Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research & Development Roadmap 1. Outline A New Communication Framework Giving Bro Control over the Network Security Monitoring for Industrial Control.

Published byChristopher Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "Research & Development Roadmap 1. Outline A New Communication Framework Giving Bro Control over the Network Security Monitoring for Industrial Control."— Presentation transcript:

1 Research & Development Roadmap 1

2 Outline A New Communication Framework Giving Bro Control over the Network Security Monitoring for Industrial Control Systems Parallelism on Concurrent Architectures 2

3 COMMUNICATION NG 3

4 Communication Today Primitives Sending events &synchronized Limitations Model doesn’t scale; no hierarchies Loose semantics: best effort service No integration with persistence Implementation lacks robustness Two separate protocol implementations 4

5 Initial Proposal Extend event propagation Routing Subscription groups Push/pull models Remove &synchronized (and the proxies...) Add global, persistent data structure Probably just key/value store Explicit API 5

6 Initial Proposal (cont’d.) Implementation “Data nodes” in charge of tables; nodes attach Receive updates and broadcast them back out Limit values to atomic data types Use existing libraries Implement as a library Trading “magic” for better semantics and control 6

7 GIVING BRO CONTROL OVER THE NETWORK 7

8 Objectives Bro controls what it sees Adapt the front-end load-balancing Bro controls what the network does Block, steer, shape 8

9 Targeting 100 Gb/s... 9 Source: ESNet

10 Science DMZs 10 Source: ESNet 100 G 10/10 0G

11 Science DMZ Switch Control APIAPI 100 Gb/s Cluster 11 100G Load-balancer 100G Load-balancer 10GE Bro Cluster APIAPI Control BorderRouterBorderRouter 100GE

12 Transparent Script Interface Packet Acquisition drop(entity) sample(entity) notify(entity, cond) Packet Control drop(entity) sample(entity) throttle(entity) redirect(entity, destination) 12

13 Transparent Script Interface (cont’d.) “Entity” could be very different things... Plugins implement what hardware supports 13

14 SECURITY MONITORING FOR ICS 14

15 Industrial Control Systems Critical resources, yet lacking in protection Often legacy hardware hard to protect Not built with security in mind Class IDS not a good fit Attacks rare / unknown Behavioral approaches don’t take context into account 15

16 Industrial Control Systems (cont’d.) Significant potential through incorporating semantics Understand protocols Bro-style Create visibility Develop models of what we should be seeing Anomaly detection could actually work here 16

17 First steps... Protocol support in 2.2 Modbus DNP3 Only basic script analysis so far 17

18 Research Thrusts (1) Measurement study: What do we see? Actors, workloads, cross-site characterization As we do that, extend Bro’s logging Environments Municipal water and gas plants Campus power-plant Building automation at a large research lab Looking for more... 18

19 Research Thrusts (2) Semantic models for monitoring Statistical profiling Summary statistics framework Power Grid State Model PLC Memory Maps 19

20 PLC Memory Maps 20 Categorize registers Constant, attribute, continuos Derive predictive models... and validate them

21 PARALLELISM ON CONCURRENT ARCHITECTURES 21

22 Concurrency Potential 22

23 Concurrent Analysis 23 Network Event Engine Protocol Decoding Policy Script Interpreter Analysis Logic Logs Events Packets Notification

24 Architecture 24 Event Engine NetworkNetwork Events Notification Script Threads Scripting Language Event Engine Threads Event Engine Threads Packet Analysis Detection Logic DispatcherDispatcher Packet Dispatcher (NIC)

25 Thread1Thread1Thread2Thread2Thread3Thread3Thread4Thread4……ThreadnThreadn Parallel Event Scheduling 25 Threaded Script Interpreter Queue http_request Conn A http_request Conn B conn_rejected Orig X conn_rejected Orig X conn_rejected Orig Y http_reply Conn B http_request Conn A http_reply Conn A

