Reliability - PowerPoint PPT Presentation

About This Presentation
Title:

Reliability

Description:

Must assume 'enough' messages get through. CTO SOA; Slide 9. Types of Denial of Service ... Messages pass through all active layers. Guidelines. Layers must ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 19
Provided by: hall161
Category:

less

Transcript and Presenter's Notes

Title: Reliability


1
Reliability SecurityDistinctions and
Interactions
  • Hal Lockhart
  • BEA Systems

2
Topics
  • Similarities and differences
  • Denial of Service
  • Layering Principles
  • Security Services
  • Reliability Services
  • Combining Security and Reliability

3
Are Security Reliability Different?
  • Some Security Objectives
  • Service availability
  • Error detection
  • Prevent data loss
  • Prevent data duplication or reordering
  • Some Reliability Objectives
  • Service availability
  • Error detection
  • Prevent data loss
  • Prevent data duplication or reordering

4
Information Security Definition
  • Technologies and procedures intended to implement
    organizational policy in spite of human efforts
    to the contrary.
  • Suggested by Authorization
  • Applies to all security services
  • Protection against accidents is incidental
  • Suggests four areas of attention

5
Information Security Areas
  • Policy determination
  • Expression code, permissions, ACLs, Language
  • Evaluation semantics, architecture, performance
  • Policy enforcement
  • Maintain integrity of Trusted Computing Base
    (TCB)
  • Enforce variable policy

6
Reliability Service
  • Protects against accidental errors
  • Services available in spite of random failures
  • Many distinct guarantees possible
  • Data complete
  • Data in order
  • No duplication
  • End to end transactions
  • Queue to queue transactions
  • Can be combined with security mechanisms

7
Different Assumptions
  • Reliability messages come from cooperating
    entity
  • Security network is untrusted
  • Any message can be read by attackers
  • Any message can be modified by attackers
  • Assume some Trusted Computing Base (TCB)
  • Reliability
  • Check CRC retransmit
  • Ignore low probability events
  • Security
  • Use secure hash function, e.g. SHA1
  • Assume any event sequence is possible

8
Denial of Service
  • Commonly misunderstood
  • Attacker modifies every message
  • Even if modifications are detected zero
    throughput
  • Attack is easily detected and source located
  • No benefit to attack
  • Must assume enough messages get through

9
Types of Denial of Service
  • Type 1 Silver Bullet
  • Some message(s) cause crash
  • Example Ping O Death
  • Clearly a bug, not in specification or design
  • Type 2 Amplifier Attack
  • Small attacker effort - big effect
  • Example Smurf
  • Harder to fix, possibly alter specification or
    design
  • Type 3 Flood Attack
  • Overload slows server to a crawl
  • Examples Distributed attack against public web
    servers
  • May be indistinguishable from legitimate usage
  • May be no real way to fix
  • Important to identify and locate source

10
Layering
Layer 3
Layer 3
Layer 2
Layer 2
Layer 1
Layer 1
11
Layering Principles
  • A form of encapsulation
  • Corresponding layers communicate via peer
    protocol
  • Messages pass through all active layers
  • Guidelines
  • Layers must operate sequentially
  • Layers must operate on distinct data
  • Layers should not duplicate each other
  • Composability
  • Stronger condition
  • Layers may be omitted

12
Composable Services
13
Composable Layers
Routing
Routing
Routing
or
Reliability
Reliability
or
Security
Security
14
Basic Security Services
  • Not relevant to Reliability
  • Authentication
  • Confidentiality (encryption)
  • Authorization
  • Integrity service
  • Check signature
  • Discard invalid
  • Non-duplication service
  • Integrity service
  • Include nonce and timestamp under signature
  • Discard if nonce is duplicated or message too old

15
Basic Reliability Service
  • Reliability in face of network failures
  • Implementation
  • Number all messages
  • Request retransmission if out of order message
    received
  • Discard duplicate messages
  • Present data in order
  • Care must be taken when ending session flush
    data
  • Efficiency considerations
  • TCP does this
  • HTTP can start and stop TCP sessions
  • SOAP can travel over multiple protocols, not just
    HTTP

16
End to End Reliability
  • Ensure consistency and recovery in face of node
    failures as well as network failures
  • Two levels
  • Distributed transactions
  • ACID properties
  • Application rollback on error
  • Not feasible for loosely coupled systems
  • Queue to queue transactions
  • Acid properties from queue to queue (no loss, no
    duplicates)
  • Rollback by compensating transactions only (hard)
  • Desirable approach for public web services

17
Combining Security Reliability
  • Security should be below Reliability
  • Discard invalid messages
  • Reliability (if present) will retransmit
  • SSL/TLS are broken in this regard
  • Security should be below other layers
  • Validate signatures
  • Decrypt data
  • Issue must pass along metadata with message
    (e.g. what was signed, who was authenticated)
  • Security Reliability could be intertwined
  • Loss of composibility

18
Summary
  • Security and Reliability share some goals, but
  • Reliability assumes random errors
  • Security assumes human attacks
  • Several distinct types of Denial of Service
  • Denial of service is not necessarily bad, if we
    know it is happening and can locate the source
  • Composability of services is desirable
  • Security can detect modified and duplicated data
  • Reliability can protect against network failures
    alone or network and system failures
  • Queue to queue transactions are useful for B2B
  • Security should be the bottom layer
Write a Comment
User Comments (0)
About PowerShow.com