abhijit pathak abhijit pathak. roadmap introduction introduction system overview system overview...
TRANSCRIPT
ABHIJIT ABHIJIT PATHAKPATHAK
RoadmapRoadmap• IntroductionIntroduction• System OverviewSystem Overview• System ArchitectureSystem Architecture• Detailed DesignDetailed Design• Fault ToleranceFault Tolerance• ResultsResults• Future WorkFuture Work
IntroductionIntroduction• Inherent security threats in Inherent security threats in
networkingnetworking• What is a file integrity What is a file integrity
checker ?checker ?• Concept of mobile agentsConcept of mobile agents• File Integrity checker with File Integrity checker with
mobile Agentsmobile Agents
System OverviewSystem Overview• Ajanta Mobile Agent PlatformAjanta Mobile Agent Platform• FileProc Agent and FileMon FileProc Agent and FileMon
AgentAgent• Two Phase Operation of SystemTwo Phase Operation of System
• Initialization PhaseInitialization Phase• Monitoring PhaseMonitoring Phase
• User InterfaceUser Interface
System ArchitectureSystem Architecture
• Ajanta Architecture OverviewAjanta Architecture Overview• File Integrity Checker File Integrity Checker
ArchitectureArchitecture
File Integrity Checker File Integrity Checker ArchitectureArchitecture
Host A
Launching Host
Host B Host C
Agent Server
Agent Server
Agent Server
Launcher
FM
FP Database
Database
FM
FM
FM
FM – File Monitor FM – File Monitor Agent Agent
FP – File Processor FP – File Processor AgentAgent
Design AlternativesDesign Alternatives• Agent Carrying File signaturesAgent Carrying File signatures• Agent Carrying File NamesAgent Carrying File Names• Implementation Decision Implementation Decision
FactorsFactors• Avoid carrying signaturesAvoid carrying signatures• Lightweight AgentsLightweight Agents
Important FeaturesImportant Features• Usability and FlexibilityUsability and Flexibility• Creation of multiple Agent Creation of multiple Agent
pairs pairs • Monitoring with various Monitoring with various
frequenciesfrequencies• Catering to different Catering to different
monitoring attributesmonitoring attributes
Monitoring OptionsMonitoring Options• Host Based SettingsHost Based Settings
• Recursive monitoring of Recursive monitoring of directoriesdirectories
• Non-recursive monitoring of Non-recursive monitoring of directoriesdirectories
• Exclusion of files/directoriesExclusion of files/directories• File/Directory based settingsFile/Directory based settings
• Specifying various attributesSpecifying various attributes
Configuration FileConfiguration File
host:newton.cs.umn.eduhost:newton.cs.umn.edu
/home/grad09/apathak/proj/home/grad09/apathak/proj --aa
!/usr/lib/link_audit/64!/usr/lib/link_audit/64
/usr/include/usr/include-ab-ab
=/dev=/dev -ai-ai
Configuration FlagsConfiguration Flags
-a:-a: Ignore changes in last access timeIgnore changes in last access time-m:-m: Ignore changes in last modification timeIgnore changes in last modification time-c:-c: Ignore changes in file creation timeIgnore changes in file creation time-i:-i: Ignore change in i-node informationIgnore change in i-node information-u:-u: Ignore change in user id of file ownerIgnore change in user id of file owner-g: -g: Ignore change in group id of file ownerIgnore change in group id of file owner-s:-s: Ignore change in file sizeIgnore change in file size-b:-b: Ignore change in allocated disk blocks for Ignore change in allocated disk blocks for
filefile-p: -p: Ignore change in access permissionsIgnore change in access permissions-h:-h: Ignore change in the file contents hash Ignore change in the file contents hash
value value
LauncherLauncher• Extension of Agent ServerExtension of Agent Server• Parsing the Configuration file and Parsing the Configuration file and
generating itinerarygenerating itinerary• Creation and Launch of AgentsCreation and Launch of Agents• User Interface threadUser Interface thread• Three Launching ModesThree Launching Modes
• Initialization and MonitoringInitialization and Monitoring• Initialize onlyInitialize only• Monitor OnlyMonitor Only
Database DesignDatabase Design• Signature TablesSignature Tables
• File Attributes with hostnamesFile Attributes with hostnames• Directory-file name mapping tablesDirectory-file name mapping tables
• Event TableEvent Table• File Added EventFile Added Event• File Deleted EventFile Deleted Event• File Changed EventFile Changed Event
• Report Generator toolReport Generator tool
Fault ToleranceFault Tolerance
• Failure of Agent ServerFailure of Agent Server• Additional intelligence in Additional intelligence in
AgentsAgents• Failure of AgentsFailure of Agents
• User configurable timeout User configurable timeout mechanismmechanism
ResultsResults• The System is deployed on 15 hostsThe System is deployed on 15 hosts• Average statistics per hostAverage statistics per host
• Number of files :Number of files : 88308830• File size (in bytes) :File size (in bytes) : 2075720757• Bytes sent per file :Bytes sent per file : 175175• Agent residency time :Agent residency time : Approx 8 minutesApprox 8 minutes
• Type of files being monitoredType of files being monitored• System BinariesSystem Binaries• System LibrariesSystem Libraries• System Header filesSystem Header files
ResultsResults• The following scenarios were detected The following scenarios were detected
successfullysuccessfully• Changing contents of log files by Changing contents of log files by
removing or adding single and/or removing or adding single and/or multiple lines multiple lines
• Changing owner information of fileChanging owner information of file• Moving files to and from various Moving files to and from various
directoriesdirectories• Replacing binary file with another file Replacing binary file with another file
with same name and sizewith same name and size
ResultsResults• Removing entire directory Removing entire directory recursively with all files in itrecursively with all files in it
• Changing file deep in directory Changing file deep in directory hierarchy for recursive hierarchy for recursive monitoring modemonitoring mode
• Changing access times of the Changing access times of the files by opening those without files by opening those without modificationsmodifications
Future workFuture work• Sensing the load on hosts before Sensing the load on hosts before
launching Agents launching Agents • Customizing Report Generating Customizing Report Generating
tooltool• Integration of Launcher and Integration of Launcher and
Report Generation UIReport Generation UI• Porting System to various Porting System to various
platforms including windows NTplatforms including windows NT
Thank YouThank You