Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecture of a Proactive Security Tool Vivek Ramachandran.

Published byThomas Wheeler Modified over 9 years ago

Similar presentations

Presentation on theme: "Architecture of a Proactive Security Tool Vivek Ramachandran."— Presentation transcript:

1 Architecture of a Proactive Security Tool Vivek Ramachandran

2 What does a proactive tool do? Tool makes dynamic decisions at runtime based on information collected from the network. “Sniff – decide – Inject” The tool logically is divided into 3 parts: The sniffer logic The injection logic The decision logic These three communicate via some IPC mechanism e.g. pipes, message queues, shared memory This is as cool a tool can get ! :D

3 Architecture of a Proactive Security Tool Main() InjectorSniffer Ethernet Interface Decide Action Create Sniffer threadCreate Injector thread Sniff packets Inject packets Send inputs Send output of decision (1) (3) (2) (4) (5)(6)

4 1.Create sniffer thread 2.Create injector thread 3.Sniff packets from the network 4.Send inputs to the decision module 5.Send output of decision to injector 6.Inject packets 7.Goto step 3: Architecture of a Proactive Security Tool

5 1.Create sniffer thread 2.Create injector thread 3.Sniff packets from the network 4.Send inputs to the decision module 5.Send output of decision to injector 6.Inject packets 7.Goto step 3: Architecture of a Proactive Security Tool Multi threaded programming

6 1.Create sniffer thread 2.Create injector thread 3.Sniff packets from the network 4.Send inputs to the decision module 5.Send output of decision to injector 6.Inject packets 7.Goto step 3: Architecture of a Proactive Security Tool Raw Sockets

7 1.Create sniffer thread 2.Create injector thread 3.Sniff packets from the network 4.Send inputs to the decision module 5.Send output of decision to injector 6.Inject packets 7.Goto step 3: Architecture of a Proactive Security Tool IPC – message queues

8 Multithreading basics Threads are light-weight processes –only local variables in a function are copied (e.g. each thread has its own stack) –most other data is shared between threads (e.g. global variables & the heap) –runs in parallel with the main thread pthreads is the POSIX threads standard pthread_create() is used to create a thread Takes a function to execute as input Takes an argument to pass to that function pthread_join() is used by the parent to wait for daughter threads to finish execution Visit http://www.llnl.gov/computing/tutorials/pthreads/ for a comprehensive tutorialhttp://www.llnl.gov/computing/tutorials/pthreads/

9 IPC – Message Queue basics Message Queues are linked lists of messages maintained by the kernel Processes are allowed to read and write messages from and to a message queue if they have requisite permissions Allows for an asynchronous form of communication For a comprehensive yet easy to understand tutorial visit http://beej.us/guide/ipc/mq.html http://beej.us/guide/ipc/mq.html

10 msgget() to create a message queue Need to use ftok() to create the key msgsnd() to send message into a queue Message should be of format: struct message{ long mtype; // Mandatory char data[1]; … } msgrcv() to receive a message from the queue IPC – Message Queue basics

11 What tools will we make? GenericTool.c : A tool which articulates the architecture discussed in this ppt GenericTool-1.c: A modified version of the above to illustrate message transmission using message queues ArpDos: A tool to illustrate the working of the above architecture. It does a denial of service on the network by replying to every Arp request it sees on the network

12 Let the games begin !!

Download ppt "Architecture of a Proactive Security Tool Vivek Ramachandran."

Similar presentations

Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.

Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.
Modified from Silberschatz, Galvin and Gagne ©2009 Lecture 7 Chapter 4: Threads (cont)

Modified from Silberschatz, Galvin and Gagne ©2009 Lecture 7 Chapter 4: Threads (cont)
Concurrency CS 510: Programming Languages David Walker.

Concurrency CS 510: Programming Languages David Walker.
Improving IPC by Kernel Design Jochen Liedtke Presented by Ahmed Badran.

Improving IPC by Kernel Design Jochen Liedtke Presented by Ahmed Badran.
3.5 Interprocess Communication Many operating systems provide mechanisms for interprocess communication (IPC) –Processes must communicate with one another.

3.5 Interprocess Communication Many operating systems provide mechanisms for interprocess communication (IPC) –Processes must communicate with one another.
Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.

Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.
Learning Objectives Understanding the difference between processes and threads. Understanding process migration and load distribution. Understanding Process.

Learning Objectives Understanding the difference between processes and threads. Understanding process migration and load distribution. Understanding Process.
3.5 Interprocess Communication

3.5 Interprocess Communication
1 Chapter 4 Threads Threads: Resource ownership and execution.

1 Chapter 4 Threads Threads: Resource ownership and execution.
Threads Chapter 4. Modern Process & Thread –Process is an infrastructure in which execution takes place  (address space + resources) –Thread is a program.

Threads Chapter 4. Modern Process & Thread –Process is an infrastructure in which execution takes place  (address space + resources) –Thread is a program.
Chapter 4.1 Interprocess Communication And Coordination By Shruti Poundarik.

Chapter 4.1 Interprocess Communication And Coordination By Shruti Poundarik.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Chapter 51 Threads Chapter 5. 2 Process Characteristics  Concept of Process has two facets.  A Process is: A Unit of resource ownership:  a virtual.

Chapter 51 Threads Chapter 5. 2 Process Characteristics  Concept of Process has two facets.  A Process is: A Unit of resource ownership:  a virtual.
Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.

Programming Multi-Core Processors based Embedded Systems A Hands-On Experience on Cavium Octeon based Platforms Lab Exercises.
CS252: Systems Programming Ninghui Li Final Exam Review.

CS252: Systems Programming Ninghui Li Final Exam Review.
Chapter 8 Windows 2000. 2 Outline Programming Windows 2000 System structure Processes and threads in Windows 2000 Memory management The Windows 2000 file.

Chapter 8 Windows Outline Programming Windows 2000 System structure Processes and threads in Windows 2000 Memory management The Windows 2000 file.
Operating Systems CMPSC 473 Threads September 16, 2010 - Lecture 7 Instructor: Bhuvan Urgaonkar.

Operating Systems CMPSC 473 Threads September 16, Lecture 7 Instructor: Bhuvan Urgaonkar.
1 Lecture 4: Threads Operating System Fall 2006. 2 Contents Overview: Processes & Threads Benefits of Threads Thread State and Operations User Thread.

1 Lecture 4: Threads Operating System Fall Contents Overview: Processes & Threads Benefits of Threads Thread State and Operations User Thread.
Process Management. Processes Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication.

Process Management. Processes Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication.
Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.

Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.

Similar presentations

Ads by Google