Presentation is loading. Please wait.

Presentation is loading. Please wait.

SWAMI 1 SUPER WORM ANALYSIS MECHANISM Prof. Jerry Breecher.

Published byAugustine Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "SWAMI 1 SUPER WORM ANALYSIS MECHANISM Prof. Jerry Breecher."— Presentation transcript:

1 SWAMI 1 SUPER WORM ANALYSIS MECHANISM Prof. Jerry Breecher

2 SWAMI 2 MARKETING REQUIREMENTS DOCUMENT PRODUCT MOTIVATION This document describes the need for a product that will detect suspicious and foreign processes running on Super Computer Company Hardware. Recent events in the UNIX world have shown that undesirable elements can run amok when given unlimited processing power. SCC customers have expressed great concern that their machines may be attacked by such a mechanism.

3 SWAMI 3 MARKETING REQUIREMENTS DOCUMENT PRODUCT DESCRIPTION/REQUIREMENTS To meet this need, it is proposed that SCC Engineering undertake a project to produce SWAMI, the Super Worm Analysis MechanIsm. 1. SWAMI should be able to detect the presence of a foreign process before it has done serious damage to the SCC machines. The procedure for doing this is currently undefined and will be determined by engineering. 2. SWAMI should be a standalone package, requiring no other SCC software. 3. SWAMI should require no user interaction during normal operation; only in the case of intruder detection should interaction be necessary. 4. Intruder detection should be signaled in an auditory and/or visual and/or sensual fashion.

4 SWAMI 4 MARKETING REQUIREMENTS DOCUMENT PRODUCT DESCRIPTION/REQUIREMENTS 5. The intruder must be detected before damage can occur. 6. Although SWAMI is continually monitoring, it is essential that it use less than 5% of the CPU on the machine; less than 1% would be ideal. 7. The time from intruder detection to alert received must be less than 5 seconds. 8. The time from intruder detection to termination of intruder must be such that the intruder can do no damage. 9. The amount of memory/disk/other resources used must be ½ that of the competition. 10. The number of false alarms/month allowed is 0.

5 SWAMI 5 MARKETING REQUIREMENTS DOCUMENT COMPETITION: The_Competition has recently introduced its TGIF system (The_Competition Guts Intruders Fast ). The_Competition customers have expressed satisfaction with the functionality (no intruders have been reported in the first three months of operation.) These same customers have not been happy with performance however; hearsay evidence has it that TGIF can require up to 10% additional CPU power on a The_Competition system. The_Competition is reportedly planning a performance release to address customer concerns.

6 SWAMI 6 PROJECT PLAN DESCRIPTION OF PROJECT COSTS DO NOT READ AHEAD UNTIL YOU HAVE COMPLETED THE EXERCISE FOR THE MRD

7 SWAMI 7 FUNCTIONAL SPECIFICATION FUNCTIONAL DESCRIPTION : In order to keep monitoring activity to a minimum, the legality of a program is verified when a program is first executed. This is a one-time verification cost and was chosen over the more costly mechanism of scanning/verifying all processes at fixed time intervals. Legality of a program to run on a particular system is given at either link time or via a "legalize_executable" command. In other words, an executable becomes legal on a system either by virtue of having been linked on that system or by being imported and then "legalized" by an authorized individual.

8 SWAMI 8 FUNCTIONAL SPECIFICATION GURU: GURU (Global Universal Resource Unit) is a distributed server, running on all machines of a system. It is responsible for: Maintaining and protecting a 100-byte unique hardware number, common to all machines in the system. Producing a magic number that is placed in the program image file at link or "legalize_executable" time. Verifying that the magic number in a program image is OK.

9 SWAMI 9 FUNCTIONAL SPECIFICATION VARIOUS DETAILS: Communication with GURU is via a pipe. Set up this pipe with GURU using open_pipe on the file >system>guru_pipe_file. When a machine comes on line within a system, a mechanism is provided which will synchronize the GURU programs running on each machine and guarantee that they all have the same hardware number. A system call, get_guru_hardware_number allows the GURU server to obtain the hardware number stored in the system. The Operating System guarantees that it really is GURU asking for this information.

10 SWAMI 10 FUNCTIONAL SPECIFICATION LEGALIZATION: Program legalization occurs either at link time or at "legalize_executable" time. The steps used are as follows: Either the linker or the legalize-pm program sends a pipe request to GURU using msg_send, with the "message" parameter containing: The key word "LEGALIZE ". Creation time in ASCII format YY-MON-DD:HH:MM:SS. The program name followed by a. The complete pathname of the directory, in which the executable file will be placed, followed by a. The linker or the legalize_executable program receives a reply back from GURU using msg_receive_reply, with the "message" parameter containing: The 100 byte magic number that is to be placed in the program image file.

