FESA (Framework for Enterprise StegAnalysis) Charles D. George, Jr. Masters Project Fall Semester 2012.

Slides:



Advertisements
Similar presentations
J0 1 Marco Ronchetti - Basi di Dati Web e Distribuite – Laurea Specialistica in Informatica – Università di Trento.
Advertisements

11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
ISE 390 Dynamic Web Development Java EE Web Applications.
My First Building Block Presented By Tracy Engwirda 28 September, 2005.
Integrating SOA and the Application Development Framework Shaun O’Brien Principal Product Manager – Oracle JDeveloper / ADF.
Introduction to Java 2 Enterprise Edition About myself –Neutrinos, Cancer Research, IT Applications Today’s topic: J2EE –Context –Advantages –Components.
 Java  Python  Bigtable(Bt) is a distributed storage system for managing structured data that is designed to scale to a very large size.  Query Language.
JBoss Seam: Contextual Components Jason Bechtel
EJB Design. Server-side components Perform –complex algorithms –high volume transactions Run in –highly available environment (365 days/year) –fault tolerant.
© 2005, Cornell University. Rapid Application Development using the Kuali Architecture (Struts, Spring and OJB) A Case Study Bryan Hutchinson
Technion – Israel Institute of Technology Department of Electrical Engineering Software Lab Grades Server on J2EE Technology Edo Yichie Sagee Rosen Supervisor:
Structure of a web application1 Dr Jim Briggs. MVC Structure of a web application2.
Emmanuel Cecchet et al.  Performance Scalability of J2EE application servers.  Test effect of: ◦ Application Implementation Methods ◦ Container Design.
Spring Roo CS476 Aleksey Bukin Peter Lew. What is Roo? Productivity tool Allows for easy creation of Enterprise Java applications Runs alongside existing.
Chapter 10 EJB Concepts of EJB Three Components in Creating an EJB Starting/Stopping J2EE Server and Deployment Tool Installation and Configuration of.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
 Introduction Introduction  Purpose of Database SystemsPurpose of Database Systems  Levels of Abstraction Levels of Abstraction  Instances and Schemas.
S TEGANOGRAPHY The Art of Message Hiding. Cryptography: Securing Information in the Digital Age Part 1: Introduction to Steganography Part 2: Hands-on.
Enterprise Java Bean Matt. 2 J2EE 3 J2EE Overview.
Enterprise JavaBeans. What is EJB? l An EJB is a specialized, non-visual JavaBean that runs on a server. l EJB technology supports application development.
Introduction to J2EE Architecture Portions by Kunal Mehta.
TDDD05 EJB Lab (Part of slides reused from Mikhail’s) Lu Li
第十四章 J2EE 入门 Introduction What is J2EE ?
J2EE Structure & Definitions Catie Welsh CSE 432
Enterprise Java v120131Intro to JavaEE1 Java EE 5 TM Introduction.
Webcommerce Computer Networks Webcommerce by Linnea Reppa Douglas Martindale Lev Shalevich.
CSE 219 Computer Science III Program Design Principles.
IEEE-WVU, Anchorage  1 Steg in the Real World Two examples that move the work of steganalysis out of the lab –The massive data survey of Provos.
Introduction to Web Dimitar Nenchev Ivan Nakov
Shannon Hastings Multiscale Computing Laboratory Department of Biomedical Informatics.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 14 Database Connectivity and Web Technologies.
Tuscany: a SOA framework Jeffrey Guo Accelrys, Inc.
1 Java EE Programming Enterprise JavaBeans. 2 Topics J2EE Overview Enterprise JavaBeans Overview Enterprise Entity Beans Case Study How to build them.
Consultant Effective Patterns and Practices in J2EE George de la Torre.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.
Introduction to EJB. What is an EJB ?  An enterprise java bean is a server-side component that encapsulates the business logic of an application. By.
Introduction to EJB. What is an EJB ?  An enterprise java bean is a server-side component that encapsulates the business logic of an application. By.
Chapter 9 Web Application Design. Objectives Describe the MVC design pattern as used with Web applications Explain the role and responsibilities of each.
Java Programming: Advanced Topics 1 Enterprise JavaBeans Chapter 14.
©NIIT Introducing Enterprise JavaBeans (EJB) Lesson 1A / Slide 1 of 43J2EE Server Components Objectives In this lesson, you will learn about: The features.
Introduction – ORM, Helloworld Application
EJB Enterprise Java Beans JAVA Enterprise Edition
Expense Tracking System Developed by: Ardhita Maharindra Muskan Regmi Nir Gurung Sudeep Karki Tikaprem Gurung Date: December 05 th, 2008.
SDJ INFOSOFT PVT. LTD. 2 BROWSERBROWSER JSP JavaBean DB Req Res Application Layer Enterprise server/Data Sources.
EJB. Introduction Enterprise Java Beans is a specification for creating server- side scalable, transactional, multi-user secure enterprise-level applications.
Digital Steganography Jared Schmidt. In This Presentation… Digital Steganography Common Methods in Images Network Steganography Uses Steganalysis o Detecting.
Enterprise Java Beans. Contents  Understanding EJBs  Practice Section.
The Holmes Platform and Applications
Digital Steganography
J2EE Platform Overview (Application Architecture)
Introduction to DBMS Purpose of Database Systems View of Data
J2EE Lecture 6: Spring – IoC and Dependency Injection
Enterprise JAVA Bean.
Structure of a web application
Web Routing Designing an Interface
Welcome
EJB (Enterprise Java Beans)
Digital Forensics 2 Lecture 2: Understanding steganography in graphic files Presented by : J.Silaa Lecture: FCI Based on Guide to Computer Forensics and.
Introduction to J2EE Architecture
Enterprise Java Bean. Overview of EJB View of EJB Conversation Roles in EJB, Types of Enterprise Beans Lifecycle of Beans Developing Applications using.
Java EE Overview The problem Java Enterprise Edition attempts to solve: maximize the use of Java technologies by providing a suite of Java technology specifications.
ISE 390 Dynamic Web Development
Java EE Overview The problem Java Enterprise Edition attempts to solve: maximize the use of Java technologies by providing a suite of Java technology specifications.
Understanding and Designing with EJB
Introduction to DBMS Purpose of Database Systems View of Data
Component-based Applications
Understanding and Designing with EJB
Developing and testing enterprise Java applications
Enterprise Java Beans.
Knowledge Byte In this section, you will learn about:
Presentation transcript:

