LATTICE-BASED FIREWALL FOR SAFETY INTERNET ACCESS

Transcription

1 Proceedngs of the Postgraduate Annual Research Semnar LATTICE-BASED FIREWALL FOR SAFETY INTERNET ACCESS Cahyo Crysdan and Abdul Hanan Abdullah The Faculty of Computer Scence and Informaton System Unverst Teknolog Malaysa Skuda Johor Darul Ta zm Malaysa Tel: Fax: Abstract: Ths paper deals wth an effort to provde safety Internet access by mnmzng the condtons causng threats. A model vsualzng the nteracton between network users and Internet objects was developed to dsclose the sources of Internet threats. Strategy for securng Internet access was drawn from ths approach. Implementaton to brng ths strategy nto real-lfe Internet protecton was conducted by developng a network frewall employng lattce-based method to organze the nteracton between the protected nternal users and Internet objects. Experments to check the constructed frewall proved that the developed strategy s effectve n restrctng the access of unprotected users to un-trusted Internet objects. Keywords Frewall, Lattce-Based, Internet Securty, Network, Threat Model 1. INTRODUCTION Nowadays Internet becomes more and more mportant to many organzaton nformaton systems. In facts, many actvtes requre the exstence of Internet connecton. They span from smple Internet access such as updatng ant vrus tools or readng newspaper artcles to a complex and crtcal task such as conductng e-commerce transacton or holdng onlne surveys by many publc meda. Snce Internet has also been known become the sources of many securty ncdents, protectons for the users accessng Internet are requred. Popular method for provdng users protecton appled by many organzatons s to put frewall between nternal network and the Internet. However some reports [1][2][3] dsclose unsatsfed frewall performance due to vary Internet contents and rapd changng of Internet technology besdes changng on the methods of launchng attacks. A number of research efforts such as [4][5][6][7] have been attemptng to deal wth ths condton by mprovng frewall mechansm. Mostly they afford to create a mechansm capable to response automatcally on the changng attack. The term dynamc, adaptve and actve securtes were born from these research communtes. These efforts besdes offerng some degree of flexblty also create other problems such as the ncrease of algorthm complexty [6] and the possblty of DOS attack [8]. Therefore the outcomes of the enhancement of frewall technology are ndfferent to the tradtonal frewall. Ths paper addresses ths ssue and affords to redefne a soluton to mprove the performance of frewall to provde protecton for organzaton network and nternal users accessng Internet. 2. INTERNET THREAT Internet has been known as the sources of many securty ncdents. Threats of Internet can be classfed nto two groups.e. human acton and malcous code. The frst group ncludes the acton of hackng, spoofng, snffng and eavesdroppng, whle the second group ncludes vrus, worm, Trojan horse, trapdoor. Buffer overflow and nformaton theft commtted by a malcous program can be classfed nto the second group as well. Whle frewalls are very effectve to deter the frst group of attack, they lack performance to stop the acton of malcous code [1][2][9]. The reasons of ths condton are twofold. Frst, current frewall technology have no capablty to sense the envronment where they have to guard. The way frewall work s to flter and nspect the traffc flowng through t. Second, malcous code behaves as normal traffc content when t s travellng through the frewall. Therefore malcous code capable to reach the protected nternal network undetected. Survey of Whtman [10] found that the attack of malcous code become the top threat endangerng many organzaton nformaton systems. Ths condton s worsen by the wdely use of web scrpt njecton to explot the vulnerablty of Internet connecton as reported by Huang et al. [9].

