02-05-2014, 03:20 PM
Self-Protection in a Clustered Distributed System
Self-Protection in a Clustered.pdf (Size: 540.48 KB / Downloads: 34)
Abstract
Self-protection refers to the ability for a system to detect illegal behaviors and to fight-back intrusions with counter-
measures. This article presents the design, the implementation, and the evaluation of a self-protected system which targets clustered
distributed applications. Our approach is based on the structural knowledge of the cluster and of the distributed applications. This
knowledge allows to detect known and unknown attacks if an illegal communication channel is used. The current prototype is a self-
protected JEE infrastructure (Java 2 Enterprise Edition) with firewall-based intrusion detection. Our prototype induces low-performance
penalty for applications.
INTRODUCTION
T HE complexity of today’s distributed computing envir-
onments is such that the presence of bugs and security
holes is statistically unavoidable. A very promising approach
to this issue is to implement a self-protected system which
refers to the capability of a system to protect itself against
intrusions, i.e., detect them and fight them back.
This paper presents a self-protected system in the context
of cluster-based applications. We consider that the hardware
environment is composed of a cluster of machines inter-
connected through a local area network with an Internet
access via a router. The software environment is composed of
a set of application components deployed on the cluster.
These assumptions correspond to the point of view of a
machine provider which rents his cluster infrastructure to
different customers. We consider that each customer has a set
of machines exclusively allocated to his applications. How-
ever, the local network and the Internet access are shared by
all the applications. Therefore, the threat may come from
outside of the cluster through the Internet, but also from
inside because of a hostile accredited customer
RELATED WORK
This section reviews the main tools and techniques
currently used by security experts to fight against intrusions
and the existing systems which implement a self-protected
behavior.
Intrusion Detection
Two main approaches have been explored [20] to ensure
intrusion detection: misuse intrusion detection and anomaly
intrusion detection. These approaches have been used in the
case of Firewalls and Intrusion Detection Systems (IDS).
While Firewalls are often used as filtering gateways to
detect and to block illegal communication in real time, IDS
mainly work offline and perform deep analysis to trigger
alarms afterward. Misuse intrusion detection aims at detect-
ing traces of well-identified attacks.
Management of the System Representation
In order to manage such a System Representation, we rely on
the services associated with the component framework we
used (Fractal [3]). Traditionally, a component framework
provides services for the deployment of a component
architecture and the modification (reconfiguration) of this
architecture. Therefore, any administration action (machine
or software installation or startup) is achieved as an action on
the component architecture and reflected on the real
environment, which implicitly maintains consistency be-
tween the two levels. In order to install a software, a
component is deployed in the System Representation. Simi-
larly, to uninstall a software, its associated component is
removed from the System Representation.
CONCLUSION
Today, distributed computing environments are increas-
ingly complex and difficult to secure. Following the
autonomic computing vision, a very promising approach
to deal with this issue is to implement a self-protected
system which is able to distinguish legal (self) from illegal
(nonself) operations. The detection of an illegal behavior
triggers a counter-measure to isolate the compromised
resources and prevent further damages. In this vein, we
have designed and implemented a self-protected system
whose main characteristics are: 1) to minimize the
perturbation on the managed system while providing a
high reactivity, 2) to automate the configuration (and
reconfiguration) of security components when the system
evolves, 3) to keep the protection manager (which
implements the protection policy) independent from the
protected legacy system.