Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler
description
Transcript of Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler
![Page 1: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/1.jpg)
Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler
Arthur McDonaldComputer Science DepartmentEast Stroudsburg University
![Page 2: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/2.jpg)
Outline
Introduction Multi-Level Security Basics Linux Virtual Servers Proposed Algorithm Implementation and Experiments Results and Conclusions
![Page 3: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/3.jpg)
Introduction
Recent Security Threats Need to protect data on distributed systems Linux Virtual Servers Load Scheduling Multi-Level Security
![Page 4: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/4.jpg)
Multi-Level Security
Information with different sensitivities to be stored on same system
Information is processed with users having different security classes– Prevents users from accessing info for which they
are not cleared
Example on Next slide
![Page 5: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/5.jpg)
MLS Example
Data assigned 4 security classes or levels:– Level 1 – CLASSIFIED access– Level 2 – SECRET access– Level 3 – UNCLASSIFIED access– Level 4 – No access
Clearances are hierarchical
![Page 6: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/6.jpg)
MLS Properties – Access Control
Control what users can read, write or execute files
System must also make decisions about access control
Two types:– Discretionary Access Control (DAC)– Mandatory Access Control (MAC)
![Page 7: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/7.jpg)
Discretionary Access Control
Restricts access based on the identity of the user
Three basic types of access:– Read – User can open and view the data in
file/directory– Write – User can open and write data to the
file/directory– Execute – User can execute the file
Relevant only to executables
![Page 8: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/8.jpg)
Discretionary Access Control
Owner makes access decisions Typically three categories:
– Self: Owner of the data– Group: A set of users on the system– Public: All users of the system
![Page 9: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/9.jpg)
Mandatory Access Control
Used in systems with extremely sensitive data
All objects (files, directories, etc…) and subjects (users) are assigned a sensitivity level.
Subject’s sensitivity level specifies objects it has access to.
![Page 10: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/10.jpg)
Mandatory Access Control
Two parts to label: Classification and a set of categories– Classification is hierarchical
DOD uses Top Secret, Secret, Confidential and Unclassified
– Categories are non-hierarchical – represent areas of information in the system
Subject with highest classification level may not mean they are cleared to access all data
![Page 11: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/11.jpg)
MLS Properties – Information Flow
Three Models:– Bell-LaPadula– Biba– Clark-Wilson
![Page 12: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/12.jpg)
Bell-LaPadula Model
Linear model User with security level b can READ objects
at level a iff a<=b User at level b can write objects at level c iff
c>=b Higher access can read from lower level and
lower access can write to higher levels Insures data confidentiality
![Page 13: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/13.jpg)
Bell LaPadula Model
Level b resources
Read access only
Write access only
Read-Write access
Level a
Level c
Level d
Level b
![Page 14: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/14.jpg)
Biba Model
Opposite of Bell-LaPadula Users at level b can write to level a iff a<=b
and level b can read from level c iff c>=b Insures data integrity
![Page 15: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/15.jpg)
Biba Model
Level c
Level b resources
Write access only
Read access only
Read-Write access
Level a
Level d
Level b
![Page 16: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/16.jpg)
Clark Wilson Model
Similar to Biba, with one more constraint Task is separated into duties Ensures integrity rules are not disobeyed
![Page 17: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/17.jpg)
Linux Virtual Servers
What is an LVS? Why use them? How is it done?
![Page 18: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/18.jpg)
Linux Virtual Servers – What?
Cluster of computers connected by fast network
Cluster “appears” to be a single machine Service requests from incoming clients
– HTTP, FTP, telnet, etc... Minimum requirements
– 1 Director machine– 2 or more Realservers
![Page 19: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/19.jpg)
Linux Virtual Servers – What?
Client
Realserver 2 Realserver N
Director
Realserver 1
Internet
Network
![Page 20: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/20.jpg)
Linux Virtual Servers – Why?
Need for fast, reliable servers Three requirements:
– Incremental Scalability– 24x7 Availability– Cost-effectiveness
![Page 21: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/21.jpg)
Linux Virtual Servers – Why?
“Old” way – single machine– Need to upgrade when load becomes too much– Add faster CPU, more RAM, other hardware…
Complex and expensive
– New machine can also become overloaded
![Page 22: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/22.jpg)
Linux Virtual Servers – Why?
LVS’ satisfy all the requirements Scalability – Add/Remove machines to
cluster easily Availability – Services are backed by multiple
machines – One goes down, not a problem Cost effective – No “supercomputer” to
upgrade; simply add PCs
![Page 23: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/23.jpg)
Linux Virtual Servers – How?
Network director and realservers together– Typically star topology network– Realservers are part of private network
Two IPs for director– Real IP: IP address for internal network– Virtual IP: Address that clients see
Services are assigned to the director, along with port number and scheduling algorithm
![Page 24: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/24.jpg)
Linux Virtual Servers – How?
Director waits for connections Connection received:
– Call scheduling function to determine what realserver to forward data to
Three forwarding methods:– Direct Routing– IP Tunnelling– Network Address Translation
![Page 25: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/25.jpg)
Linux Virtual Server – How?
Load Scheduling Algorithms– Round Robin– Weight Round Robin– Least Connection– Weighted Least Connection– Destination/Source Hash Scheduling
![Page 26: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/26.jpg)
MLS Load Scheduling
Distribute load across realservers based on security levels
Security level determined by client’s IP address
Three security levels: A, B and No Access Level A forwarded to Realserver 1 Level B forwarded to Realserver 2 No Access – Data is dropped
![Page 27: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/27.jpg)
MLS Load Scheduling
Code developed based on LVS schdeuling algorithms
Compiled directly into the kernel– Can also be compiled as a module
![Page 28: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/28.jpg)
MLS Load Scheduling
Init, update and finished function Two main functions:
– ip_vs_mls_schedule– ip_vs_mls_get_security_level
![Page 29: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/29.jpg)
MLS Load Scheduling
Problems:– File I/O in Kernel Space– Dotted decimal string to unsigned int conversion
of IP addresses
![Page 30: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/30.jpg)
Implementation
Hardware:– Four Intel Pentium machines connected by hub
Software:– Director: Red Hat 7.0– Realserver 1: Red hat 7.0 kernel 2.2.16, Apache– Realserver 2: Mandrake 7.1, Apache– Client: Windows XP, Internet Explorer
![Page 31: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/31.jpg)
Implementation
Installing LVS– Obtain “fresh” kernel from www.kernel.org– Patch kernel with the LVS code– Configure the kernel using xconfig– Compile and install modules– Compile kernel– Test the new kernel
![Page 32: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/32.jpg)
Implementation
IPVSADM– Administration program for LVS– Used to set up service– Add realservers to LVS
![Page 33: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/33.jpg)
Experiments
Attempt to connect to the realserver– Test Case 1 – Client IP address set to Level A
access– Test Case 2 – Client IP address set to Level B
access– Test Case 3 – Client IP address set to No Access
![Page 34: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/34.jpg)
Future Work
Improve algorithm for scalability Design an admin tool for easy
addition/deletion of client IP address/security levels
![Page 35: Applying a Multi-level Security Mechanism to a Network Address Translation Scheduler](https://reader036.fdocuments.in/reader036/viewer/2022062409/56814a79550346895db790b2/html5/thumbnails/35.jpg)
Conclusions
Project is a good initial step in research towards MLS in Linux Virtual Servers
More work needs to be done, especially in the current global climate
Future looks bright for the LVS project