NETWORKS, PROTECTION reinforcement through the EC FP projects - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

NETWORKS, PROTECTION reinforcement through the EC FP projects

Description:

Security is not a finite state but is a permanent process. ... SIS administrates all trust CA's information and encodes and decodes the agents. SPARTA ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 45
Provided by: asn2
Category:

less

Transcript and Presenter's Notes

Title: NETWORKS, PROTECTION reinforcement through the EC FP projects


1
NETWORKS, PROTECTION reinforcement through the
EC FP projects
_________________________L.AslanyanInstitute
for Informatics and Automation ProblemsNational
Academy of Sciences of Republic of Armenia
2
ABSTRACT
  • Security is not a finite state but is a permanent
    process. Basic means for network security include
    firewalls, secure protocols, PKI and electronic
    signature systems, virus and spam filtering. The
    final network protection level depends on correct
    integration of mentioned components. It is
    interesting to know if there exist alternative
    means for security.
  • Several EC funded research project results are
    discussed and concluded, that complication of
    basic means of security provide the same or
    comparable level of protection. In addition,
    distributed software agent systems may provide
    additional means being able to monitor wide
    network areas and analyzing the monitored
    information - mining useful knowledge on
    intrusions, malfunctioning, etc.

3
CONTENT
  • INTAS 04-77-7173 Data flow systems algorithms
    and complexity project
  • EC FP5 SPARTA Security policy adaptation
    reinforced through agents project
  • INTAS 00-652 Data mining algorithm incubator
    project

4
INTAS 04-77-7173 Data flow systems algorithms
and complexity
5
ON UNIVERSAL OR COMPLETE ENCRIPTION SYSTEMS (1)
  • Let (G,E,D) be PKI probabilistic worst-case
    polinomial time algorithms for key generation,
    encription and decription respectively.
  • The given PKI scheme is d(n)-correct iff for
    large n PrDsk(Epk(m))m d(n) for (pk,sk)?G(1n)
  • Probabilistic black-box A e(n)-breaks PKI scheme
    if for infinitely many parameters n
    PrApk(1n,Epk(m))m e(n) for (pk,sk)?G(1n)

6
ON UNIVERSAL OR COMPLETE ENCRIPTION SYSTEMS (2)
  • An encryption scheme (G1,E1,D1) is reducable to
    an encryption scheme (G2,E2,D2) if there exists a
    probabilistic polinomial time oracle machine R,
    such that for any probabilistic black-box A that
    breacks (G2,E2,D2) RA breacks (G1,E1,D1).
  • We denote the class of all 2/3-correct public key
    encription schemes by PKCS.
  • Theorem. There exists a complete PKCS.

7
EC FP5 SPARTA Security policy adaptation
reinforced through agents
8
WEB PAGE
ê ä ² ð î ²
9
SECURITY POLICY
  • Detailed description of any information, which
    might be monitored operationally and which might
    be of some interest for data security reasons.
  • Archiving of existing knowledge systems,
    structures, technologies, viruses, hacking.
  • The data analysis algorithms - to be designed and
    realized, by the above data descriptions
    according to the basic tasks and requirements.
  • Security policy is the set of laws, rules, and
    practice that regulate how an organization
    implements, manages, protects, and distributes
    its information and computing resources to
    achieve security objectives.

10
GENERAL ARCHITECTURE
11
INTRODUCTION
  • The SPARTA mobile agent system monitors the
    implementation of security policies, identifies
    security problems and performs intrusion
    detection.
  • Security checks are flexible, at run-time and
    without interrupting the systems activity.
  • Two main use cases in SPARTA
  • Surveillance (of a given security policy)
  • Intrusion Detection (ID)

12
Surveillance - Use CaseArchitecture
13
ArchitectureUse Cases Terminology
  • User - A network administrator or a regular local
    user.
  • Monitor HS, Subordinate AS.
  • Home Server (HS) - A special agent server with a
    Graphical User Interface (GUI), where agents
    return their results and may alert the user.
  • Agent Server (AS) - A basic piece of the SPARTA
    architecture is an installed agent platform on a
    standard host (computer) /sometimes we call it
    SPARTA host/.

