106 research outputs found
Implementing fault tolerant applications using reflective object-oriented programming
Abstract: Shows how reflection and object-oriented programming can be used to ease the implementation of classical fault tolerance mechanisms in distributed applications. When the underlying runtime system does not provide fault tolerance transparently, classical approaches to implementing fault tolerance mechanisms often imply mixing functional programming with non-functional programming (e.g. error processing mechanisms). The use of reflection improves the transparency of fault tolerance mechanisms to the programmer and more generally provides a clearer separation between functional and non-functional programming. The implementations of some classical replication techniques using a reflective approach are presented in detail and illustrated by several examples, which have been prototyped on a network of Unix workstations. Lessons learnt from our experiments are drawn and future work is discussed
Lessons Learned from the deployment of a high-interaction honeypot
This paper presents an experimental study and the lessons learned from the
observation of the attackers when logged on a compromised machine. The results
are based on a six months period during which a controlled experiment has been
run with a high interaction honeypot. We correlate our findings with those
obtained with a worldwide distributed system of lowinteraction honeypots
Analyse de vulnérabilités et évaluation de systÚmes de détection d'intrusions pour les applications Web.
Avec le développement croissant d Internet, les applications Web sont devenues de plus en plus vulnérables et exposées à des attaques malveillantes pouvant porter atteinte à des propriétés essentielles telles que la confidentialité, l intégrité ou la disponibilité des systÚmes d information. Pour faire face à ces malveillances, il est nécessaire de développer des mécanismes de protection et de test (pare-feu, systÚme de détection d intrusion, scanner Web, etc.) qui soient efficaces. La question qui se pose est comment évaluer l efficacité de tels mécanismes et quels moyens peut-on mettre en oeuvre pour analyser leur capacité à détecter correctement des attaques contre les applications web.Dans cette thÚse nous proposons une nouvelle méthode, basée sur des techniques de clustering de pages Web, qui permet d identifier les vulnérabilités à partir de l analyse selon une approche boßte noire de l application cible. Chaque vulnérabilité identifiée est réellement exploitée ce qui permet de s assurer que la vulnérabilité identifiée ne correspond pas à un faux positif. L approche proposée permet également de mettre en évidence différents scénarios d attaque potentiels incluant l exploitation de plusieurs vulnérabilités successives en tenant compte explicitement des dépendances entre les vulnérabilités.Nous nous sommes intéressés plus particuliÚrement aux vulnérabilités de type injection de code, par exemple les injections SQL. Cette méthode s est concrétisée par la mise en oeuvre d un nouveau scanner de vulnérabilités et a été validée expérimentalement sur plusieurs exemples d applications vulnérables. Nous avons aussi développé une plateforme expérimentale intégrant le nouveau scanner de vulnérabilités, qui est destinée à évaluer l efficacité de systÚmes de détection d intrusions pour des applications Web dans un contexte qui soit représentatif des menaces auxquelles ces applications seront confrontées en opération. Cette plateforme intÚgre plusieurs outils qui ont été conçus pour automatiser le plus possible les campagnes d évaluation. Cette plateforme a été utilisée en particulier pour évaluer deux techniques de détection d intrusions développées par nos partenaires dans le cadre d un projet de coopération financé par l ANR, le projet DALI.With the increasing development of Internet, Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties such as confidentiality, integrity or availability of information systems. To cope with these threats, it is necessary to develop efficient security protection mechanisms and testing techniques (firewall, intrusion detection system,Web scanner, etc..). The question that arises is how to evaluate the effectiveness of such mechanisms and what means can be implemented to analyze their ability to correctly detect attacks against Webapplications.This thesis presents a new methodology, based on web pages clustering, that is aimed at identifying the vulnerabilities of a Web application following a black box analysis of the target application. Each identified vulnerability is actually exploited to ensure that the identified vulnerability does not