Enterprise Wrappers OASIS PI Meeting August 19, 2002 Bob Balzer Neil Legend: Green Changes from February 02 PI meeting.

Slides:



Advertisements
Similar presentations
NGAS – The Next Generation Archive System Jens Knudstrup NGAS The Next Generation Archive System.
Advertisements

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
SQL Based Data Access Bodo Bachmann.
Chapter 6 Security Kernels.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Chapter 7 HARDENING SERVERS.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
Figure 1.1 Interaction between applications and the operating system.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
A Survey on Interfaces to Network Security
Understanding Active Directory
SP2 Mikael Nystrom. Agenda Översikt Installation.
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
Why Interchange?. What is Interchange? Interchange Capabilities: Offers complete replacement of CommBridge point-to-point solution with a hub and spoke.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.
S E C U R E C O M P U T I N G Intrusion Tolerant Server Infrastructure Dick O’Brien, Tammy Kappel, Clint Bitzer OASIS PI Meeting March 14, 2002.
Intelligent Shipping Container Project IMPACT & INTEL.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Networked Application Architecture Design. Application Building Blocks Application Software Data Infrastructure Software Local Area Network Server Desktop.
Integrity Through Mediated Interfaces PI Meeting: Feb 22-23, 2000 Bob Balzer Information Sciences Institute Legend: Changes from previous.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Enterprise Wrappers OASIS PI Meeting July 24, 2001 Bob Balzer Neil
Module 5: Designing a Terminal Services Infrastructure.
Windows XP Professional Features ©Richard L. Goldman February 5, 2003.
Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules.
The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 Raju Kumar CS598C: Virtual Machines.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Lauran Technology Introducing: “Enterprise Infrastructure” (Optimization from Screen to Screen)
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Introduction to Microsoft Windows 2000 Integrated support for client/server and peer-to-peer networks Increased reliability, availability, and scalability.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
System integration of WAP and SMS for home network system Editor : Chi-Hsiang Wu, Rong-Hong Jan School : the National Chiao Tung University Source : Computer.
GRIDS Center Middleware Overview Sandra Redman Information Technology and Systems Center and Information Technology Research Center National Space Science.
S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.
Integrity Through Mediated Interfaces PI Meeting Feb. 15, 2001 Bob Balzer, Marcelo Tallis Legend: Turquoise Changes from July99.
Integrity Through Mediated Interfaces Bob Balzer Information Sciences Institute
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.
18-1 Summary (Day 2) Learning Summary – What is JXTA ? – Understand the fundamental concepts of JXTA – Learn about the various implementations of.
Integrity Through Mediated Interfaces PI Meeting: July 19-21, 2000 Bob Balzer Teknowledge Legend: Turquoise Changes from July 99.
System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.
Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :
Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.
Integrity Through Mediated Interfaces PI Meeting July 24, 2001 Bob Balzer, Marcelo Tallis Legend: Turquoise Changes from July99.
Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.
Integrity Through Mediated Interfaces PI Meeting August 19, 2002 Bob Balzer, Marcelo Tallis Legend: Turquoise Changes from.
TNA Mobility II By Henry N Jerez. TNA Principles Persistent Identification of all:  Network Components  Services  Users Functionality Abstraction 
February 1999T. Haupt, DATORR meeting1 Gateway System New Generation of WebFlow.
Enterprise Wrappers OASIS PI Meeting March 12, 2002 Bob Balzer Neil Goldman Mahindra
Enterprise Wrappers OASIS PI Meeting Feb. 15, 2001 Mark Feldman Lee ftp://ftp.tislabs.com/pub/wrappers.
Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Chapter 2: The Linux System Part 5.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
COMP1321 Digital Infrastructure Richard Henson March 2016.
Enterprise Enterprise Wrappers for Information Assurance DARPA/SPAWAR Contract N66001-C-8023 Mark Feldman, Wayne Salamon, Steve Kiernan, John Axisa NAI.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Chapter 3: Windows7 Part 4.
Mark Feldman, Lee Badger, Steve Kiernan, Larry Spector,
LINUX SECURITY Dongmei Wu ID: /25/00.
Encryption in Office 365 Shobhit Sahay Technical Product Manager
Increase and Improve your PC management with Windows Intune
Presentation transcript:

Enterprise Wrappers OASIS PI Meeting August 19, 2002 Bob Balzer Neil Legend: Green Changes from February 02 PI meeting

Enterprise Wrappers Goals  Integrate host-based wrappers into scalable cyber-defense system  Create common multi-platform wrapper infrastructure  Populate this infrastructure with useful monitors, authorizers, and controllers

Enterprise Wrappers Objectives Common Network Wrapper Manager NWM Network Schema & Data Hardened System “Soft” System Manager Interface Other IA components, such as intrusion detection, sniffers, secure DNS, IDIP, etc. Boundary Controller... service WMI proxy Control Protocol Data Push/Pull Wrapper Network Interface –Off-board cyber-defense controllers –Off-board communication of wrapper data Host Controller –Manages dynamic insertion and removal of Wrappers –Multi-platform (Linux and NT) –Network-scalable Mutual protection/isolation of Host Controller & Wrappers from the system(s) being protected Linux or NT Wrapper Subsystem Data Base Hardened System(expanded) Host Controller M M M M MediationCocoon App M M M M MediationCocoon App Wrappers Policies Status Alerts

Active Available C++ Policy Editor Enterprise Wrapper APIs Deployable Version Available 12/31/01 Deployed Common Network Wrapper Manager Deploy Installed Host Controller (common API) Install Active Activate Sensed Deactivate Defined UndeployUninstall Define Host Controller (common API) Focus Wrappers Policies Enterprise Version Available 10/1/02

Enterprise Wrappers Current Implementation (as of 2/02) –Network Controller Starts and Terminates processes on controlled desktops Receives Events from controlled desktops –Host Controller Starts and Terminates processes for Network Controller Wraps started processes in accordance with local Wrapper Policy Forwards Events to Network Controller –Inter-Controller Communication via SSL Demo To Do –Deploy Policy to Host Controller

Existing NT Wrappers  Safe Attachments Document Integrity for MS Office  Executable Corruption Detector Protected Path (Keyboard  App.  SmartCard) Local/Remote Process Tracker  No InterProcess Diddling  Safe Web Brower  Safe Office Key:  Policy Driven Wrapper Planned  Single SafeExecution Wrapper Process specific policy

ByPass Prevention Module DLL Uniform mechanism for Intermodule Interactions OS Services Network Sockets CORBA...

ByPass Prevention Mediator added between Module & DLL component Mediator maintains DLL component API Module DLL Uniform mechanism for Intermodule Interactions OS Services Network Sockets CORBA...

OS Kernel Added Kernel Driver Driver ByPass Prevention NTDLL Kernel32 –Direct OS calls Need to Prevent –Direct NTDLL calls Module –Only allows mediated OS calls while in mediator Wrapper registers mediated OS calls Wrapper signals Entering/Leaving

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.