1 / 10

Enterprise Wrappers OASIS PI Meeting March 12, 2002

Enterprise Wrappers OASIS PI Meeting March 12, 2002. Bob Balzer Neil Goldman Mahindra Pai <balzer,ngoldman,mpai>@Teknowledge.com. Enterprise Wrappers Goals. Integrate host-based wrappers into scalable cyber-defense system Create common multi-platform wrapper infrastructure

griffith
Download Presentation

Enterprise Wrappers OASIS PI Meeting March 12, 2002

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enterprise WrappersOASIS PI MeetingMarch 12, 2002 Bob Balzer Neil Goldman Mahindra Pai <balzer,ngoldman,mpai>@Teknowledge.com

  2. Enterprise WrappersGoals • Integrate host-based wrappers into scalable cyber-defense system • Create common multi-platform wrapper infrastructure • Populate this infrastructure with useful monitors, authorizers, and controllers

  3. Hardened System(expanded) Boundary Other IA components, M M Mediation Mediation Cocoon Cocoon Controller such as intrusion detection, App App sniffers, secure DNS, IDIP, etc. M M M M service M M service Host Controller ... Linux or NT WMI proxy Wrapper Data Base Subsystem “Soft” System Enterprise Wrappers Objectives NWM Interface Network Schema & Data Manager • Wrapper Network Interface • Off-board cyber-defense controllers • Off-board communication of wrapper data • Host Controller • Manages dynamic insertion and removal of Wrappers • Multi-platform (Linux and NT) • Network-scalable • Mutual protection/isolation of Host Controller & Wrappers from the system(s) being protected Data Push/Pull Control Protocol Hardened System

  4. Original Added • Additional Wrappers Research • Large-Scale Wrapper Policy Management Project Challenges • Deployable Enterprise Wrappers • Host Controller • Network Wrapper Manager • Wrappers (developed by other projects)

  5. Active Available Enterprise Wrapper APIs Deployable Version Available 12/31/01 Deploy Install Activate Define Sensed Defined Deployed Installed Active Undeploy Uninstall Deactivate Focus

  6. Demo Enterprise Wrappers • Current Implementation • Network Controller • Starts and Terminates processes on controlled desktops • Receives Events from controlled desktops • Host Controller • Starts and Terminates processes for Network Controller • Wraps started processes in accordance with local Wrapper Policy • Forwards Events to Network Controller • Inter-Controller Communication via SSL • To Do • Deploy Policy to Host Controller

  7. Contained Execution+ Accept Modifications Additional Wrapper Research • Fault-Tolerating Wrappers • Monitor Program Behavior • Record Persistent Resource Modifications • Delay Decision Point by making changes undoable • File, Registry, Database, Communication Changes • Lock access to updates by other processes until accepted • Provide Undo-Execution Facility • Invoked by after-the-fact Intrusion Detection • Effect: Reverse Attack Progress • Untrusted Wrappers • Isolate Mediators from code being wrapped • Enforce Mediator Interface • Monitors (only observe) • Authorizers (only allow/prevent invocation) • Transformers • Modify parameters and/or return • Supply service on their own

  8. Large-Scale Wrapper Policy Management Very Large Network Wide Area Network Network Operations Center Middle Managers Enclave Local Area Network Host Host Situation Awareness Policy Alerts Process Process

  9. Existing NT Wrappers • Safe Email Attachments • Document Integrity for MS Office •  Executable Corruption Detector • Protected Path (Keyboard  App.  SmartCard) • Local/Remote Process Tracker •  No InterProcess Diddling •  Safe Web Brower • Safe Office Planned Key:  Policy Driven Wrapper

  10. Registry Contained Execution Contained Execution Contained Execution Contained Execution Contained Execution Contained Execution Policy Management(by Mission Category) • Baseline (Protect Resources) • Application Control • Only Authorized Applications • Add and Remove Authorized Applications • Only Mission Critical Applications • Add and Remove Critical Applications • No Spawns Initiated by Remote Users • Media Control • No Streaming Media • No Active Content • Override Control • No Local Danger/Alert Overrides • Terminate all processes violating policy

More Related