2. Self-protection refers to the ability for a system to detect
illegal behaviors and to fight-back intrusions with counter-
measures. Self protection in a clustered distributed system is
based on the structural knowledge of the cluster and of the
distributed applications. This knowledge allows to detect
known and unknown attacks if an illegal communication
channel is used.
3. The complexity of today’s distributed computing
environments is such that the presence of bugs and
security holes is statistically unavoidable.
A very promising approach to this issue is to
implement a self protected system which refers to the
capability of a system to protect itself against
intrusions.
4. Self -protection in a clustered distributed system presents a
self- protected system context of cluster –based
applications.
We consider that hardware environment is composed of a
cluster of machines interconnected through a local area
network.
The software environment is composed of a set of
application components deployed on the cluster.
5.
6. The main tools and techniques currently used are
Intrusion detection
Two main approaches have been explored to ensure intrusion
detection :
I)misuse intrusion detection and
II)Anomaly intrusion detection.
These approaches are used in firewalls and intrusion detection
system.
7. Backtracking tools:
Backtracking tools record data about system activity so
that once intrusion attempt has been detected, it is
possible to detect sequence of events that led to
intrusion and potential extent of damage.
Self-protected systems:
Self-protected systems are systems which are able to
autonomously fight back intrusions in real time.
Root sense, multi level intrusion detection system are
examples of self-protecting systems.
8. Misuse intrusion detection cannot detect unknown
attacks, Anomaly intrusion detection can detect
unknown attacks but price a lot.
Backtracking tools can help to automate parts but
human expertise is required for accurate
understanding of attack.
9. Any attempt to use an undeclared communication
channel is trapped and a recovery procedure is
executed automatically.
Legal communication channels are automatically
calculated from hardware and software architectures of
the system and are used to generate protection rules
that forbid the use of unspecified channels.
10.
11. Minimizes the perturbation on the managed system while
providing a high reactivity.
Automates the configuration of security components
when the system evolves.
Detects and blocks any deviation from communication
channels.
Isolate the machine belonging to cluster that breaks
communication channels.
12. In future self-protection in a clustered distributed
system has to be focused on spotting intruders
respecting the expected control flow and targeting
different protocols.
13. The detection of an illegal behavior triggers a counter -
measure to isolate the compromised resources and
prevent further damages. Self -protection in a clustered
distributed system targets controlled environments and
silent attacks.