Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Wrappers OASIS PI Meeting March 12, 2002 Bob Balzer Neil Goldman Mahindra

Published byEmory Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "Enterprise Wrappers OASIS PI Meeting March 12, 2002 Bob Balzer Neil Goldman Mahindra"— Presentation transcript:

1 Enterprise Wrappers OASIS PI Meeting March 12, 2002 Bob Balzer Neil Goldman Mahindra Pai @Teknowledge.com

2 Enterprise Wrappers Goals  Integrate host-based wrappers into scalable cyber-defense system  Create common multi-platform wrapper infrastructure  Populate this infrastructure with useful monitors, authorizers, and controllers

3 Enterprise Wrappers Objectives NWM Network Schema & Data Hardened System “Soft” System Manager Interface Other IA components, such as intrusion detection, sniffers, secure DNS, IDIP, etc. Boundary Controller... service WMI proxy Control Protocol Data Push/Pull Wrapper Network Interface –Off-board cyber-defense controllers –Off-board communication of wrapper data Host Controller –Manages dynamic insertion and removal of Wrappers –Multi-platform (Linux and NT) –Network-scalable Mutual protection/isolation of Host Controller & Wrappers from the system(s) being protected Linux or NT Wrapper Subsystem Data Base Hardened System(expanded) Host Controller M M M M MediationCocoon App M M M M MediationCocoon App

4 Original Project Challenges Deployable Enterprise Wrappers –Host Controller –Network Wrapper Manager –Wrappers (developed by other projects) Additional Wrappers Research Large-Scale Wrapper Policy Management Added

5 Active Available Enterprise Wrapper APIs Deployable Version Available 12/31/01 Deployed Deploy Installed Install Active Activate Sensed Deactivate Defined UndeployUninstall Define Focus

6 Enterprise Wrappers Current Implementation –Network Controller Starts and Terminates processes on controlled desktops Receives Events from controlled desktops –Host Controller Starts and Terminates processes for Network Controller Wraps started processes in accordance with local Wrapper Policy Forwards Events to Network Controller –Inter-Controller Communication via SSL Demo To Do –Deploy Policy to Host Controller

7 Contained Execution + Accept Modifications Additional Wrapper Research Fault-Tolerating Wrappers –Monitor Program Behavior –Record Persistent Resource Modifications –Delay Decision Point by making changes undoable File, Registry, Database, Communication Changes Lock access to updates by other processes until accepted –Provide Undo-Execution Facility Invoked by after-the-fact Intrusion Detection Effect: Reverse Attack Progress Untrusted Wrappers –Isolate Mediators from code being wrapped –Enforce Mediator Interface Monitors (only observe) Authorizers (only allow/prevent invocation) Transformers –Modify parameters and/or return –Supply service on their own

8 Situation Awareness Very Large Network Wide Area Network Network Operations Center Middle Managers Enclave Local Area Network Host Process Host Process Large-Scale Wrapper Policy Management PolicyAlerts

9 Existing NT Wrappers  Safe Email Attachments Document Integrity for MS Office  Executable Corruption Detector Protected Path (Keyboard  App.  SmartCard) Local/Remote Process Tracker  No InterProcess Diddling  Safe Web Brower  Safe Office Key:  Policy Driven Wrapper Planned

10 Policy Management (by Mission Category) Baseline (Protect Resources) Application Control –Only Authorized Applications Add and Remove Authorized Applications –Only Mission Critical Applications Add and Remove Critical Applications –No Spawns Initiated by Remote Users Media Control –No Streaming Media –No Active Content Override Control –No Local Danger/Alert Overrides –Terminate all processes violating policy Contained Execution Contained Execution Contained Execution Contained Execution Contained Execution Registry Contained Execution

Download ppt "Enterprise Wrappers OASIS PI Meeting March 12, 2002 Bob Balzer Neil Goldman Mahindra"

Similar presentations

Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.

Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Understanding Active Directory

Understanding Active Directory
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.

Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Similar presentations

Ads by Google