1 / 9

Enterprise Wrappers OASIS PI Meeting August 19, 2002

Enterprise Wrappers OASIS PI Meeting August 19, 2002. Bob Balzer Neil Goldman <balzer,ngoldman>@Teknowledge.com. Legend: Green Changes from February 02 PI meeting. Enterprise Wrappers Goals. Integrate host-based wrappers into scalable cyber-defense system

fathia
Download Presentation

Enterprise Wrappers OASIS PI Meeting August 19, 2002

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise WrappersOASIS PI MeetingAugust 19, 2002 Bob Balzer Neil Goldman <balzer,ngoldman>@Teknowledge.com Legend: Green Changes from February 02 PI meeting

  2. Enterprise WrappersGoals • Integrate host-based wrappers into scalable cyber-defense system • Create common multi-platform wrapper infrastructure • Populate this infrastructure with useful monitors, authorizers, and controllers

  3. Common Network Wrapper Manager Hardened System(expanded) Wrappers Policies Boundary Other IA components, M M Mediation Mediation Cocoon Cocoon Controller such as intrusion detection, App App sniffers, secure DNS, IDIP, etc. M M M M service M M Status Alerts service Host Controller ... Linux or NT WMI proxy Wrapper Data Base Subsystem “Soft” System Enterprise Wrappers Objectives NWM Interface Network Schema & Data Manager • Wrapper Network Interface • Off-board cyber-defense controllers • Off-board communication of wrapper data • Host Controller • Manages dynamic insertion and removal of Wrappers • Multi-platform (Linux and NT) • Network-scalable • Mutual protection/isolation of Host Controller & Wrappers from the system(s) being protected Data Push/Pull Control Protocol Hardened System

  4. C++ Policy Editor Common NetworkWrapper Manager Host Controller (common API) Host Controller (common API) Enterprise Wrapper APIs Active Available Deployable Version Available 12/31/01 Define Wrappers Policies Deploy Install Activate Sensed Defined Deployed Installed Active Undeploy Uninstall Deactivate Focus Enterprise Version Available 10/1/02

  5. Demo Enterprise Wrappers • Current Implementation (as of 2/02) • Network Controller • Starts and Terminates processes on controlled desktops • Receives Events from controlled desktops • Host Controller • Starts and Terminates processes for Network Controller • Wraps started processes in accordance with local Wrapper Policy • Forwards Events to Network Controller • Inter-Controller Communication via SSL • To Do • Deploy Policy to Host Controller • Deploy Policy to Host Controller

  6. Existing NT Wrappers • Safe Email Attachments • Document Integrity for MS Office •  Executable Corruption Detector • Protected Path (Keyboard  App.  SmartCard) • Local/Remote Process Tracker •  No InterProcess Diddling •  Safe Web Brower • Safe Office Planned • Single SafeExecution Wrapper • Process specific policy Key:  Policy Driven Wrapper

  7. ByPass Prevention • Uniform mechanism for Intermodule Interactions • OS Services • Network Sockets • CORBA • ... DLL Module

  8. ByPass Prevention • Uniform mechanism for Intermodule Interactions • OS Services • Network Sockets • CORBA • ... • Mediator added between Module & DLL component • Mediator maintains DLL component API DLL Module

  9. Need to Prevent • Direct NTDLL calls • Direct OS calls • Added Kernel Driver Module • Only allows mediated OS calls while in mediator • Wrapper registers mediated OS calls • Wrapper signals Entering/Leaving Driver OS Kernel NTDLL ByPass Prevention Kernel32

More Related