1. Java Embedded Network Intrusion Security
Java Embedded Network Intrusion Security
Abstract
Network security has become an essential component of nearly every commercial and government organization. System administrators maintain a constant struggle to stay ahead of new security attacks, patching holes and ensuring proper configuration of software. The Java Embedded Machine (JEM) is a unique solution to network monitoring. It allows for dedicated processing of network information to detect intrusions and other possible security hazards.
Objective
The goal of this project is to use the JEM board to monitor network activity and be able to alert a host computer of any possible breaches in security. A host computer receives the information from the JEM board that the algorithms find questionable. The questionable packets are then stored on the host computer for further analysis and logging of prolonged attacks.
Some information will be stored on the JEM for statistical purposes. The statistics will be available via a web interface.
Network Security
Network security is needed to prevent unauthorized access by remote computers.
Java Embedded Machine (JEM)
In the middle to late 1990s, engineers at the Advanced Technology Center at Rockwell Collins brought forth a unique idea: Since the Java language consists of byte codes, it should theoretically be possible to create a microprocessor (CPU) which uses these Java byte codes as its native machine language.
Technical Problem
The ethernet port allows the JEM to reside on the network by itself and to transmit packets to a dedicated host computer.
Operating Environment
Local Area Network
Interface with a PC
Intended User and Uses
Network administrators
Security Research
Assumptions and Limitations
Portability is the primary goal of the system
Speed of the JEM processor
Memory space available
JEM memory management system
Design Objectives
Goal – develop a system to monitor a network and detect security violations
Hardware – Rockwell-designed Java Embedded Machine (JEM)
Software – written in the JAVA language
Functional Requirements
Monitor network traffic
Transmit relevant packets
Detect security intrusions
Local and remote (web-based) interfaces
Design Constraints
Memory management
Memory space
JEM CPU speed
Ethernet 10Mb/s
Measurable Milestones
Project plan (goal: 100% completion)
Project poster (goal: 100% completion)
Design report (goal: 100% completion)
Project presentation (goal: 100% completion)
Interface (Java/Web-based) (goal: 100% completion)
Packet collection (goal: 80% of packets) - all packets on the visible on the network should be captured for analysis.
Intrusion detection (goal: 85% of intrusions) - security intrusions should be detected and dealt with, including user notification.
End product description
The final product will be a portable ethernet network device to monitor network traffic for potential security hazards. The device will strip the headers off of each packet and store them for analysis on a remote computer. This allows the device to spend all of its CPU time looking at packets on the network while the remote computer will log potential security risks and further analyze the packets for ongoing problems.
The device will be able to connect to the host computer via serial port in order to update software. Updating the software will allow for better algorithms to identify security risks. Additionally, the device will be accessible from the Internet, allowing the remote user to look at the status of the device. The logins will be done securely.
May01-10 Members
Jamie Anderson EE
Dakota Bailey CprE
Joe Bruner CprE
Joe Clark CprE
Austin Thompson CprE
Theron Weimer CprE
Rockwell
Collins
Acknowledgments
Client: Rockwell Collins, Cedar Rapids, IA
Contact: Brian Jacobowitz
Advisor: Dr. Doug Jacobson
Budget and Effort
Estimated Total Hours: hours
Estimated Total Cost: $165