hilarie orman purple streak, inc. and consulting to pnp networks eitan fenson, rich howard, phil...
TRANSCRIPT
![Page 1: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/1.jpg)
Hilarie Orman
Purple Streak, Inc.
And consulting to
PnP Networks
Eitan Fenson, Rich Howard, Phil Straw
![Page 2: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/2.jpg)
Collaboration for the Common Collaboration for the Common GoodGood
• People like to donate CPU cycles– Breaking a cipher (DES)– Factoring large numbers– Data sifting for extraterrestrial intelligence
• People like to protect their computers– Viruses– Trojan Horses
• People should like to donate CPU cycles for searching for secure application software configurations
• Disclaimer: we haven’t started this yet!
![Page 3: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/3.jpg)
The Search for Extraterrestrial The Search for Extraterrestrial Security ConfigurationsSecurity Configurations
• SETI uses thousands of volunteer computers for data mining astrophysical signals
• Easy to sign up and get an assignment
• Can we use this approach to discover how to securely configure our computers ?
![Page 4: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/4.jpg)
Least PrivilegeLeast Privilege
• No more capability than is necessary to get the job done
• Classic failures surround Unix and root privileges• Examples:
– File permissions: read but not write– Temporary files: readable by owner only– Subjobs only if content and application are trusted
• A multi-dimensional min/max problem– Too little privilege too little functionality– Too much privilege too little security
![Page 5: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/5.jpg)
How to Rank Privileges?How to Rank Privileges?
• Strict ordering: Administrator trumps user*, root trumps user*
• Subsets: (read, write) trumps (read)• Set size: (execute, *) trumps (execute, /bin)• Visibility: writing to the network trumps writing
to hard drive• Information flow: “create executable with A
permissions” and “A permissions allow network server connections” leads to “proprietary data release”
![Page 6: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/6.jpg)
Negative InformationNegative Information• If the privilege levels are too high, what goes wrong?
– Privilege escalation– Unauthorized information use– Resource misappropriation
• Detection methods:– Virus scanning– Intrusion detection software– Environment monitoring (storage side-effects)– Execution monitoring (writing files in system areas,
network access, etc.)– Anything unusual
![Page 7: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/7.jpg)
Learning from Event RecordsLearning from Event Records• Collect application privilege information
– Configuration files, registry settings, observed usage
• Collect monitored data– Watchers monitor task lists, new files, network connections,
etc.
• Anonymize and index it• Learning
– Cluster– Min/max
• Distribute recommended privileges for common usage patterns
![Page 8: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/8.jpg)
Large-Scale ArchitectureLarge-Scale Architecture
• Distributed P2P database: Volunteer machines contribute their own, anonymized event records
• Higher tier of P2P “Planners” develop data mining tasks and assign them to volunteers
• Volunteers retrieve required database records and crunch the data
• Higher tier analyzes results and finds optimal configuration sets
• Publish results on webpage or in P2P system
![Page 9: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/9.jpg)
Collaborative Black-box Collaborative Black-box Execution MonitoringExecution Monitoring
Application NameVersionResourceParametersAction/EventResultSummaryAnonymized ID
![Page 10: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/10.jpg)
Upper Tier Analysis and Upper Tier Analysis and Computation PlanComputation Plan
Cluster Analysis of SummariesAssignments for parcels of machine learning from database portions
![Page 11: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/11.jpg)
Distributed LearningDistributed LearningWork assignmentDatabase piecesAlgorithmReport station
Work assignmentDatabase pieces
AlgorithmReport station
Fetch database records
Application
Profile
Parameter/value
Resource/value
Learned quantum
![Page 12: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/12.jpg)
Research QuestionsResearch Questions• Can we get enough information from configurations
and monitoring to do this?– Fine-grained (system call) monitoring necessary?– Is there enough “ground truth” to learn?
• Will the learning algorithms find useful optimal points?• Can we distribute the learning algorithm over
thousands of machines? Will the resulting traffic create hot spots?
• Are the learning algorithms vulnerable to manipulation?
![Page 13: Hilarie Orman Purple Streak, Inc. And consulting to PnP Networks Eitan Fenson, Rich Howard, Phil Straw](https://reader036.vdocument.in/reader036/viewer/2022082713/5697bf6f1a28abf838c7d28f/html5/thumbnails/13.jpg)
What Other Uses?What Other Uses?
Grass roots healthInformation, trends,treatments, outcomes
Geneaology throughDNA matching (becareful about whatyou wish for!)
Whole worldonline realtimemapping project;Coordinated GPS,webcams, photos