ABHIJIT PATHAK ABHIJIT PATHAK

Roadmap Introduction Introduction System Overview System Overview System Architecture System Architecture Detailed Design Detailed Design Fault Tolerance Fault Tolerance Results Results Future Work Future Work

Introduction Inherent security threats in networking Inherent security threats in networking What is a file integrity checker ? What is a file integrity checker ? Concept of mobile agents Concept of mobile agents File Integrity checker with mobile Agents File Integrity checker with mobile Agents

System Overview Ajanta Mobile Agent Platform Ajanta Mobile Agent Platform FileProc Agent and FileMon Agent FileProc Agent and FileMon Agent Two Phase Operation of System Two Phase Operation of System Initialization Phase Initialization Phase Monitoring Phase Monitoring Phase User Interface User Interface

System Architecture Ajanta Architecture Overview Ajanta Architecture Overview File Integrity Checker Architecture File Integrity Checker Architecture

File Integrity Checker Architecture Host A Launching Host Host BHost C Agent Server Launcher FMFM FP Database FMFM FMFM FMFM FM – File Monitor Agent FP – File Processor Agent FP – File Processor Agent

Design Alternatives Agent Carrying File signatures Agent Carrying File signatures Agent Carrying File Names Agent Carrying File Names Implementation Decision Factors Implementation Decision Factors Avoid carrying signatures Avoid carrying signatures Lightweight Agents Lightweight Agents

Important Features Usability and Flexibility Usability and Flexibility Creation of multiple Agent pairs Creation of multiple Agent pairs Monitoring with various frequencies Monitoring with various frequencies Catering to different monitoring attributes Catering to different monitoring attributes

Monitoring Options Host Based Settings Host Based Settings Recursive monitoring of directories Recursive monitoring of directories Non-recursive monitoring of directories Non-recursive monitoring of directories Exclusion of files/directories Exclusion of files/directories File/Directory based settings File/Directory based settings Specifying various attributes Specifying various attributes

Configuration File host:newton.cs.umn.edu /home/grad09/apathak/proj-a !/usr/lib/link_audit/64 /usr/include-ab =/dev-ai

Configuration Flags -a:Ignore changes in last access time -m:Ignore changes in last modification time -c:Ignore changes in file creation time -i:Ignore change in i-node information -u:Ignore change in user id of file owner -g: Ignore change in group id of file owner -s:Ignore change in file size -b:Ignore change in allocated disk blocks for file -p: Ignore change in access permissions -h:Ignore change in the file contents hash value

Launcher Extension of Agent Server Extension of Agent Server Parsing the Configuration file and generating itinerary Parsing the Configuration file and generating itinerary Creation and Launch of Agents Creation and Launch of Agents User Interface thread User Interface thread Three Launching Modes Three Launching Modes Initialization and Monitoring Initialization and Monitoring Initialize only Initialize only Monitor Only Monitor Only

Database Design Signature Tables Signature Tables File Attributes with hostnames File Attributes with hostnames Directory-file name mapping tables Directory-file name mapping tables Event Table Event Table File Added Event File Added Event File Deleted Event File Deleted Event File Changed Event File Changed Event Report Generator tool Report Generator tool

Fault Tolerance Failure of Agent Server Failure of Agent Server Additional intelligence in Agents Additional intelligence in Agents Failure of Agents Failure of Agents User configurable timeout mechanism User configurable timeout mechanism

Results The System is deployed on 15 hosts The System is deployed on 15 hosts Average statistics per host Average statistics per host Number of files :8830 Number of files :8830 File size (in bytes) :20757 File size (in bytes) :20757 Bytes sent per file :175 Bytes sent per file :175 Agent residency time :Approx 8 minutes Agent residency time :Approx 8 minutes Type of files being monitored Type of files being monitored System Binaries System Binaries System Libraries System Libraries System Header files System Header files

Results The following scenarios were detected successfully The following scenarios were detected successfully Changing contents of log files by removing or adding single and/or multiple lines Changing contents of log files by removing or adding single and/or multiple lines Changing owner information of file Changing owner information of file Moving files to and from various directories Moving files to and from various directories Replacing binary file with another file with same name and size Replacing binary file with another file with same name and size

Results Removing entire directory recursively with all files in it Removing entire directory recursively with all files in it Changing file deep in directory hierarchy for recursive monitoring mode Changing file deep in directory hierarchy for recursive monitoring mode Changing access times of the files by opening those without modifications Changing access times of the files by opening those without modifications

Future work Sensing the load on hosts before launching Agents Sensing the load on hosts before launching Agents Customizing Report Generating tool Customizing Report Generating tool Integration of Launcher and Report Generation UI Integration of Launcher and Report Generation UI Porting System to various platforms including windows NT Porting System to various platforms including windows NT

Thank You