2 Proceedngs of the Postgraduate Annual Research Semnar MODEL DEVELOPMENT Developng a model to fgure out the nteracton between nternal network users and Internet objects, n whch set theory s employed, s an effectve approach to provde a protecton strategy for organzaton nternal network. Three condtons are rased from ths model.e. safe, controlled and threat. Descrpton of the model follows. Let U becomes a doman of nternal network users that conssts of two safety regons.e. protected p and unprotected up, then each user u U can be defned as a tuple < p, up > wth p and up pont to the area allocated for each user n the protected and unprotected regon respectvely. Illustraton of ths model s depcted n Fgure 1. Assumng that a user s an entty, therefore p + up = 1 must be fulflled for each u =< p, up >. Total users exst n the network can be computed by the followng equaton u = p + (1) Equaton 1 can also be used to compute the protected value up u network. Full-protected p u T and unprotected value that represent the safety factor of a Protected users (p) User 1 p = 1 up = 0 User 2 p = 0.75 up = 0.25 User 3 p = 0.5 up = 0.5 Unprotected users (up) User 4 p = 0.25 up = 0.75 Half-protected User 5 p = 0 up = 1 ( up ) u Un-protected Fgure 1. Model of nternal network users Model of Internet objects s smlarly defned as network users. A doman of Internet objects O s dvded nto two safety regons.e. trusted t and un-trusted ut. An object o O s defned as a tuple < t, ut > n whch for each u o =< t, ut > the followng equaton must be fulflled t + ut = 1 (2) consderng that an object s also an entty. Illustraton of Internet object model s depcted n Fgure 2. Full-Trusted Trusted objects (t) Object 1 t = 1 ut = 0 Object 2 t = 0.75 ut = 0.25 Object 3 t = 0.5 ut = 0.5 Un-trusted objects (ut) Object 4 t = 0.25 ut = 0.75 Half-Trusted Object 5 t = 0 ut = 1 Un-Trusted Fgure 2. Model of Internet objects Model of Internet access s bult by ntersectng the defned model of network users and Internet objects. Integraton of both models produces a new Internet access model as llustrated n Fgure 3. Ths model creates some ntersected regons as the product of nteracton between protected and unprotected users wth trusted and un-trusted Internet objects. Those regons correspond to several safety condtons as lsted below: Safe Up Ot (protected users and trusted Internet objects) Controlled1 Up Out (protected users and un-trusted Internet objects) Controlled2 Uup Ot (unprotected users and trusted Internet objects) Threat Uup Out (unprotected users and un-trusted Internet objects)

3 Proceedngs of the Postgraduate Annual Research Semnar Network Users Unprotected users (U up ) Protected users (U p ) Controlled Threat (U up O ut ) Safe (U p O t ) Internet Objects Un-trusted objects (O ut ) Controlled Trusted objects (O t ) Fgure 3. Model of Internet access Referrng to the model of Internet access as shown n Fgure 3, t s clear that the condton causng threats s produced by the nteracton between unprotected users and un-trusted objects. Therefore mnmzng the regon of nteracton between unprotected users and untrusted object s requred. From ths pont, ths regon s always referred to threat regon. 4. MINIMIZING THREAT Effort to mnmze threat regon s requred to have secure Internet access. Based on the result of Internet access model developed n the last secton, three strateges can be executed to reduce threat regon as follows: To mnmze (unprotected user U up regon) Ths strategy s held by nstallng more protecton tools such as ant vrus, personal frewall and ntruson detecton n users machne. However too many protecton tools nstalled n the user machne can reduce the performance of the machne. To mnmze (un-trusted object O ut regon) It s done by flterng Internet traffc n the frewall to prevent malcous content from enterng nternal network. Ths strategy however leads to reduce network flexblty, as all network traffc wll be scrutnzed. To mnmze U (threat regon) up O ut Applyng securty prorty to control the nteracton between unprotected users and un-trusted objects can be held to restrct the access to threat regon. Compared to other strateges, ths approach delvers several added advantages such as havng better mechansm to mantan network flexblty, and t does not reduce the performance of user machne as well. Therefore ths strategy s carred on the mplementaton as dscussed more detal n next secton. 5. LATTICE-BASED NETWORK FIREWALL A network frewall s developed to mplement the strategy for mnmzng threat condton as explaned n the prevous secton. A strategy for mnmzng U s carred up O ut out due to ts drect mpact to reduce threat regon. To carry on ths approach, lattce-based method as proposed by Dennng [11] and represented by Sandhu [12] s used as the foundaton for developng frewall mechansm. Implementaton s explaned as follow. Let u m U becomes an m th user wth protecton level of an nternal network, and let o j n O becomes an n th Internet object wth predetermned safety level j. Access request of u m j o n user to object s granted by the frewall f only f j. Ths polcy can be represented by the followng equaton: Access: j u o j (3) Equaton 3 states that protecton level of a network user must be greater or at least equal to safety level of an Internet object for the requrement of frewall for grantng access of a user to an Internet object. It becomes the basc mechansm of the developed lattce-based frewall. Implementaton s held by desgnng three protecton levels of users.e. protected, half-protected and unprotected, and three safety level of Internet objects.e. trusted, half-trusted and un-trusted. Interactons of each protecton level of users and safety level of objects are presented n Fgure 4. m n