correspond to a false positive. The proposed approach can also highlight different potential attack scenarios including the exploitation of several successive vulnerabilities, taking into account explicitly the dependencies between these vulnerabilities. We have focused in particular on code injection vulnerabilities, such asSQL injections. The proposed method led to the development of a new Web vulnerability scanner and has been validated experimentally based on various vulnerable applications.We have also developed an experimental platform integrating the new web vulnerability scanner, that is aimed at assessing the effectiveness of Web applications intrusion detection systems, in a context that is representative of the threats that such applications face in operation. This platform integrates several tools that are designed to automate as much as possible the evaluation campaigns. It has been used in particular to evaluate the effectiveness of two intrusion detection techniques that have been developed by our partners of the collaborative project DALI, funded by the ANR, the French National Research AgencyTOULOUSE-INSA-Bib. electronique (315559905) / SudocSudocFranceF
Experimental Validation of Architectural Solutions
This is a interim report on the experimental validation of architectural solutions performed in WP5 of project CRUTIAL. The two main contributions are the description of an attack injection tool for testing the architectural solutions and the description of a monitor and data collector that collects and analyses information about the behavior of the software after it has been attacke
Experimental Validation of Architectural Solutions
In this deliverable the experimental results carried out in four diïŹerent contexts are
reported. The ïŹrst contribution concerns an experimental campaign performed using the
AJECT (Attack inJECTion) tool able to emulate diïŹerent types of attackers behaviour and
to collect information on the eïŹect of such attacks on the target system performance. This
tool is also used to perform some of the experiments described in the fourth part of the
deliverable.
The second contribution concerns a complementary approach using honeypots to cap-
ture traces of attacker behaviours, to then study and characterize them. DiïŹerent kinds of
honeypots were deployed in the described experiments: low-interaction and high-interaction
ones, exposing diïŹerent kinds of services and protocols (general purpose network services as
well as SCADA speciïŹc ones).
The third and fourth contribution refer to experiments conducted on some com-
ponents of the CRUTIAL architecture, namely FOSEL (Filtering with the help of Overlay
Security Layer), the CIS-CS (Communication Service) and the CIS-PS (Protection Service).
The experiments have been performed with the aim of evaluating the eïŹectiveness of the
proposed components from the point of view of the dependability improvement they bring,
as well as the performance overhead introduced by their implementation.Project co-funded by the European Commission within the Sixth Framework Programme (2002-2006
La protection des systĂšmes informatiques vis Ă vis des malveillances
Security of distributed systems is an increasingly serious concern, in particular with the massive development of the Internet. To cope with the threat growth, it is crucial to design more efficient mechanisms to protect our systems and networks. This research work proposes a contribution to the protection of computer systems against malicious activities, by tackling the problem through two approaches: an architectural one and an experimental one. The architectural approach consists in designing security architectures that are suited to counter current threats and we propose several solutions that were investigated through three different PhDs. The experimental approach focuses on methods and techniques that enable to capture the attacker behaviors and analyze the attack processes, in particular those using Internet as a support.La sécurité des systÚmes informatiques répartis est un problÚme de plus en plus important, en particulier avec l'utilisation massive du réseau Internet. Il est donc essentiel de pouvoir imaginer des techniques de protection efficaces de nos systÚmes et de nos réseaux. Ces travaux proposent une contribution à la protection des systÚmes informatiques vis-a-vis des malveillances, en abordant le problÚme sous deux angles : un angle architectural et un angle expérimental. L'angle architectural concerne la conception d'architectures de sécurité permettant de faire face aux menaces actuelles, en proposant plusieurs approches suivies dans la cadre de différentes thÚses. L'angle expérimental se focalise sur des techniques permettant d'améliorer notre connaissance des attaquants et des processus d'attaques, en particulier, les processus qui utilisent le réseau Internet comme support
