WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D...
-
Upload
margaret-greene -
Category
Documents
-
view
218 -
download
0
Transcript of WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D...
![Page 1: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/1.jpg)
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Autonomix:Component, Network, and System Autonomy
Crispin Cowan, Ph.DWireX Communications,
Incwirex.com
David Maier & Lois Delcambre
Oregon Graduate Instituteof
Science & Technology
![Page 2: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/2.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Component, Network, and System Autonomy
Component Autonomy
• Tight loop• Complete loop:
Detection Decision Response Spins off intrusion
events
WireX
Network and System Autonomy
• Network: Infrastructure tool IDS event and
response protocol translator
• System: Orchestrator Adaptation Space
OGI
![Page 3: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/3.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Component Autonomy:Technical Objectives
• Family of tools to guard components against common software vulnerabilitiesStackGuard: protection from “stack smashing” buffer
overflows
SubDomain: lightweight mandatory access controls
PointGuard: generalized StackGuard
FormatGuard: protection from printf format bugs
RaceGuard: protection from temp file races
Objective: eliminate 90-99% of software vulnerabilities
![Page 4: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/4.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Existing Practice:How is it done now?
• Patches Urgent patches Lots of them
• Mandatory access control Argus Pitbull, Type Enforcement, DTE, etc. Contains damage when software is cracked Substantial costs in administration and performance
• A few systematic tools: OpenWall, chroot
![Page 5: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/5.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Technical Approach: Abstract
Approach Local intrusion response Catch intrusion in process Halt exploited component
The Canary Technique• Detect attacks in
progress: Place a sacrificial canary where an attack will show
tampering Monitor canary
• If canary destroyed, then attack is happening
![Page 6: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/6.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Buffer Overflows:The Basic Problem
• Weak bounds checking in programs• Attackers provide more input than
program can accommodate• Take control of program• Exploit program’s privilege• This is the leading software security
vulnerability Majority of CERT advisories for the last
several years
![Page 7: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/7.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Buffer Overflow Attacks• Program normally
expects a short string E.g. for user-ID “fred”User-ID
fred
Server Program
Adjacentstate
Normalnetworkinput
![Page 8: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/8.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Buffer Overflow Attacks• Program normally
expects a short string E.g. for user-ID “fred”
• Attacker provides a big string Overflows buffer E.g. “fredjklsjoiwi”
User-ID
fredjklsjoiw
Server Program
Adjacentstate
Attacker’snetworkinput
![Page 9: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/9.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Buffer Overflow Attacks• Program normally
expects a short string E.g. for user-ID “fred”
• Attacker provides a big string Overflows buffer E.g. “fredjklsjoiwi”
• Corrupts adjacent program state
User-ID
fredjklsjoiw
Server Program
Adjacentstate
Attacker’snetworkinput
![Page 10: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/10.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Buffer Overflow Attacks• Program normally
expects a short string E.g. for user-ID “fred”
• Attacker provides a big string Overflows buffer E.g. “fredjklsjoiwi”
• Corrupts adjacent program state
• Attacker takes control
User-ID
fredjklsjoiw
Server Program
Adjacentstate
Attackerin control
![Page 11: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/11.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
StackGuard Defense• Protect objects with
canary integrity checks
User-ID
fred
Server Program
Adjacentstate
Normalnetworkinput
Canary
![Page 12: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/12.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
StackGuard Defense• Protect objects with
canary integrity checks
• If canary is obliterated by attacker’s big string ...
User-ID
Server Program
Adjacentstate
Canaryobliterated
fredjklsjoiw
Attacker’snetworkinput
![Page 13: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/13.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
StackGuard Defense• Protect objects with
canary integrity checks
• If canary is obliterated by attacker’s big string ...
• Intruder Alert! Raise alarms Shut down process Do not give control to
attacker
User-ID
Server Program
Adjacentstate
Canaryobliterated
fredjklsjoiw
Attacker’snetworkinput
Alert!
