1 / 24

Kraken

Kraken. Introduction to the OSGi based security platform. xeraph@nchovy.com. Introduction. Target Audience Information security solution developer Java developer who is interest on OSGi application stack. Introduction. Security Platform Most security solutions shares common requirements

sumana
Download Presentation

Kraken

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kraken Introduction to theOSGi based security platform xeraph@nchovy.com

  2. Introduction • Target Audience • Information security solution developer • Java developer who is interest on OSGi application stack

  3. Introduction • Security Platform • Most security solutions shares common requirements • Aggregate some informations from agents or sensors • System status (performance, software versions, etc) • Log from various data store (file, database, syslog, snmp trap, etc) • Inspect informations and applies security policies • Trigger configured actions • Send event or alarm through various media (e.g. sms, email) • Control other security solutions (e.g. firewall policy) • Drop packet • Generate statistics and reports • Security Platform provides • common functionalities as components • reliable and solid development framework

  4. Introduction • Common Problems • Lack of pipeline architecture style • Security solutions need pipelined message processing • IDS message flow • Generate intrusion event • Apply response policy to event • Respond to an intrusion (syslog, trap, sms, RST packet, etc) • ESM message flow • Read logs from file, database, network, and so on. • Parse logs and normalize them • Filter logs by policy • Send event to realtime view of console • Summarize logs and generate reports

  5. Introduction • Common Problems • Lack of pipeline architecture style • Solutions that did not consider pipelining encounter following problems: • Hard wiring of message path • You should modify caller side if you want to add new feature • Hard to provide optional feature and remove unused feature • You should maintain many branches • Long downtime • You should kill the process, patch some files, and start it • Lack of troubleshooting support • Do you think logging is sufficient? • Error log does not provide detail information • It’s not that easy to trace a tons of debug logs • Add debug log to code and wait until problem appears again?

  6. Introduction • Common Problems • Lack of configurability • Security appliances should provide runtime configuration through CLI • Dynamic update and version control are also needed • Lack of integration • There are well-known open source libraries but you should write glue codes • There are well-known use cases but no simplified API provided • Lack of reusable and standardized security components • Vendors use their own log formats • Everyone writes log parsers again and again • Response engine requires log merging or compression • Maybe you don’t want to send hundreds of alarm mails per second • Poor interoperability • Data model and API can be standardized per product group

  7. Introduction • Kraken • OSGi based security platform • Highly configurable • Interactive Console • Hot Deploy • Version and Dependency Control • Component based Development • Using iPOJO (injected POJO) • Managed Lifecycle • Declarative Services (e.g. Transaction, Web Service) • Prebuilt Infrastructure and security components • Infrastructure: Filter, HTTP, JPA • Web services: JSON, XML, Text, FusionCharts Servlets • Networking: Syslog, SNMP, JPCAP, DNS • and more • Distributed under Apache Software License 2

  8. Introduction Legend • Real world example Web based Monitoring System External Components Web Browser Kraken Bundles Custom Application Web Static Resource Jetty JSON Servlet XML Servlet FusionCharts Data Service Agents Business Logic with JsonMethod, XmlMethod Syslog Receiver SNMP4J Performance Monitoring Log Handler JPA net-snmpd Database

  9. Introduction • Architecture OSGi Bundle Bundle-SymbolicName Application Layer Bundle-Version Syslog JSON SNMP JPA Infra Export-Package Kraken Script API Filter HTTP JPA Maven Import-Package iPOJO 1.2.0 iPOJO Private-Package Kraken Core Kernel META-INF Apache Felix OSGi R4 OSGI-INF JavaSE 1.5+ Runtime Kraken Application Stack iPOJO-Components

  10. Introduction • Reference • AirSCAN (Wavesoft Inc.) • Monitor and block wired, wireless, adhoc, wibro, hsdpa, bluetooth devices • Register wireless devices to AirTight SpectraGuard Enterprise • WatchCat (NCHOVY Inc.) • ESM as a Service • Minimize service downtime • Highly extensible architecture • Under development

  11. Kraken API learn by example

  12. Kraken API • Class diagram <<interface>> ScriptInputStream +read(): char +readLine(): string <<interface>> ScriptContext <<interface>> Script +setScriptContext() ConsoleInputStream BundleScript command(String[] args) ScriptContextImpl ConsoleOutputStream called by reflection void script(String[]args) {} documented by @ScriptUsage BundleScriptFactory <<interface>> ScriptOutputStream +print() +println() <<interface>> ScriptFactory +createScript(): Script

  13. Kraken API • First script example • Create project using maven • mvn architecture:create -DarchetypeGroupId=org.apache.felix-DarchetypeArtifactId=maven-ipojo-plugin -DarchetypeVersion=1.2.0-DgroupId=YOUR_GROUP_ID-DartifactId=YOUR_ARTIFACT_ID-Dversion=YOUR_VERSION-DpackageName=YOUR_DEFAULT_PACKAGE • Assumptions on this example: • YOUR_GROUP_ID is org.krakenapps • YOUR_ARTIFACT_ID is kraken-example • YOUR_VERSION is 1.0.0 • YOUR_DEFAULT_PACKAGE is org.krakenapps.example