La protection des systĂšmes informatiques vis Ă vis des malveillances
Security of distributed systems is an increasingly serious concern, in particular with the massive development of the Internet. To cope with the threat growth, it is crucial to design more efficient mechanisms to protect our systems and networks. This research work proposes a contribution to the protection of computer systems against malicious activities, by tackling the problem through two approaches: an architectural one and an experimental one. The architectural approach consists in designing security architectures that are suited to counter current threats and we propose several solutions that were investigated through three different PhDs. The experimental approach focuses on methods and techniques that enable to capture the attacker behaviors and analyze the attack processes, in particular those using Internet as a support.La sécurité des systÚmes informatiques répartis est un problÚme de plus en plus important, en particulier avec l'utilisation massive du réseau Internet. Il est donc essentiel de pouvoir imaginer des techniques de protection efficaces de nos systÚmes et de nos réseaux. Ces travaux proposent une contribution à la protection des systÚmes informatiques vis-a-vis des malveillances, en abordant le problÚme sous deux angles : un angle architectural et un angle expérimental. L'angle architectural concerne la conception d'architectures de sécurité permettant de faire face aux menaces actuelles, en proposant plusieurs approches suivies dans la cadre de différentes thÚses. L'angle expérimental se focalise sur des techniques permettant d'améliorer notre connaissance des attaquants et des processus d'attaques, en particulier, les processus qui utilisent le réseau Internet comme support
La protection dans les systÚmes à objets répartis
Protection in distributed systems is a complex problem: which entities of a distributed system can be trusted, and according to this trust, how can the whole system be protected? The approach adopted in this thesis consists in distinguishing two levels of protection : a global protection by means of a centralized authorization server and a local protection on each site of the system by means of a security kernel. The authorization server has the responsibility of managing all access rights to persistant entites of the system while each security kernel controls all accesses to local objects (either transient or persistent) and is furthermore responsible for managing access rights for local transient objects. An authorization scheme for distributed object systems is presented ("object" here refers to the object-oriented programming notion). This scheme allows the least privilege principle to be strictly respected, defines new access rights called symbolic rights and a new scheme of privilege delegation. This authorization scheme is described in the context of a discretionnary security policy and in the context of a multilevel security policy. A multilevel security model adapted to the object oriented programming paradigm is developped and presented in this thesis. An example of an implementation of this authorization scheme is finally detailed.La protection des systÚmes répartis est un problÚme complexe : en quelles entités du systÚme peut-on avoir confiance et étant donné cette confiance, comment assurer la protection du systÚme global. L'approche adoptée dans cette thÚse consiste à combiner d'une part une gestion globale et centralisée des droits d'accÚs aux objets persistants du systÚme par un serveur d'autorisation et d'autre part une protection locale par un noyau de sécurité sur chaque site du systÚme réparti. Ce noyau contrÎle les accÚs à tous les objets locaux (persistants ou temporaires) et a de plus la responsabilité de la gestion des droits d'accÚs aux objets temporaires locaux. Un schéma d'autorisation est développé pour une telle architecture. Ce schéma est élaboré dans le cadre de systÚmes composés d'objets répartis (au sens de la programmation orientée-objets). Il permet de respecter au mieux le principe du moindre privilÚge, définit de nouveaux droits facilement administrables (appelés droits symboliques), et un nouveau schéma de délégation de droits. Ce modÚle est utilisé dans le cadre d'une politique de sécurité discrétionnaire et dans le cadre d'une politique de sécurité multiniveau. Pour cela, un modÚle de sécurité multiniveau adapté au modÚle objet est développé et présenté dans cette thÚse. Un exemple d'implémentation de ce schéma d'autorisation est enfin détaillé