![Page 14: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/14.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
StackGuard Demo
• Many of you have seen this before …• Fairly current vulnerability: qpopper
POP3 mail server Remote buffer overflow vulnerability
can get a root shell
• Attack produces: Syslog event qpopper aborts Demo
![Page 15: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/15.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Generalized StackGuard:PointGuard
StackGuard: protects the return address in function call activation records Good against
majority of buffer overflows
Decreasing fraction of attacks
PointGuard: generalizes to protect all pointers in the program Integrity check all
pointers before dereferencing
Should be good against most forms of buffer overflow
![Page 16: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/16.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Format Bugs:The Basic Problem
• Discovered suddenly in June 2000 Remote root vulnerability in WU-FTPD Followed by dozens of similar vulnerabilities
• Basis: arcane %n printf format string directive Tells printf to treat corresponding argument
as an int * and write back number of items formatted so far
• Problem: programs that pass un-filtered user input strings direct to printf
![Page 17: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/17.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Format Bug Attacks• Program normally
expects a plain text string E.g. for user-ID “fred”
User-IDfred
Server ProgramNormalnetworkinput
![Page 18: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/18.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Format Bug Attacks• Program normally
expects a plain text string E.g. for user-ID “fred”
• Attacker provides a format string E.g. “fred %n”
User-IDfred %n
Server ProgramNormalnetworkinput
![Page 19: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/19.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Format Bug Attacks• Program normally
expects a plain text string E.g. for user-ID “fred”
• Attacker provides a format string E.g. “fred %n”
• Program printf’s it Interpreting %n writes to
some other part of the program
User-IDfred %n
Server ProgramNormalnetworkinput
0x1234 CallStack
![Page 20: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/20.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Format Bug Attacks• Program normally
expects a plain text string E.g. for user-ID “fred”
• Attacker provides a format string E.g. “fred %n”
• Program printf’s it Interpreting %n writes to
some other part of the program
• Taking control of the program
User-IDfred %n
Server ProgramNormalnetworkinput
0x1234 CallStack
![Page 21: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/21.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
FormatGuard
• First general solution to format bugs October 2000
• Wraps *printf style functions for safety (including syslog) Count the number of arguments Count the number of % directives If mis-match, then reject the call
• But counting arguments is hard C’s varargs mechanism does not permit counting
![Page 22: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/22.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e FormatGuard:How to Count Arguments
• We use GCC/CPP macros: GCC/CPP lets you condense & expand
variable argument lists, Lisp-style Built an argument_count macro Defined printf(args) ->
safe_printf(arg_count(args), args) safe_printf counts the number of %
directives in the format string reject mis-matched calls
![Page 23: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/23.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
FormatGuard Demo
• RPC.statd: remote format vulnerability Can easily get a root shell Many systems run RPC.statd; part of NFS Exploit part of the new “Ramen” Linux
Worm
• Attack a FormatGuard-protected RPC.statd Syslog the event Kill the process
Demo
![Page 24: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/24.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e FormatGuard Performance
• Microbenchmark: 37% overhead on calls to printf
• Macrobenchmark: Hard to find a printf-bound program :-) Man2HTML uses a lot of printf’s Batch 79 man pages through 1.3% overhead
• Paper submitted for review
![Page 25: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/25.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Temporary File Race Conditions
• Scenario: Root process wants to create a unique /tmp fileStep 1: choose a
nameStep 2: check to
see if it existsStep 3: if not
exists, create
Here’s the Problem:
![Page 26: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/26.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Temporary File Race Conditions
• Scenario: Root process wants to create a unique /tmp fileStep 1: choose a
nameStep 2: check to
see if it existsStep 3: if not
exists, create
Here’s the Problem: attacker interrupts
between steps 2 and 3
![Page 27: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/27.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Temporary File Race Conditions
• Scenario: Root process wants to create a unique /tmp fileStep 1: choose a
nameStep 2: check to
see if it existsStep 3: if not
exists, create
Here’s the Problem: attacker interrupts
between steps 2 and 3
Creates a link from expected /tmp file name to a major file, I.e. /etc/passwd
![Page 28: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/28.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Temporary File Race Conditions
• Scenario: Root process wants to create a unique /tmp fileStep 1: choose a
nameStep 2: check to
see if it existsStep 3: if not
exists, create
Here’s the Problem: attacker interrupts
between steps 2 and 3
Creates a link from expected /tmp file name to a major file, I.e. /etc/passwd
When root process does the create, it stomps /etc/passwd with root’s authority
![Page 29: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/29.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
RaceGuard
• Kernel enhancement to detect race attacks mid-way through Cache names presented to stat() If open(O_CREAT) hits an existing file, and
the path is in the RaceGuard cache, then a race attack is in progress
• Response choices: Deny the open: return EPERM Kill the process
Demo