4 Proceedngs of the Postgraduate Annual Research Semnar Network Users Protected users (+1) Frewall Internet Objects Un-trusted objects (j=+1) the developed algorthm apply whch s not stated s prohbted approach to guarantee the deployment of securty polcy by lattce-based frewall. Half-protected users () Unprotected users (-1) Half-trusted objects (j=) Trusted objects (j=-1) Fgure 4. Mechansm of lattce-based frewall Assumng protected users are guarded by ant vrus, personal frewall and spy-sweeper, the developed protecton levels hold the followng crtera: Protecton level 1 (unprotected) s owned by a group of machnes havng IP address /24. No securty tool s nstalled n user machne. Protecton level 2 (half-protected) s owned by a group of machnes havng IP address /24. Only ant vrus s nstalled n user machne. Protecton level 3 (protected) s owned by a group of machnes havng IP address /24. All avalable securty tools are nstalled n user machne. Whle crtera for the developed trusted levels are lsted as follows: Trusted level 1 (trusted) s gven to a group of Internet objects havng characters as educaton-orented, popular and become the standard qualty for scentfc publcaton purposes. IEEE, ACM and Elsever are the members of ths group. Trusted level 2 (half-trusted) s for Internet objects havng characters as publc news orented and popular. Readers Dgest, CNN and Kompas are the members of ths group. Trusted level 3 (untrusted) s for Internet objects havng functon as search engne such as Google, Altavsta and Infoseek. 6. EXPERIMENT Lattce-based frewall that was developed usng Redhat Lnux 7.3 on Intel Pentum IV 1.8GHz machne wth 128 Kbytes RAM and 40 GB local dsk, was tested on a networkng envronment as depcted n Fgure /24 Elsever, ACM, IEEE Readers Dgest, CNN, Kompas Google, Altavsta, Infoseek Internal Network / /24 Fgure 5. Expermental set up Internet Lattce-based frewall Three user machnes holdng IP addresses , and are used to represent protecton levels 1, 2 and 3 respectvely. Meanwhle nne Internet objects are classfed and represent three trusted-levels as follows. Elsever, ACM and IEEE represent trusted level 1. Readers Dgest, CNN and Kompas represent trusted level 2, and Google, Altavsta and Infoseek represent trusted level 3. Experment was conducted by accessng each Internet object from each partcpated user machne. Expermental results measurng tme consumpton and the output of applyng access polcy by lattce-based frewall are recorded n Table 1. Any other types of Internet objects are not classfed n ths mplementaton due to lmted trusted level bult n the prototype. Therefore they cannot be reached by network users snce