Reconfigurable Hardware for Microarchitectural Timing Attacks Detection
National audienceSoftware-based microarchitectural timing attacks evolve quickly, exploiting hardware design properties that widely affect both general-purpose processors and embedded processors. Among the means of attack detection, hardware monitoring benefits from less overhead and less power consumption compared to software monitoring. Nevertheless, as usual hardware cannot be upgraded, the efficiency of a hardware monitor device component cannot be guaranteed against future attacks. In this paper, we study the feasibility of using reconfigurable hardware alongside software attacks detection to cope with microarchitectural timing attacks. We propose to use the hardware's capability of parallel execution, to deal with the problem that reconfigurable technologies suffer from a lower frequency than hardwired technologies. This architecture is designed to adapt to new attacks, because the processor can decide to reconfigure the detection logic to take them into consideration. We briefly present an implementation of a proof of concept on FPGA to validate our design
Conception et réalisation d'une architecture tolérant les intrusions pour des serveurs Internet
La connexion de systĂšmes critiques Ă Internet pose de sĂ©rieux problĂšmes de sĂ©curitĂ©. En effet, les techniques classiques de protection sont souvent inefficaces, dans ce nouveau contexte. Dans cette thĂšse, nous proposons une architecture gĂ©nĂ©rique tolĂ©rant les intrusions pour serveurs Internet. Cette architecture est basĂ©e sur les principes de redondance avec diversification afin de renforcer les capacitĂ©s du systĂšme Ă faire face aux attaques. En effet, une attaque vise gĂ©nĂ©ralement une application particuliĂšre sur une plateforme particuliĂšre et s'avĂšre trĂšs souvent inefficace sur les autres. L'architecture comprend plusieurs serveurs Web (COTS) redondants et diversifiĂ©s, et un ou plusieurs mandataires mettant en Ćuvre la politique de tolĂ©rance aux intrusions. L'originalitĂ© de cette architecture rĂ©side dans son adaptabilitĂ©. En effet, elle utilise un niveau de redondance variable qui s'adapte au niveau d'alerte. Nous prĂ©sentons deux variantes de cette architecture destinĂ©es Ă diffĂ©rents systĂšmes cibles. La premiĂšre architecture est destinĂ©e Ă des systĂšmes complĂštement statiques oĂč les mises Ă jours sont effectuĂ©es hors-ligne. La deuxiĂšme architecture est plus gĂ©nĂ©rique, elle considĂšre les systĂšmes complĂštement dynamiques oĂč les mises Ă jours sont effectuĂ©es en temps rĂ©el. Elle propose une solution basĂ©e sur un mandataire particulier chargĂ© de gĂ©rer les accĂšs Ă la base de donnĂ©es. Nous avons montrĂ© la faisabilitĂ© de notre architecture, en implĂ©mentant un prototype dans le cadre d'un exemple d'une agence de voyages sur Internet. Les premiers tests de performances ont Ă©tĂ© satisfaisants, les temps de traitements des requĂȘtes sont acceptables ainsi que le temps de rĂ©ponse aux incidentsThe connection of critical systems to the Internet is raising serious security problems, since the conventional protection techniques are rather inefficient in this new context. This thesis proposes a generic architecture for intrusion tolerant Internet servers. This architecture is based on redundancy and diversification principles, in order to increase the system resilience to attacks: usually, an attack is targeted at a particular software, running on a particular platform, and fails on others. The architecture is composed of redundant tolerance proxies that mediate client requests to a redundant bank of diversified application servers (COTS). The redundancy is deployed here to increase the availability and integrity of the system. To improve its performance, we have introduced the notion of adaptive redundancy: the redundancy level is selected by the proxies according to the current alert level. We present two architecture variants targeting different classes of Internet servers. The first one is proposed for fully static servers such as Web distribution with static content that provide stable information, which can be updated offline. The second architecture is proposed for fully dynamic systems where the updates are executed immediately on the on-line database. We have demonstrated the feasibility of this architecture by implementing an example of an Internet travel agency. The first performance tests are satisfactory, with acceptable request execution times and fast enough recovery after incidentsINIST-CNRS (INIST), under shelf-number: RP 17272 / SudocSudocFranceF
- âŠ