FESA (Framework for Enterprise StegAnalysis) Charles D. George, Jr. Masters Project Fall Semester 2012

Background Steganography – art of hiding messages such that only the sender and recipient are aware Steganalysis – art of detecting messages hidden with steganography The relationship between steganography and steganalysis is similar to that of cryptography and cryptanalysis.

Steganography Digital steganography (1985) Media files images, audio, video, ect Images are the most popular – JPEG – TIFF – PNG – GIF – BMP Thousands of tools exist

Steganalysis Statistical analysis – Spectrum – Inconsistencies with compression Signatures – Specific bit patterns – Identifiable header information, ect Most tools are one-off and try to detect specific algorithms Cat and mouse game as new steg algorithms emerge

FESA Utilize existing research on steganography detection Modular, extensible, robust Plugin framework for steganography detection algorithms Suitable for an Enterprise Scalable

Enterprise Technologies Enterprise JavaBeans (EJBs) JavaServer Faces (JSF) Java DB (Derby) RESTful WS (JAX-RS) CDI (Web Beans) Java Persistence (JPA) Java Web Start (JavaWS)

Design

Design :: Plugin Framework Rolled my own plugin framework Reuses parts of Java ServiceProvider mechanism Dynamically adds/removes plugins at runtime Plugins represented as third-party jars – Implement a service provider interface Each plugin loaded into it’s own classloader Internal map tracks current plugins

Design :: Business Logic Encapsulates all the functionality of the system Plugin management Invoking plugins for steganography detection Database communication Security

Design :: PluginsBean Singleton JavaBean (One instance) – There should only be one view of the plugins Loads plugins from plugins directory Listens on that directory for files being created/deleted Manages adding, removing, and querying plugins Processes a PluginRequest and responds with a PluginResponse. Has defined roles “PluginAdmin” – Only users of this group can modify plugins

PluginBean :: PluginRequest

PluginBean :: PluginResponse

PluginBean :: Security PluginBean is annotated Security enforced by GlassFish Users are created and placed in groups Groups are mapped to roles Only users in group “PluginAdmin” have access to modify plugins

Design :: DetectionBean Stateless bean – New instance per request (detection request) – Automatically thread for performance ect Computes mime type and hash Database interaction for previous results Invokes all plugins that match the file’s mime type Processes DetectionRequest and responds with a DetectionResponse

DetectionBean :: DetectionRequest

DetectionBean :: DetectionResponse

Design :: REST Web Services Two web service methods are available – Handle plugin and detection requests Produce/Consume XML Use contexts and dependency inject to call a bean to process the request (Plugin/Detection) annotation is used for CDI XML requests/responses are automaticalled converted into objects with JAXB – Java classes (POJOs) are annotated with JAXB annotations These objects are passed to the beans

Design :: Database Used to store results of files that have been processed Efficient since duplicate files don’t need to be reprocessed Dirty flag is enabled when plugins change which will require reprocessing DetectionResponse class is annotated as an Entity that maps to the database schema – Allows for injection of persistence context and easily persist/retrieve results

Database :: Detection Response

Database :: Detection Technique Result

Code Walk Through

Demonstration

Questions?