5 Proceedngs of the Postgraduate Annual Research Semnar Table 1. Result of testng of lattce-based frewall Tme Consumpton Internet Objects Protecton Level 1 (seconds) Protecton Protecton Level 2 Level 3 (seconds) (seconds) No access No access No access No access No access No access No access access No access 37.4 Table 1 shows successful Internet access restrcton usng lattce-based frewall n whch relatvely small tme consumpton s obtaned from the experment. And Fgure 6 below presents the graph comparson of tme measurement of accessng Internet usng lattcebased frewall for each protecton level. Varaton of the measured tme consumpton here s due to shared network bandwdth used durng the experment. As has been known, peak network usage wll slow down the speed of Internet access. 01: : : : : : : :00.0 Prot ect on Level 1 Prot ect on Level 2 Prot ect on Level 3 Fgure 6. Tme consumpton of accessng Internet from each protecton level 7. RELATED WORKS There have been some lmted works on formulatng and developng ntellgent frewall. The effort of Eschelbeck [5] and Network Assocates [4] for proposng actve securty s motvated by dssatsfacton on statc confguraton of today s frewall technology that unable to follow the pace of dynamc e- commerce transacton. Actve frewall developed by Eschelbeck and Network Assocates s able communcate to other securty components such as ant-vrus tool, PKI server, vulnerablty scanner and ntruson detecton system. However as noted by Haxn et al. [3], t can rase performance decreasng and asymmetrc routng problem snce other supportng securty components are not specfcally assgned for supportng the operaton of actve frewall. Other work held by Hunt and Verwoerd [6] wth reactve frewall, apples the approach to change frewall confguraton based on network traffc utlzaton. However the functon of frewall to govern securty aspect especally from the attack of malcous code s not evaluated n the experment. Meanwhle the desgn of actve frewall developed by Lehtonen et al. [13] for wreless applcaton does not show any deployment of securty polcy. No experment has been reported from ths effort. In [7], desgn and performance evaluaton of embedded frewall concludes that network transmsson rate and the number of securty rules nfluence the performance of frewall. 8. CONCLUSION An effort to develop strategy to provde safety Internet access requres an effectve approach to localze the sources of threats. In ths paper, a model vsualzng the nteracton of network users and Internet objects s presented. Ths model provdes three strateges for mnmzng the condton causng Internet threats.e. reducng the number of unprotected users, flterng un-trusted Internet objects, and mnmzng the nteracton between unprotected users and un-trusted Internet objects. Ths research deals wth thrd strategy by buldng a lattce-based frewall to restrct the access of unprotected users to un-trusted objects. Ths way a threat regon can drectly be mnmzed, whle access to trusted objects or access done by protected users could stll be mantaned. 9. REFERENCES [1] W. Arbaugh, Frewalls: An Outdated Defense, IEEE Computer Socety Press, Vol. 36, No. 6, pp , [2] D.M. Kenzle and M.C. Elder, Recent Worms: A Survey and Trends. The Workshop on Rapd Malcode WORM 03, Washngton DC, USA, pp. 1-10, October [3] D. Haxn, W. Janpng, and L. Xng, Polcy-Based Access Control Framework for Large Networks. Proceedngs of IEEE Internatonal Conference on Networks ICON 2000, Sngapore, pp , 5-8 September 2000.

6 Proceedngs of the Postgraduate Annual Research Semnar [4] Network Assocates, The Actve Frewall: The End of the Passve Frewall Era, Network Assocates Inc.: A Network Assocates Executve Whte Paper, [5] G. Eschelbeck, Actve Securty A Proactve Approach For Computer Securty System, Journal of Network and Computer Applcatons, Vol. 23, pp , [6] Hunt, R. and Verwoerd, T. (2003), Reactve Frewall: A New Technque, Elsever Computer Communcatons Journal, Volume 26, Issue 12, 21 July 2003, pp [7] Y. Guo and R. L, Desgn and Performance of Frewall System Based on Embedded Computng, GCC 2003 Lecturer Notes on Computer Scence 3032, pp , [8] S. Kamara, S. Fahmy, E. Schultz, F. Kerschbaum and M. Frantzen, Analyss of Vulnarbltes n Internet Frewalls, Elsever Computers and Securty Journal, Volume 22, No. 3, pp , [9] Y.W. Huang, F. Yu, C. Hang, C.H. Tsa, D.T. Lee and S.Y. Kuo, Securng Web Applcaton Code by Statc Analyss and Runtme Protecton, The Thrteenth Internatonal World Wde Web Conference, New York, USA, pp , May [10] M.E. Whtman, Enemy at the Gate: Threats to Informaton Securty, ACM Communcatons, Vol. 46, No. 8, pp , August [11] D.E. Dennng, A Lattce Model of Secure Informaton Flow, Communcatons of ACM, Vol. 19, No. 5, pp , May [12] R.S. Sandhu, Lattce-Based Access Control Models, IEEE Computer, Vol. 26, No. 11, pp. 9-19, [13] Lehtonen, S., Ahola, K., Kosknen, T. Lyjynen, M. and Pesola, J. (2003). Roamng Actve Flterng Frewall. Proceedngs of Smart Objects Conference SOC 2003, Grenoble France, May 2003.