SELF SECURING DEVICES
Contact: Greg Ganger
Security compromises are a fact of life with crackers, e-mail viruses, self-propagating worms, and DoS attacks. Since no single defense is adequate, security functionality should be distributed among physically distinct components. Inspired by siege warfare, individual devices erect their own security perimeters and defend their own critical resources (e.g., network link or storage media).
Together with conventional OS and firewall defenses, such self-securing
devices promise greater flexibility for security administrators
dealing with intrusions. By having each device erect an independent
security perimeter, the network environment gains many outposts from
which to act when under attack. Devices not only protect their own resources,
but they can observe, log,
and react to the actions of other nearby devices. Infiltration of one security perimeter will compromise only a small fraction of the environment -- other devices can work to dynamically identify the problem, alert still-secured devices about the compromised components, raise the security levels of the environment, and so forth.
SELF SECURING DEVICES
- Storage-Based Intrusion Detection. Adam G. Pennington, John Linwood Griffin, John S. Bucy, John D. Strunk, Gregory R. Ganger. ACM Transactions on Information and System Security, Vol. 13, No. 4, Article 30, Pub. date: December 2010.
Abstract / PDF [333K]
- Design and Implementation of Self-Securing Network Interface Applications. Stanley M. Bielski. M.S. Thesis. Electrical and Computer Engineering, Carnegie Mellon University. December 2005.
Abstract / PDF [211K]
- Empirical Analysis of Rate Limiting Mechanisms. Cynthia Wong, Stan Bielski, Ahren Studer, Chenxi Wang. 8th International Symposium on Recent Advances in Intrusion Detection (RAID 2005), September 7-9, 2005, Seattle, Washington. Supercedes Carnegie Mellon University Parallel Data Lab Technical Report CMU-PDL-05-103, March 2005.
Abstract / PDF [207K]
- A Study of Mass-mailing Worms. Cynthia Wong, Stan Bielski, Jonathan M. McCune, Chenxi Wang. WORM’04, October 29, 2004, Washington, DC, USA.
Abstract / PDF [192K]
- Better Security via Smarter Devices. Gregory R. Ganger and
David F. Nagle. Appears in HotOS-VIII (IEEE Workshop on Hot Topics
in Operating Systems), May 2001.
Abstract / Postscript [1.1M] PDF [245K]
- Enabling Dynamic Security Management of via Device-Embedded Security. Gregory R. Ganger and David F. Nagle. CMU SCS Technical Report CMU-CS-00-174,
Abstract / PDF [607K]
SELF SECURING STORAGE
- The Safety and Liveness Properties of a Protocol Family for Versatile Survivable Storage Infrastructures. Garth R. Goodson, Jay J. Wylie, Gregory R. Ganger, Michael K. Reiter. Carnegie Mellon University Parallel Data Laboratory Technical Report CMU-PDL-03-105. March 2004.
Abstract / Postscript [922K] / PDF [227K]
- On the Feasibility of Intrusion Detection Inside Workstation
Disks. John Linwood Griffin, Adam Pennington, John S. Bucy, Deepa
Choundappan, Nithya Muralidharan, Gregory R. Ganger. Carnegie Mellon
University Parallel Data Lab Technical Report CMU-PDL-03-106. December,
Abstract / Postscript [1.12M] / PDF [215K]
- Efficient Consistency for Erasure-coded Data via Versioning Servers.
Garth R. Goodson, Jay J. Wylie, Gregory R. Ganger, Michael K. Reiter.
Carnegie Mellon University Technical Report CMU-CS-03-127, April 2003.
Abstract / Postscript [290K] / PDF [160K]
- Storage-based Intrusion
Detection: Watching Storage Activity For Suspicious Behavior
Adam Pennington, John Strunk, John Griffin, Craig Soules, Garth Goodson & Greg Ganger. 12th USENIX Security Symposium, Washington, D.C., Aug 4-8, 2003. Also available as Carnegie Mellon University Technical Report CMU-CS-02-179, September 2002.
Abstract / Postscript [727K] / PDF [138K]
- Metadata Efficiency in a Comprehensive Versioning File System. Craig A. N. Soules, Garth R. Goodson, John D. Strunk, Gregory R. Ganger.
2nd USENIX Conference on File and Storage Technologies, San Francisco,
CA, Mar 31 - Apr 2, 2003. Also available as CMU SCS Technical Report
CMU-CS-02-145, May 2002.
Abstract / Postscript [817K] / PDF [178K]
- Intrusion Detection, Diagnosis, and Recovery with Self-Securing
Storage. John D. Strunk, Garth R. Goodson, Adam G. Pennington,
Craig A.N. Soules, Gregory R. Ganger. CMU SCS Technical Report CMU-CS-02-140,
Abstract / Postscript [1.1M] / PDF [119K]
- Self-Securing Storage: Protecting Data in Compromised Systems. Strunk, J.D., Goodson, G.R., Scheinholtz, M.L., Soules, C.A.N. and
Ganger, G.R. Appears in Proc. of the 4th Symposium on Operating Systems
Design and Implementation, 2000.
Abstract / Postscript [345K] / PDF [294K]
SELF SECURING NICS
- Dynamic Quarantine of Internet Worms. Cynthia Wong, Chenxi Wang, Dawn Song, Stan Bielski, Gregory R. Ganger. Proceedings of the International Conference on Dependable Systems and Networks (DSN-2004). Palazzo dei Congressi, Florence, Italy. June 28th - July 1, 2004. Supercedes Carnegie Mellon University Parallel Data Lab Technical Report CMU-PDL-03-108, December 2003.
Abstract / Postscript [1.4M] / PDF [224K]
- Finding and Containing Enemies Within the Walls with Self-securing
Network Interfaces. Gregory R. Ganger, Gregg Economou, Stanley
M. Bielski. Carnegie Mellon University Technical Report CMU-CS-03-109,
Abstract / Postscript [963K] / PDF [118K]
- Self-Securing Network Interfaces: What, Why and How. Gregory
R. Ganger, Gregg Economou, Stanley M. Bielski. CMU SCS Technical Report
CMU-CS-02-144, May 2002.
Abstract / Postscript [952K] / PDF [472K]
- Building Firewalls with Intelligent Network
Interface Cards. David Friedman and David Nagle. CMU SCS Technical
Report CMU-CS-00-173, May 2001.
Abstract / Postscript [540K] / PDF [229K]
- Position Summary: Authentication Confidences. Gregory R.
Ganger. Appears in HotOS-VIII (IEEE Workshop on Hot Topics in Operating
Systems), May 2001.
Abstract / Postscript [66K] PDF [16K]
- Authentication Confidences Gregory R. Ganger. CMU SCS Technical
Report CMU-CS-01-123, May 2001.
Abstract / Postscript [335K] PDF [42K]
- Secure Continuous Biometric-Enhanced Authentication Andrew
J. Klosterman and Gregory R. Ganger. CMU SCS Technical Report CMU-CS-00-134,
Abstract / Postscript [1.1M] PDF [245K]
This material is based on research sponsored by the Air Force Research Laboratory, under agreement number F49620-01-1-0433. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Air Force Research Laboratory or the U.S. Government.
We thank the members and companies of the PDL Consortium: Actifio, Avago Technologies, Citadel, EMC Corporation, Facebook, Google, Hewlett-Packard Labs, Hitachi, Intel Corporation, Microsoft Research, MongoDB, NetApp, Inc., Oracle Corporation, Samsung Information Systems America, Seagate Technology, Symantec Corporation, Two Sigma, and Western Digital for their interest, insights, feedback, and support.