Title: NETWORKS, PROTECTION reinforcement through the EC FP projects
1NETWORKS, PROTECTION reinforcement through the
EC FP projects
_________________________L.AslanyanInstitute
for Informatics and Automation ProblemsNational
Academy of Sciences of Republic of Armenia
2ABSTRACT
- Security is not a finite state but is a permanent
process. Basic means for network security include
firewalls, secure protocols, PKI and electronic
signature systems, virus and spam filtering. The
final network protection level depends on correct
integration of mentioned components. It is
interesting to know if there exist alternative
means for security. - Several EC funded research project results are
discussed and concluded, that complication of
basic means of security provide the same or
comparable level of protection. In addition,
distributed software agent systems may provide
additional means being able to monitor wide
network areas and analyzing the monitored
information - mining useful knowledge on
intrusions, malfunctioning, etc.
3CONTENT
- INTAS 04-77-7173 Data flow systems algorithms
and complexity project - EC FP5 SPARTA Security policy adaptation
reinforced through agents project - INTAS 00-652 Data mining algorithm incubator
project
4INTAS 04-77-7173 Data flow systems algorithms
and complexity
5ON UNIVERSAL OR COMPLETE ENCRIPTION SYSTEMS (1)
- Let (G,E,D) be PKI probabilistic worst-case
polinomial time algorithms for key generation,
encription and decription respectively. - The given PKI scheme is d(n)-correct iff for
large n PrDsk(Epk(m))m d(n) for (pk,sk)?G(1n) - Probabilistic black-box A e(n)-breaks PKI scheme
if for infinitely many parameters n
PrApk(1n,Epk(m))m e(n) for (pk,sk)?G(1n)
6ON UNIVERSAL OR COMPLETE ENCRIPTION SYSTEMS (2)
- An encryption scheme (G1,E1,D1) is reducable to
an encryption scheme (G2,E2,D2) if there exists a
probabilistic polinomial time oracle machine R,
such that for any probabilistic black-box A that
breacks (G2,E2,D2) RA breacks (G1,E1,D1). - We denote the class of all 2/3-correct public key
encription schemes by PKCS. - Theorem. There exists a complete PKCS.
7EC FP5 SPARTA Security policy adaptation
reinforced through agents
8WEB PAGE
ê ä ² ð î ²
9SECURITY POLICY
- Detailed description of any information, which
might be monitored operationally and which might
be of some interest for data security reasons. - Archiving of existing knowledge systems,
structures, technologies, viruses, hacking. - The data analysis algorithms - to be designed and
realized, by the above data descriptions
according to the basic tasks and requirements. - Security policy is the set of laws, rules, and
practice that regulate how an organization
implements, manages, protects, and distributes
its information and computing resources to
achieve security objectives.
10GENERAL ARCHITECTURE
11INTRODUCTION
- The SPARTA mobile agent system monitors the
implementation of security policies, identifies
security problems and performs intrusion
detection. - Security checks are flexible, at run-time and
without interrupting the systems activity. - Two main use cases in SPARTA
- Surveillance (of a given security policy)
- Intrusion Detection (ID)
12Surveillance - Use CaseArchitecture
13ArchitectureUse Cases Terminology
- User - A network administrator or a regular local
user. - Monitor HS, Subordinate AS.
- Home Server (HS) - A special agent server with a
Graphical User Interface (GUI), where agents
return their results and may alert the user. - Agent Server (AS) - A basic piece of the SPARTA
architecture is an installed agent platform on a
standard host (computer) /sometimes we call it
SPARTA host/.
14ArchitectureIntrusion Detection - Use Case
15ArchitectureMain Components I
- SPARTA architecture supports both distributed and
centralized use cases. - Main components
- Agents (A)
- Agent Server (AS)
- Home Server (HS)
- Secure Infrastructure with Secure Information
Space (SIS) - Data Analyzer Module (DAM)
- Security Policy Editor (SPE)
- User Front End (FE)
16ArchitectureMain Components II
17ArchitectureAgents (A)
- Centerpiece of design
- mobile code
- automated application tasks
- Types of SPARTA agents
- One-hop, Multi-hop, Embedded
- An agent consists of two parts
- Agent State agents data together with
management information (e.g. user ID). - Agent Code its source code as Java class file,
which is separately downloaded from a code base
server.
18ArchitectureAgent Server (AS)
- Each agent is running on an AS in a certain
place. - A place provides a run-time environment for an
agent by allowing it to call certain functions. - A communicator is an AS module, which is
responsible for sending and receiving agents. - An Agent Security Manager (ASM) prevents attacks
from agents, which are directed against the AS or
the underlying host.
19ArchitectureOverall SPARTA Architecture
20ArchitectureHome Server (HS)
- A HS has two main duties
- it allows agents that finished their work to
return to a special place (User Place), where
they are stored and wait for user login. - provides an interface for components like FE, SPE
or DAM to access returned agents or to launch new
ones. - HS supports detached computing - FE might be
disconnected from the network, while the agents
are performing their work. - User can optionally be notified by email or SMS
when the agent has returned.
21ArchitectureSecure Infrastructure
- Securing an agent platform
- local permission table (on each host).
- permissions depend on the host, where the agent
came from and on the owner of the agent. - SIS administrates all trust CAs information and
encodes and decodes the agents.
