Project-Distribcom:Specific studies: security

Inria / Raweb 2009
Presentation of the Project Distribcom

Section: New Results

Specific studies: security

Participants : Loïc Hélouët, Blaise Genest.

We have performed some work on security issues in the context of the DOTS project, and within a collaboration with the VERTECS team. In DOTS, we are involved in a working group on non-interference. This year, we have mainly focused on two topics, anomaly detection, and covert channels discovery using information theory.

Anomaly detection with diagnosis techniques: We have extended the work initiated last year on anomaly detection. The proposed technique uses partial order diagnosis techniques to discover unusual behaviors, that can be seen as potential intrusions. The approach consists in comparing executions of a running system with a partial order model that describes the “normal” behaviors and interactions of a group of users with the system. When the observation does not correspond to an explanation in the model, (i.e. when diagnosis does not provide a solution for an observation) an alarm is raised. This work relies on the results of [42] . The work initiated last year [43] has been extended to deal with online diagnosis. Being able to perform online security monitoring is an important issue, as post mortem analysis can only take place after an intrusion occurred. We have proposed optimized online algorithms for intrusion detection, and shown under which conditions this online monitoring could be performed with finite memory. This extended work should be submitted to a journal next year.

Covert channels discovery using information theory: In the DOTS project, we have studied covert channels with the help of information theory. Roughly speaking, a covert channel is an obfuscated use of a system to create hidden communication between agents that are not allowed to exchange information. We have adapted work on channel capacities to discover covert flows of information. Namely, if we represent a distributed system with agents $Im1 ${u_1,\#8943 ,u_n}$$ as a transition system, a covert channel can be seen as a way to increase average mutual information between what an agent u_i does and what another agent u_j observes from the system.

This year, in the context of the DST associated team, we started to consider control in order to ensure security of distributed systems. We modeled the distributed system as a system with partial information (each process does not know precisely the state of the other process), where 2 processes have antagonist goal (a zero sum turn based game), with stochastic transition functions. In such cases, stochastic controllers are strictly more powerful than deterministic ones. We give a fix point algorithm to determine from which state there exists a controller for one process that ensures almost surely (resp. with positive probability) to stay in a safe zone. We provide constructively the associated controller, and characterize how much memory it needs. In the case where such a controller does not exist from a given state, we provide a controller for the other process ensuring with positive probability (resp. almost surely) that an unsecure state can be reached. Again, we characterize precisely how much memory is needed.

Logo Inria