Security in autonomic communication

1
Security in autonomic communication

• Shuping Liu
• Networking Lab
• HUT

2
Contents

• Why autonomic?
• Why security?
• Security characteristic
• Security challenge
• Security solution
• Policy-based solution
• conclusion

3
Why autonomic?

• Communication system becomes more complex, more
  interconnected, more dynamic and more tightly
  woven into our lives.
• Human resources involved in managing and
  administering them have grown rapidly and
  constitute a steadily larger fraction of the
  cost.
• Autonomic communication is aimed to be
  autonomous, managing their own evolution,
  performance, security and fault concerns without
  explicit user or administrator actions.

4
Why security? (1/3)
5
Why security? (2/3)
6
Why security? (3/3)
7
Security characteristic

• Autonomic communication will not create an
  entirely new security.
• All the traditional securities will arise in
  autonomic communication systems. Some in more
  complex and urgent form.
• Autonomic communication will give rise to unique
  security threats of their own.

8
Security challenge

• New technologies and architectures, whose
  security implications are not yet well
  understood.
• Anomalous behavior caused by security compromises
  due to reduced human activities.
• Span different administrative domains
• Deal with a constantly changing set of other
  systems. Need flexible new methods for trust
  establishing, attack and compromise detecting,
  recovering.
• Deal with personal information. Need to obey
  privacy policies required by nation laws and
  business ethics.

9
Security solution

• Software solution
• policy control (the details followed)
• access control
• autonomic distributed firewalls (ADF)
• Hardware solution
• security enhanced chip multiprocessor

10
Policy-based solution(1/21)

• Security policy is the primary tool for security
  in autonomic communication.
• The unit of autonomic communication, generally
  referred to as autonomic element, is
  anticipated as follows,
• simple and of fixed function at small scales
• function dynamically at higher levels

11
Policy-based solution(2/21)

• An autonomic element will involve two parts
• function unit perform whatever basic
• function the element
  provide
• management unit oversees the operation
• of the functional unit

12
Policy-based solution(3/21)

• Logical structural of an autonomic element

13
Policy-based solution(4/21)

• Management unit carries with them, or otherwise
  has access to,
• policies that govern and constrain their
  behaviors at a comparatively high level
• task and state representations that
  functionally describe their current mission,
  strategy, and status at a lower level

14
Policy-based solution(5/21)

• Some of the policies will be security policies
• Some of the task and state representations will
  also be relevant to the elements security
• By explicitly representing both security policies
  and security-related tasks and states, autonomic
  elements will be able to automatically handle a
  wide range of security issues that are currently
  addressed by human

15
Policy-based solution(6/21)

• Many autonomic communication systems span
  different administrative domains
• It is not enough for an autonomic element to
  ensure its own security
• Autonomic elements are capable of negotiating
  security and policy, and to gather and securely
  exchange the info.
• Another problem is trust-establishment, because
  autonomic element has less control over, and less
  complete and reliable info. about the element in
  other domain

16
Policy-based solution(7/21)

• Hierarchy trust model

17
Policy-based solution(8/21)

• Mesh trust model

18
Policy-based solution(9/21)

• Bridge trust model

19
Policy-based solution(10/21)

• Hybrid trust model

20
Policy-based solution(11/21)

• Trust model based on Gateway CAs

21
Policy-based solution(12/21)

• Trust problem also exist between user and policy
  systems.
• How can we trust a policy system to make the best
  decision?
• Hoi Chan et. al. suggests a policy system with
  trust building tools

22
Policy-based solution(13/21)

• Notations,
• ITI instantaneous trust index, to each
  execution of each
• policy
• ITI f (m1,m2,), where m1,m2 are
  weights
• assigned to each user modification, and
  0ltITIlt1
• OTIoverall trust index, for a policy and
  reflects the level
• of trust that the user has in a
  particular policy or
• group of policies
• OTI f1(ITI1,ITI2,), where f1 is
  average function

23
Policy-based solution(14/21)

• a policy system with trust building tools

24
Policy-based solution(15/21)

• KB, knowledge base, uses the information, through
  some reinforcement learning algorithms, to adjust
  the behavior of the policy in a way to maximize
  the OTI.
• There are 3 modes of operation,
• Minimal trust (supervised) mode
• Partial trust (modify) mode
• Full trust (automatic) mode
• The user is able to place the system into one of
  these modes at will on a per-policy base.

25
Policy-based solution(16/21)

• Minimal trust mode, start mode by default
• Policy generates the actions ? not executed ?
  the user exams the actions ? the user accepts, or
  propose his own actions, or denies ? return ITI
  by an expert-defined function ? KB actions
• As the policy system evolves to a point where
  OTI1, the user may change to next trust level
  for the policy
• Partial trust mode
• This mode is similar to Minimal mode. But in
  this case, user can only change the parameters,
  instead of actions.
• Full trust mode
• The policy system fully execute the actions
  without user intervention

26
Policy-based solution(17/21)

• We should know that, the policies, and the task
  and state representation provide high-value
  targets to a potential attacker.
• Let us consider a scenario, the attacker insert a
  piece of code that causes the system to silently
  send him or her a copy of some important
  information at a particular email address at a
  particular time.

27
Policy-based solution(18/21)

• In traditional communication system, the leak
  will stop if that email address becomes
  unavailable, or a network gateway blocks it.
• However, in an autonomic element, if the code is
  inserted as a policy piece, the autonomic element
  would then use every resource at its disposal to
  ensure that the information is delivered to the
  attacker. The attacker would have harnessed the
  elements own ability to adapt to changing
  conditions and adopt new strategies for the
  purpose of stealing the desired information.
• Preventing such high-level subversion will be an
  important part of the security of autonomic
  systems.

28
Policy-based solution(19/21)

• On the other hand, the security policies that
  govern an autonomic element can provide new
  levels of resistance to attack.

29
Policy-based solution(20/21)

• data leak in traditional systems

30
Policy-based solution(21/21)

• data leak in autonomic systems

31
Conclusion

• No functioning system is perfectly secure,
  autonomic communication system will be no
  exception.
• The development of autonomic systems cannot be
  delayed until the final security solution is
  available, since it is impossible
• Recent advances, including autonomic intrusion
  detection systems, secure embedded processors,
  proactive security measures, and automated virus
  response, have taken some burden of security
  maintenance off overloaded system administrators.
• But there is much more which is waiting for us

32
Thanks!Any comments and questions?