Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Wrappers OASIS PI Meeting Feb. 15, 2001 Mark Feldman Lee ftp://ftp.tislabs.com/pub/wrappers.

Published byLeo Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "Enterprise Wrappers OASIS PI Meeting Feb. 15, 2001 Mark Feldman Lee ftp://ftp.tislabs.com/pub/wrappers."— Presentation transcript:

1 Enterprise Wrappers OASIS PI Meeting Feb. 15, 2001 Mark Feldman Lee Badger @nai.com ftp://ftp.tislabs.com/pub/wrappers

2 A Parallel, Collaborative Effort Using Previous DARPA Research Prototypes as a Base Teknowledge: Windows NT/2000 NAI Labs: Multi-Platform, concentrating on Linux under this program ftp://ftp.tislabs.com/pub/wrappers

3 Previous, Host-Based Prototype Design Goals Augment, Transform, Deny all interactions between COTS applications and resources on a COTS system (syscall interface on UNIX, DLLs on NT). High level of abstraction to remove ugliness of kernel or DLL API programming. Elegant, powerful language and environment Portability Non-bypassability

4 Existing UNIX Prototype FreeBSD, Solaris 2.6, Linux 2.2.x, Windows NT About 50K lines of (commented) C, Yacc, Lex, and Java. Now under the GNU GPL! Download it at: ftp://ftp.tislabs.com/pub/wrappers Wrapper Specifications in WDL Program OS Kernel External API Internal API Wrapper Enforcement Layer Program Wrapper GUI “DBMS” W1 W2 … Wn Dynamic OS Kernel Module

5 Accomplishments to Date Validation of hypothesis: practical security-enforcing wrappers can be added to broad-market COTS components with high performance, compatibility, portability. Numerous wrappers implemented: –administrative privilege control, synthetic execution environment, diagnostics, access control... –Suite of intrusion-detection wrappers. –Collection of intrusion-response wrappers. –Napoleon policy-enforcement wrapper. Available on systems of greatest impact. ftp://ftp.tislabs.com/pub/wrappers

6 Enterprise Wrappers Goals  Integrate host-based wrappers into scalable cyber- defense system  Create common, multi-platform, policy-enforcing infrastructure  Populate this infrastructure with useful monitors, authorizers, and controllers  Dynamically ensure a consistent, enterprise-wide policy “Scaling the power of the wrapper to the enterprise”

7 Enterprise Wrappers Objectives NWM Network Schema & Data Hardened System “Soft” System Manager Interface Other IA components, such as intrusion detection, sniffers, secure DNS, IDIP, etc. Boundary Controller... service WMI proxy Control Protocol Data Push/Pull Wrapper Network Interface –Off-board cyber-defense controllers –Off-board communication of wrapper data Host Controller –Manages dynamic insertion and removal of Wrappers –Multi-platform (Linux and NT) –Network-scalable Mutual protection/isolation of Host Controller & Wrappers from the system(s) being protected Linux or NT Wrapper Subsystem Data Base Hardened System(expanded) Host Controller M M M M MediationCocoon App M M M M MediationCocoon App

8 Integrating Enterprise Wrappers into 3GS Architecture Sense Detect Arbitrate Respond Wrapper i Wrapper Integration Modularize into SD,A,R Alerts Out Response Action Out Event access to modules Wrapper Policy Wrapper Policy Protocol Protocol for Arbitrate substitution Arbitrate Host Controller Wrapping Policy Off-BoardOn-Board Host Controller Integration Wrapping Policy Protocol Respond Wrapper Installer

9 Enterprise Wrapper APIs Enterprise lifecycle scales from host-based lifecycle. Deployed Deploy Installed Install Active Activate Sensed Deactivate Defined UndeployUninstall Define Focus Conceptual

10 InstalledDefined Enterprise Wrapper APIs Legend: Generates new instance of target state machine Destroys current instance of source state machine DeployedInstalledActiveDefined DeployInstallActivate UndeployUninstallDeactivate (Wrapper Def.) (Host) (Exec. Inst.) Define Sensed Focus

11 UNIX Wrapper Adapter Wrapper Policy Definition –Compiled WDL program (the wrapper) –Activation Criteria –Database contents for data-driven behavior Interfaces with existing API to allow secure, remote administration Provide publish/subscribe (pull) and push model for all wrapper data (wrappers, alerts, data)

12 0 6 12 18 24 30 36 42 48 Base Task: Options: Months after Project Start Option 3 Option 4 Option 5 Option 6 Option 7 Option 8 Option 9 Option 10 Option 11 Option 12 Option 13 Option 14 Option 1 Option 2 Task 1 Task 2 Host Controller Enterprise Wrapper Infrastructure Privilege Control Wrapper Program Sandboxing Wrapper Controlled Execution Wrapper Spec. Based Intrusion Detection Wrapper Synthetic Execution Environment Wrapper Windows NT Stand-Alone Wrapper Crypto. Resource Protection Wrapper Untrusted Wrapper Protection Intrusion Detection Response Wrapper Authentication Wrapper Integrity Labels Wrapper Host Boundary Controller Composition Safety Analysis Network Shield Controller Prototype Untrusted Wrapper Protection Network Wrapper Manager Project Milestones 0 6 12 18 24 30 36 42 48 9/12/00

13 Recent Work Development of common API Modularity of our LKM to provide –Composability with other LKMs under Linux that intercept system calls –Use of our “database” to other LKMs

14 Questions? ftp://ftp.tislabs.com/pub/wrappers Final Thought

Download ppt "Enterprise Wrappers OASIS PI Meeting Feb. 15, 2001 Mark Feldman Lee ftp://ftp.tislabs.com/pub/wrappers."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
J-Interop Open Source Java COM Bridge. Contents What is it ? Comparison with Java Native interface Comparison with J-Integra® for COM Benefits of using.

J-Interop Open Source Java COM Bridge. Contents What is it ? Comparison with Java Native interface Comparison with J-Integra® for COM Benefits of using.
A Cooperative Approach to Support Software Deployment Using the Software Dock by R. Hall, D. Heimbigner, A. Wolf Sachin Chouksey Ebru Dincel.

A Cooperative Approach to Support Software Deployment Using the Software Dock by R. Hall, D. Heimbigner, A. Wolf Sachin Chouksey Ebru Dincel.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
CS533 Concepts of Operating Systems Class 14 Virtualization.

CS533 Concepts of Operating Systems Class 14 Virtualization.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
The Open Grid Service Architecture (OGSA) Standard for Grid Computing Prepared by: Haoliang Robin Yu.

The Open Grid Service Architecture (OGSA) Standard for Grid Computing Prepared by: Haoliang Robin Yu.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
Understanding Active Directory

Understanding Active Directory
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Emmanuel Cecchet et al.  Performance Scalability of J2EE application servers.  Test effect of: ◦ Application Implementation Methods ◦ Container Design.

Emmanuel Cecchet et al.  Performance Scalability of J2EE application servers.  Test effect of: ◦ Application Implementation Methods ◦ Container Design.
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Similar presentations

Ads by Google