management
    2. digital forensics
    3. network security

    Qualifiers

    • Research-article

    Conference

    HotNets-XII
    Sponsor:
    HotNets-XII: Twelfth ACM Workshop on Hot Topics in Networks
    November 21 - 22, 2013
    Maryland, College Park

    Acceptance Rates

    HotNets-XII Paper Acceptance Rate 26 of 110 submissions, 24%;
    Overall Acceptance Rate 110 of 460 submissions, 24%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)5
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 14 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Modification and Adaptation of Methods and Algorithms of the Active Security Concept for Fog SystemsAISMA-2024: International Workshop on Advanced Information Security Management and Applications10.1007/978-3-031-72171-7_28(277-285)Online publication date: 16-Oct-2024
    • (2023)Memory Forensics of the OpenDaylight Software-Defined Networking (SDN) ControllerProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600196(1-8)Online publication date: 29-Aug-2023
    • (2022)Users’ Expectations About and Use of Smartphone Privacy and Security SettingsProceedings of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491102.3517504(1-24)Online publication date: 29-Apr-2022
    • (2021)Software Packet-Level Network Analytics at Cloud ScaleIEEE Transactions on Network and Service Management10.1109/TNSM.2021.305865318:1(597-610)Online publication date: Mar-2021
    • (2021)Multi-Cloud Performance and Security Driven Federated Workflow ManagementIEEE Transactions on Cloud Computing10.1109/TCC.2018.28496999:1(240-257)Online publication date: 1-Jan-2021
    • (2021)Light-Weight Active Security for Detecting DDoS Attacks in Containerised ICPS2021 18th International Conference on Privacy, Security and Trust (PST)10.1109/PST52912.2021.9647782(1-5)Online publication date: 13-Dec-2021
    • (2021)A Comprehensive Survey on Software-Defined Network ControllersNext Generation of Internet of Things10.1007/978-981-16-0666-3_18(199-231)Online publication date: 15-Jun-2021
    • (2019)Security and Privacy Issues of Big DataCyber Law, Privacy, and Security10.4018/978-1-5225-8897-9.ch019(375-407)Online publication date: 2019
    • (2019)Security and Privacy Issues of Big DataCloud Security10.4018/978-1-5225-8176-5.ch080(1598-1630)Online publication date: 2019
    • (2019)Security and Privacy Issues of Big DataWeb Services10.4018/978-1-5225-7501-6.ch114(2197-2229)Online publication date: 2019
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media