11 SWAMI 11 FUNCTIONAL SPECIFICATION VERIFICATION: Program verification occurs at execution time. The steps to be followed include: 1. The Operating System sends a request to GURU using msg_send, with the "message" parameter containing: The key word "VERIFY ". Creation time in ASCII format YY-MON-DD:HH:MM:SS. The program name followed by a. The complete pathname of the directory, in which the executable file is located, followed by a. The 100 byte magic number that was found in the program image file. 2. The system obtains an answer from GURU using msg_receive_reply, with the "message" parameter containing: "MAGIC NUMBER VERIFIED " or "MAGIC NUMBER INVALID ".

12 SWAMI 12 DESIGN SPECIFICATION DO NOT READ AHEAD UNTIL WE HAVE COMPLETED THE EXERCISE FOR THE FUNCTIONAL SPEC

13 SWAMI 13 DESIGN SPECIFICATION DESIGN DESCRIPTION GURU (Global Universal Resource Unit) is a distributed server, running on all machine of a system. It is responsible for:  Maintaining and protecting a 100-byte unique hardware number, common to all machines in the system.  Producing a magic number that is placed in the executable file at link or "legalize_executable" time.  Verifying that the magic number in an executable is OK.

14 SWAMI 14 DESIGN SPECIFICATION LEGALIZATION AND VERIFICATION: GURU receives requests using a msg_receive; the parameters received were described in the functional spec. If the keyword is "LEGALIZE", then Multiply together the ASCII values of the creation_time, program name, and creation directory. Multiply the product just obtained with the 100-byte hardware number to produce the magic number. Use a msg_send_reply to return the magic number.

15 SWAMI 15 DESIGN SPECIFICATION LEGALIZATION AND VERIFICATION: GURU receives requests using a msg_receive; the parameters received were described in the functional spec. If the keyword is "VERIFY", then Multiply together the ASCII values of the creation_time, program name, and creation directory. Multiply the product just obtained with the 100-byte hardware number to produce the magic number. Compare the magic number produced here, with the magic number submitted by the requestor. Use n msg_send_reply to return the appropriate answer to the requestor.

16 SWAMI 16 DESIGN SPECIFICATION INITIALIZATION: When GURU is initialized upon machine startup, it obtains the 100-byte hardware number using a get_guru_hardware_number. It opens pipes with the GURU incarnations on all the other machines of the system and broadcasts its 100-byte number. The other servers respond either with an "OK" or with a "WE'VE GOT A PROBLEM". In the latter case, the system administrator will get involved and sort everything out.

Download ppt "SWAMI 1 SUPER WORM ANALYSIS MECHANISM Prof. Jerry Breecher."

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Operating Systems Components of OS

Operating Systems Components of OS
Operating-System Structures

Operating-System Structures
Computer-System Structures Er.Harsimran Singh www.ProgrammingPlaza.com.

Computer-System Structures Er.Harsimran Singh
Configuration management

Configuration management
Slow Control LHCf Catania Meeting - July 04-06, 2009 Lorenzo Bonechi.

Slow Control LHCf Catania Meeting - July 04-06, 2009 Lorenzo Bonechi.
1 Concurrency: Mutual Exclusion and Synchronization Chapter 5.

1 Concurrency: Mutual Exclusion and Synchronization Chapter 5.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Network Operating Systems Users are aware of multiplicity of machines. Access to resources of various machines is done explicitly by: –Logging into the.

Network Operating Systems Users are aware of multiplicity of machines. Access to resources of various machines is done explicitly by: –Logging into the.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
1 Concurrency: Mutual Exclusion and Synchronization Chapter 5.

1 Concurrency: Mutual Exclusion and Synchronization Chapter 5.
Process Description and Control Module 1.0. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.

Process Description and Control Module 1.0. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.
Process Description and Control Chapter 3. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.

Process Description and Control Chapter 3. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.
1 Process Description and Control Chapter 3. 2 Process Management—Fundamental task of an OS The OS is responsible for: Allocation of resources to processes.

1 Process Description and Control Chapter 3. 2 Process Management—Fundamental task of an OS The OS is responsible for: Allocation of resources to processes.
Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.

Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.
2: OS Structures 1 Jerry Breecher OPERATING SYSTEMS STRUCTURES.

2: OS Structures 1 Jerry Breecher OPERATING SYSTEMS STRUCTURES.
Experiment: Step by Step Author: Anna Bekkerman

Experiment: Step by Step Author: Anna Bekkerman
Chapter 11 Operating Systems

Chapter 11 Operating Systems
© Lethbridge/Laganière 2001 Chap. 3: Basing Development on Reusable Technology 1 Let’s get started. Let’s start by selecting an architecture from among.

© Lethbridge/Laganière 2001 Chap. 3: Basing Development on Reusable Technology 1 Let’s get started. Let’s start by selecting an architecture from among.
Objectives The key roles an architecture description plays in a software project. The key roles an architecture description plays in a software project.

Objectives The key roles an architecture description plays in a software project. The key roles an architecture description plays in a software project.

Similar presentations

Ads by Google