  14. Kraken API • First script example • Maven Configuration • Edit POM file • <name>Kraken Example</name> • <Export-Package>org.krakenapps.example</Export-Package> • Remove <Private-Package> element • Remove <Import-Package> element • Add Kraken API dependency • <dependency> <groupId>org.krakenapps</groupId> <artifactId>kraken-api</artifactId> <version>1.0.0</version></dependency> • Add <version>1.2.0</version> below the maven-ipojo-plugin element

  15. Kraken API • First script example • iPOJO Configuration • Edit metadata.xml<ipojo> <component className="org.krakenapps.example.ExampleScriptFactory" name="exampleScriptFactory" immediate="true" factory="false“> <provides> <property name="alias" type="string" value="example" /> </provides> </component> <instance component="exampleScriptFactory" /></ipojo> • All console command is prefixed with alias • example.hello means void hello(String[] args) method of a script created from ExampleScriptFactory • Above configuration declares and instanciates an iPOJO component. See the Apache Felix iPOJO Wiki documentations.

  16. Kraken API • First script example • Edit ExampleScriptFactory.java package org.krakenapps.example; import org.krakenapps.api.Script; import org.krakenapps.api.ScriptFactory; public class ExampleScriptFactory implements ScriptFactory { @Override public Script createScript() { return new ExampleScript(); } } • ScriptFactory constructor can receive BundleContext parameter • Finds other OSGi services and create Script object with them • e.g. bundleContext.getServiceReference(interfaceName);

  17. Kraken API • First script example • Edit ExampleScript.javapackage org.krakenapps.example;import org.krakenapps.api.Script;import org.krakenapps.api.ScriptContext;public class ExampleScript implements Script { private ScriptContext context; @Override public void setScriptContext(ScriptContext context) { this.context = context; } public void hello(String[] args) { context.println("hello kraken"); }} • Control your components at console • Add command methods as many as you want

  18. Kraken API • First script example • Build • mvn package • will generate kraken-example-1.0.0.jar in target directory • Connect Kraken Console and Install • telnet localhost 7004 • kraken> bundle.install org.apache.felix org.apache.felix.ipojo 1.2.0download from maven central repository and install • kraken> bundle.install file:///c:/DIRECTORY/target/kraken-example-1.0.0.jar • kraken> bundle.listsee id number of bundles and start them • kraken> bundle.start 1 2 • Test • kraken> example.hellohello kraken

  19. Kraken Filter runtime filter composition

  20. Kraken Filter • Filter <<interface>> Filter +getInputMessageSpecs() +getOutputMessageSpec() +process(Message) +getProperty(String) +setPropety(String, String) +unsetProperty(String) +validateConfiguration() <<interface>> FilterChain +process(Message) <<interface>> FilterManager +loadFilter() +unloadFilter() +runFilter() +stopFilter() +bindFilter() +unbindFilter() +getFilter() +getInputFilters() +getOutputFilters() +registerFilter() +unregisterFilter() +subscribeFilterEvent() +unsubscribeFilterEvent() +getPropertyKeys() +getProperty() +setProperty() +unsetProperty() FilterChain implementation is injected by iPOJO <<interface>> FilterEventListener +onFilterLoaded() +onFilterUnloading() +onFilterBound() +onFilterUnbinding() +onFilterSet() +onFilterUnset() DefaultFilter implemented property operations ActiveFilter +isRunning() +setRunning() +open() +close() +run() Implemented as aniPOJO component registered as OSGi service

  21. Kraken Filter • Message Specification • Source’s output spec and destination’s input spec have to be matched. • Bind failed if specification does not match • Message <<interface>> MessageSpec +getName() +getDescription() +getLatestVersion() +getVersionRange() <<interface>> MessageSpecVersion +getMajorVersion() +getMinorVersion() +isInRange() <<interface>> MessageSpecVersionRange +getLowerBound() +getUpperBound() <<interface>> Message +getMessageSpec() +headerKeySet() +keySet() +containsHeader() +containsKey() +getHeader() +get() MessageBulider +setBase(Message) +setHeader(String, Object) +set(String, Object) +build() support method chaining Message is immutable for multithreaded processing

  22. Kraken Filter • Message Flow Example • Provides complex functionality by runtime filter binding Input Message Specifications kraken.syslog 1.0 kraken.syslog.sender 1.0 Output Message Specification kraken.syslog 1.0 SyslogReceiver SyslogSender instance.name = syslogd address = 192.168.88.88 port = 514 encoding = utf-8 filter.bind syslogd sender kraken.syslog 1.0 match filterChain.process(message) instance.name = sender address = 61.250.92.151 port = 514 encoding = euc-kr Syslog Relay with transcoding

  23. Kraken Filter • Filter Script • backed by filter manager • filter.list • filter.load [filter class name] [alias] • filter.unload [alias] • filter.bind [source alias] [destination alias] • filter.unbind [source alias] [destination alias] • filter.status [alias] • show properties and bind status of the filter • list all loaded filter instances if alias is omitted • filter.run [alias] [interval] • only for active filter • 1second if interval is omitted • filter.stop [alias] • only for active filter • filter.set [alias] [key] [value] • filter.unset [alias] [key]

  24. Kraken Filter • Syslog example • to be continued

More Related