Скачать презентацию Protection of cloud computation by verifying software for Скачать презентацию Protection of cloud computation by verifying software for

Tumanov_Presentation_0_8.pptx

  • Количество слайдов: 14

Protection of cloud computation by verifying software for destructive properties Presenter: Tumanov Yury University: Protection of cloud computation by verifying software for destructive properties Presenter: Tumanov Yury University: National Research Nuclear University “MEPh. I”, dept № 42 “Cryptology and discrete math” Russia & CIS Round 20– 22 February 2013 State Engineering University of Armenia Yerevan, Armenia PAGE 1 |

Research actuality Cloud computations usage prognosis Statistics of malware amount growth % of all Research actuality Cloud computations usage prognosis Statistics of malware amount growth % of all computation environment Sample amount, mln. Year Cisco Global Cloud Index: Forecast and Methodology, 2010 -2015 PAGE 2 | Year Security Bulletin 2011, G Data Software AG

The comparative analysis of malware detection methods in cloud computations Methods requirements The absence The comparative analysis of malware detection methods in cloud computations Methods requirements The absence of opportunity not to detect software, that has known destructive property Observed methods Signature methods Proactive methods Verification methods + – + + + – + – – + The ability to automatize methods The detection of new and modified software destructive property The absence of requirement of permanent cloud computation environment resources usage The ability of formal conclusion about absence or existence of destructive property in software PAGE 3 |

Research goal Methods requirements The absence of opportunity not to detect software, that has Research goal Methods requirements The absence of opportunity not to detect software, that has known destructive property Signature methods Observed methods Proactive Verification methods Author’s methods + – + + + + – – + + The ability to automatize method The detection of new and modified software destructive property The absence of requirement of permanent cloud computation environment resources usage The ability of formal conclusion about absence or existence of destructive property in software PAGE 4 |

The intruder model The intruder has the next opportunities: the intruder has full knowledge The intruder model The intruder has the next opportunities: the intruder has full knowledge hardware and software cloud computation environment; the intruder has all the resources to develop software for observed cloud computation environment; the intruder has only opportunity to add software to cloud computation environment by legal way. PAGE 5 |

The proposed model of software representation like the painted control flow graph May the The proposed model of software representation like the painted control flow graph May the software sample be described by cortege R = {U, W, h, Uc, V, f, Vc}, where U – software control flow graph modes multiplicity; W – observed programming language words multiplicity; h – control flow graph U nodes reflection h: W U Uc; Uc – painted control flow graph nodes multiplicity; V – control flow graph edges multiplicity; f – reflection f: V Vc; Vc {Ucx. Uc} – edges multiplicity, which consists of elements, that belongs to Uc multiplicity, such as, that an edge exists if and only if, when an edge that matches it exists in V multiplicity; Then Gc = {Uc, Vc} is a painted control flow graph. PAGE 6 |

The painted control flow graph Control flow graph node mark Start Word representation of The painted control flow graph Control flow graph node mark Start Word representation of instructions set PAGE 7 | End

The proposed software classifying attribute formal description Software classifying attribute is described by the The proposed software classifying attribute formal description Software classifying attribute is described by the cortege CR = {W, D, PD, DPD, ψ, P, }, where W – observed programming language words multiplicity; D – painted dominator multiplicity; PD – painted postdominator multiplicity; DPD – painted dominator-postdominator multiplicity; ψ – reflection, ψ: D DPD PD P; P – all paths multiplicity from dominator multiplicity to postdominator multiplicity through dominator-postdominator multiplicity. PAGE 8 |

The proposed representation of software destructive properties Node mark Start Random control flow subgraph The proposed representation of software destructive properties Node mark Start Random control flow subgraph Nodes list, which for the node is a postdominator Nodes list, which for the node is a dominator Word representation of instructions set End PAGE 9 |

Classification task setting It is required to classify verified software multiplicity to determine two Classification task setting It is required to classify verified software multiplicity to determine two equivalence classes: software, which have destructive properties – C(M) and software, which have not destructive properties – C( ) PAGE 10 |

The proposed software classification criteria. Statement 1. Painted nodes p∈P and uc∈Gc are similar, The proposed software classification criteria. Statement 1. Painted nodes p∈P and uc∈Gc are similar, if DL(p, uc)≤θ, where DL(p, uc) – Damerau–Levenshtein transformation, θ – edit operations amount on a word, that has been painted to a node. Statement 2. Paths gc∈Gc and t∈P are similar, if for each painted node p, that enters to a path t, there exists such painted node uс, that enters to a path gc, if DL(p, uc)≤θ. Statement 3. R C( ), if there exists at least one path gc∈Gc, that is similar to a path t∈P for any software destructive property, which are represented by cortege CR. Statement 4. R C(M), if for any path gc∈Gc there does not exist a similar path t∈P for any software destructive property, which are represented by cortege CR. The classification criteria is existence of similar paths t∈P and gc∈Gc. PAGE 11 |

The proposed methods representation algorithm Start Internal software representation creation Detection of verified software The proposed methods representation algorithm Start Internal software representation creation Detection of verified software control flow graph nodes that are similar to nodes in destructive properties descriptions Nodes revealed? Yes Detection of verified software control flow graph paths that are similar to paths in destructive properties descriptions No Software classification as having not destructive properties No Paths revealed? Yes Software classification as having destructive properties End PAGE 12 |

Main research results There has been synthesized mathematical model of software representation There has Main research results There has been synthesized mathematical model of software representation There has been created the software formal description classification attribute There has been proposed software classification algorithm, based on Damerau–Levenshtein transformation There has been synthesized the methods of protection of cloud computation by verifying software for destructive properties PAGE 13 |

THANK YOU Presenter: Tumanov Yury University: National Research Nuclear University “MEPh. I”, dept № THANK YOU Presenter: Tumanov Yury University: National Research Nuclear University “MEPh. I”, dept № 42 “Cryptology and discrete math” Russia & CIS Round 20– 22 February 2013 State Engineering University of Armenia Yerevan, Armenia PAGE 14 |