Abstracting Security Specifications in Building Survivable SystemsWednesday, 8:30, Lincoln-Roosevelt Room
Authors
PRESENTATION
- J. Jenny Li and Mark Segal, Bellcore
We have designed a specification-based intrusion detection and prevention infrastructure for building survivable information systems[1]. In that work, we specify security-related behaviors declaratively in a high-level language called Auditing Specification Language (ASL). This specifi-cation is then compiled into optimized programs for efficient detection and prevention of com-puter and network intrusions. Our method is efficient and powerful in intrusion prevention, detection and isolation. This paper intends to automate the process of obtaining ASL specifica-tions. The automation has many advantages: 1) It reduces the chances of human errors; 2) It adapts quickly to new attacks; 3) It reduces the cost in training ASL programmers; 4) It provides solid theoretical proving of the completeness of the specification; and 5) It allows the infrastruc-ture to detect previously unknown attacks.
This paper considers the case when the specification of the software behavior is expressed in a formalism based on communicating extended finite state machines. The specification language SDL is used as a concrete example. The automation approach includes 3 steps: 1) identifying invariants in the vulnerable services, 2) back tracking to find the usage of the negation of the invariants, and 3) expressing the negation usage in ADL using data structures defined in the orig-inal program.
We are experimenting this approach on a small service-provider system. We will describe the settings for the experiments in the later part of the paper. The analysis of the experimental results is in progress. One future research direction is to use the generated ASL specification to catch more sophisticated attacks such as the ones involving more than one host.
Ms J. Jenny Li is a research scientist in Software Environment Research department of Telcordia Technologies (formerly Bellcore). Her current research interests include security, software reliability, and software architecture. She received her Ph.D in Computer Engineering from Univ. of Waterloo, Canada in 1996. She is a member of IEEE.