26 New Platform: Abstract Machine 26 First-class networking types built-in Containers with state management support Platform for building high-level, reusable functionality on Domain-specific concurrency model Well-defined, contained execution environment Domain- specific Data Types Robust/Secure Execution Concurrent Analysis High-level Standard Components State Management Timers can drive execution Real-time Performance Support for incremental processing Extensive optimization potential Scalability through parallelization Static type-system, and robust error handling Compilation to native code A High-Level Intermediary Language for Traffic Inspection

27 HILTI Toolchain 27 A High-Level Intermediary Language for Traffic Inspection

28 Research Questions How to identify state dependencies? Static program analysis to drive scheduling How to leverage hardware capabilities? E.g., network processors, hardware lookup modules 28

29 HILTI enables more... 29 BinPAC++ Demo

30 Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin 30

Download ppt "Research & Development Roadmap 1. Outline A New Communication Framework Giving Bro Control over the Network Security Monitoring for Industrial Control."

Similar presentations

10/04/2001 Associate Professor CS Department University of Valenciennes France Dr. Dhavy Gantsou.

10/04/2001 Associate Professor CS Department University of Valenciennes France Dr. Dhavy Gantsou.
Declarative sensor networks David Chu Computer Science Division EECS Department UC Berkeley DBLunch UC Berkeley 2 March 2007.

Declarative sensor networks David Chu Computer Science Division EECS Department UC Berkeley DBLunch UC Berkeley 2 March 2007.
Overview: Chapter 7  Sensor node platforms must contend with many issues  Energy consumption  Sensing environment  Networking  Real-time constraints.

Overview: Chapter 7  Sensor node platforms must contend with many issues  Energy consumption  Sensing environment  Networking  Real-time constraints.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Scripting Languages For Virtual Worlds. Outline Necessary Features Classes, Prototypes, and Mixins Static vs. Dynamic Typing Concurrency Versioning Distribution.

Scripting Languages For Virtual Worlds. Outline Necessary Features Classes, Prototypes, and Mixins Static vs. Dynamic Typing Concurrency Versioning Distribution.
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Establishing the overall structure of a software system

Establishing the overall structure of a software system
Computer Science Linux Dionisys: A Kernel-Based Approach to QoS Management Richard West & Jason Gloudon Operating Systems & Services Group.

Computer Science Linux Dionisys: A Kernel-Based Approach to QoS Management Richard West & Jason Gloudon Operating Systems & Services Group.
CprE 458/558: Real-Time Systems

CprE 458/558: Real-Time Systems
5 th Biennial Ptolemy Miniconference Berkeley, CA, May 9, 2003 MESCAL Application Modeling and Mapping: Warpath Andrew Mihal and the MESCAL team UC Berkeley.

5 th Biennial Ptolemy Miniconference Berkeley, CA, May 9, 2003 MESCAL Application Modeling and Mapping: Warpath Andrew Mihal and the MESCAL team UC Berkeley.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
PALM-3000 Software Architecture T. TRUONG Team Meeting #7 27 February 2008.

PALM-3000 Software Architecture T. TRUONG Team Meeting #7 27 February 2008.
Architectural Design, Distributed Systems Architectures

Architectural Design, Distributed Systems Architectures
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 11 Slide 1 Architectural Design.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 11 Slide 1 Architectural Design.
(1) Modeling Digital Systems © Sudhakar Yalamanchili, Georgia Institute of Technology, 2006.

(1) Modeling Digital Systems © Sudhakar Yalamanchili, Georgia Institute of Technology, 2006.
ADLB Update Recent and Current Adventures with the Asynchronous Dynamic Load Balancing Library Rusty Lusk Mathematics and Computer Science Division Argonne.

ADLB Update Recent and Current Adventures with the Asynchronous Dynamic Load Balancing Library Rusty Lusk Mathematics and Computer Science Division Argonne.

Similar presentations

Ads by Google