![Page 30: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/30.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
RaceGuard Performance
• Microbenchmarks: 104% overhead on stat(): 4.3 s ->8.8 s 13% overhead on fork(): 161 s ->183 s
• Macrobenchmark: Khernelstone Build Linux kernel from source Lots of temp files, lots of forks 0.4% overhead
• Paper submitted for review
![Page 31: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/31.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Major Achievement:Low-Effort Protection
• These tools are highly transparent: Performance overhead: under 2% across the
board, usually lower Compatibility issues: minimal
Under 5% of all Linux programs need trivial source patches to compile with StackGuard and FormatGuard
RaceGuard works on binary code, currently breaks nothing
Administrative overhead: nil
![Page 32: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/32.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Major Achievement:Relative Invulnerability
• Proposed metric: Compare a “base” system against a
system protected with Immunix tools Count the number of known vulnerabilities
stopped by the technology “Relative Invulnerability”: % of
vulnerabilities stopped
![Page 33: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/33.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Immunix Relative Invulnerability
• Immunix System 7: Based on Red Hat 7.0 Compare Immunix vulnerability to Red Hat’s
Errata page (plus a few they don’t talk about :-)
• October 1, 2000 - Feb. 7, 2000 44 vulnerabilities total 11 remote, 33 local 40 penetration, 4 DoS 8 remote penetration
![Page 34: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/34.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Immunix Relative Invulnerability
All Penetration RemotePenetration
StackGuard 3/446.8%
3/407.5%
3/837%
FormatGuard 5/4411%
5/4012%
2/825%
RaceGuard 18/4441%
18/4045%
0/80%
*GuardCombination
26/4459%
26/4065%
5/862%
Server ApplianceConfiguration
22/3465%
22/3073%
3/475%
Server Appliance+ SubDomain
25/3473%
25/3083%
4/4100%
PointGuard willbring these to6/8 (75%)& 4/4 (100%)
![Page 35: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/35.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Task schedule
StackGuard: delivered
PointGuard: long-term development
FormatGuard: prototype delivered, final copy soon (weeks)
Integrated Drop: prototype delivered, final copy soon (weeks)
RaceGuard: lab prototype works, under development, should be ready for June drop
![Page 36: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/36.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Transition of Technology
Open source: StackGuard, FormatGuard, and RaceGuard are all GPL’d
Commercial: all being incorporated into WireX Server Appliance products Server appliance: a server for dummies Thus the need for dummy-proof security
![Page 37: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/37.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Jay’s Questions• What threats/attacks is your project
considering? Common software pathologies that create
vulnerabilities
• What assumptions does your project make? That most vulnerabilities fit into a few classes That we can get the source for most/all applications
on a platform (true for Linux)
• What policies can your project enforce? We provide software integrity, allowing policy
enforcement to be meaningful
![Page 38: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/38.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Network and System Autonomy (OGI)
Network• Abstract utility for
translating data representations
• Application: translate incompatible IDS events and responses
System• Adaptation Space:
formal model for reasoning about alternative implementations
• Candidate Orchestrator
![Page 39: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/39.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Network Autonomy:Technical Objective
• What we are trying to accomplish: Support a single autonomic response
environment that easily accommodates sensors, detectors, and responders that communicate using a variety of languages/protocols.
Participate in the SARA experiment under SWWIM
![Page 40: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/40.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Autonomix Navigator Architecture
Swatch
Event Monitor
Navigator
StackGuard
conditions
Syslogalert monitors
notifies (via IDMEF XML)
Scenario Manager
choices
SNMP Manager
SNMP Agent InterfaceIPChain
Configurer
FirewallAdaptation
Space(XML)
![Page 41: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/41.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e Three out of Four Questions• What threats/attacks is your project considering?
Those that can be detected (relying on someone else’s IDS)
Those that have a meaningful response
• What assumptions does your project make? That a heterogeneous fabric of intrusion detection
and response components That intrusion response can be effective
• What policies can your project enforce? Can map from any combination of intrusion events to
any available alternative configuration
![Page 42: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/42.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Summary
• Component Autonomy: Largely working software Running this laptop: StackGuard,
FormatGuard, and RaceGuard Available piece wise, or integrated into
Immunix, at http://immunix.org
• Network & System Autonomy: Largely a work in progress Aimed at SARA
![Page 43: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/43.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Future Work
PointGuard: continue developmentFormatGuard: enhance to catch more
kinds of attacksRaceGuard: finish testing, release by
summerIPGuard: new tool to defend against
network DoS attacksNetwork/System Autonomy: participate
in SARA experiments
![Page 44: WireX Immunix Server Software Autonomix: Component, Network, and System Autonomy Crispin Cowan, Ph.D WireX Communications, Inc wirex.com David Maier &](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649edc5503460f94becdc9/html5/thumbnails/44.jpg)
11.7.00
Wir
eX I
mm
unix
Ser
ver
Sof
twar
e
Plug: NSPW
• New Security Paradigms Workshop• Actively interested in radical new
ideas, e.g. organic assurance• Papers due March 30, 2001• Info: http://nspw.org