22 23"Infoservice Co. LtdNetwork Service Provider
- "Infoservice Co. Ltd uses satellite based TCP/IP
and liesed line telephony communication
infrastructures serving the information exchange
of a number of Ministries and other important
organisations, as well as between different
state, international professional and
coordinating, and private organizations.
24SARMState Standardization Department
- creation of national systems for standardization,
- organization of development of national standards
- management of works on product, services, quality
systems certification - accreditation of certification bodies and test
laboratories - state control of compliance to normative
documents mandatory requirements and
certification rules - creation of technical committees of
standardization and organization of their work - verification of national measurement samples,
measurement devices, calibration schemes and
definition of regarded general metrology
requirements - organization of calibration of measurement
device, as well as type verification and state
register conduction - works on measurement uniformity providence in
the territory of the Republic of Armenia.
25USERS IS SARMObjectives
- The general objecive of Standards Information
Exchange System is to set up the logical and
physical model network between standardization
bodies and user organizations in order to
facilitate the information exchange, concerning
the area of standardization and certification, -
over the networks. - The host computer in Internet and Intranet is the
sarm.am, which is an IBM PC computer, Windows NT
with MS Proxy 2. Physically sarm.am is situated
in Yerevan (in SARMs main Office).
26Branch organizationsLAN Connections
- PRESS (technical information service and library)
- INFOCENTER (official information, advertising)
- YERTEST (certification)
- METROLOGY
The main databases are centralized on the host
server of SARM while a complementary and specific
set of data is a subject to be sent and received
through sarm.am connections. Each of the above
workstations keeps its own documents archieve,
containing task and scope specific records.
27Remote Branch organizations Internet (TCP/IP)
Connection
- GAVAR
- VANADZOR
- GUMRI
- KAPAN
KAPAN node is situated in town Kapan, which is in
some 300km. The network connection uses TCP/IP
protocols. The basic computer is PC Pentium
(Windows). Connection with Internet is being
realizied by ZyXEL Modem and CISCO 1020 system.
28(No Transcript)
29Case studiesKAPAN - SARMs remote branch
organization
- SARMs Branch organization in Kapan manages
provision of certification and accreditation
process and documents, in relation to the
product, services, quality system, etc. - The certification body works with standardization
documentation to make a conclusion regarding the
kinds and services under the consideration. - production certification (based on use of
Technical Conditions) - certification of delivered product (based on
laboratory analysis) - services certification
- quality correspondence certification (ISO 9000)
- After making conclusion certification body sends
the concluding certification document to the
SARMs server.
30(No Transcript)
31IS SARMglobal networking principle
- The global networking principle is outlined
schematically in the following picture
32(No Transcript)
33IS SARM CONNECTION
34(No Transcript)
35 36Data Analysis ModuleArchitecture(ARMENIAN
TECHNOLOGICAL WORKLOAD)
37DAM User Scenarion(UML Use Case Diagram)
Tasks (static regime)
ltltUsesgtgt
ltltUsesgtgt
ltltUsesgtgt
38DAMUML Class Diagram
39SPARTA Specfic Validation
- SPARTA Specific Validation issues consists of
- Security Policy validation, monitoring and
enforcing, - Monitoring of systems integrity,
- Vulnerability assessment,
- General purpose intrusion detection.
40INTAS 00-652 Data mining algorithm incubator
project
41HYBRID RECOGNITION SCHEMES
- Monitoring systems collect huge information
amounts which require novel algorithmic
approaches to be able to provide an online
analysis. In recognition and classification where
learning set is known as very limited in size,
the first priority is the detailed information
analysis. The shift of input from learning set to
monitoring information requires restructuring of
recognition algorithms. Hybrid recognition works
in two stages. First is a quick tree based
procedure. Then comes metric recognition
procedures, but these work with error classes
after the first stage, which are much small in
sizes.
42FREQUENT PATTERNS MINING
- Association rule mining is one of the basic data
mining tools. The known realizations uses
growing of frequent subsets as the way of
finding association rules. An alternative
approach is developed which uses the n-cube
geometry elements. Monotone Boolean functions
given by an oracle are recognized optimally
through the special n-cube partitioning into the
monotone growing chains. A modification of this
structure is proven productive for frequent
subsets finding.
43LOGIC SEPARATION RECOGNITION
- Logic based Pattern Recognition extends the well
known similarity models, where the distance
measure is the base instrument for recognition.
Initial idea is under consideration since 70s and
it reduces the logic based recognition models to
the reduced disjunctive normal form of partially
defined Boolean functions. An alternative pattern
recognition approach combines the metric and
logic hypotheses and features, and leads to
studies of logic forms, hypotheses, hierarchies
of hypotheses and effective algorithmic
solutions. Current results provide probabilistic
conclusions on effective recognition by logic
means in a model environment of binary attributes
and of data flows.
44ABSTRACT
- Security is not a finite state but is a permanent
process. Basic means for network security include
firewalls, secure protocols, PKI and electronic
signature systems, virus and spam filtering. The
final network protection level depends on correct
integration of mentioned components. It is
interesting to know if there exist alternative
means for security. - Several EC funded research project results are
discussed and concluded, that complication of
basic means of security provide the same or
comparable level of protection. In addition,
distributed software agent systems may provide
additional means being able to monitor wide
network areas and analyzing the monitored
information - mining useful knowledge on
intrusions, malfunctioning, etc.