14
ArchitectureIntrusion Detection - Use Case
15
ArchitectureMain Components I
  • SPARTA architecture supports both distributed and
    centralized use cases.
  • Main components
  • Agents (A)
  • Agent Server (AS)
  • Home Server (HS)
  • Secure Infrastructure with Secure Information
    Space (SIS)
  • Data Analyzer Module (DAM)
  • Security Policy Editor (SPE)
  • User Front End (FE)

16
ArchitectureMain Components II
17
ArchitectureAgents (A)
  • Centerpiece of design
  • mobile code
  • automated application tasks
  • Types of SPARTA agents
  • One-hop, Multi-hop, Embedded
  • An agent consists of two parts
  • Agent State agents data together with
    management information (e.g. user ID).
  • Agent Code its source code as Java class file,
    which is separately downloaded from a code base
    server.

18
ArchitectureAgent Server (AS)
  • Each agent is running on an AS in a certain
    place.
  • A place provides a run-time environment for an
    agent by allowing it to call certain functions.
  • A communicator is an AS module, which is
    responsible for sending and receiving agents.
  • An Agent Security Manager (ASM) prevents attacks
    from agents, which are directed against the AS or
    the underlying host.

19
ArchitectureOverall SPARTA Architecture
20
ArchitectureHome Server (HS)
  • A HS has two main duties
  • it allows agents that finished their work to
    return to a special place (User Place), where
    they are stored and wait for user login.
  • provides an interface for components like FE, SPE
    or DAM to access returned agents or to launch new
    ones.
  • HS supports detached computing - FE might be
    disconnected from the network, while the agents
    are performing their work.
  • User can optionally be notified by email or SMS
    when the agent has returned.

21
ArchitectureSecure Infrastructure
  • Securing an agent platform
  • local permission table (on each host).
  • permissions depend on the host, where the agent
    came from and on the owner of the agent.
  • SIS administrates all trust CAs information and
    encodes and decodes the agents.

22
  • SPARTA
  • IMPLEMENTATION

23
"Infoservice Co. LtdNetwork Service Provider
  • "Infoservice Co. Ltd uses satellite based TCP/IP
    and liesed line telephony communication
    infrastructures serving the information exchange
    of a number of Ministries and other important
    organisations, as well as between different
    state, international professional and
    coordinating, and private organizations.

24
SARMState Standardization Department
  • creation of national systems for standardization,
  • organization of development of national standards
  • management of works on product, services, quality
    systems certification
  • accreditation of certification bodies and test
    laboratories
  • state control of compliance to normative
    documents mandatory requirements and
    certification rules
  • creation of technical committees of
    standardization and organization of their work
  • verification of national measurement samples,
    measurement devices, calibration schemes and
    definition of regarded general metrology
    requirements
  • organization of calibration of measurement
    device, as well as type verification and state
    register conduction
  • works on measurement uniformity providence in
    the territory of the Republic of Armenia.

25
USERS IS SARMObjectives
  • The general objecive of Standards Information
    Exchange System is to set up the logical and
    physical model network between standardization
    bodies and user organizations in order to
    facilitate the information exchange, concerning
    the area of standardization and certification, -
    over the networks.
  • The host computer in Internet and Intranet is the
    sarm.am, which is an IBM PC computer, Windows NT
    with MS Proxy 2. Physically sarm.am is situated
    in Yerevan (in SARMs main Office).

26
Branch organizationsLAN Connections
  • PRESS (technical information service and library)
  • INFOCENTER (official information, advertising)
  • YERTEST (certification)
  • METROLOGY

The main databases are centralized on the host
server of SARM while a complementary and specific
set of data is a subject to be sent and received
through sarm.am connections. Each of the above
workstations keeps its own documents archieve,
containing task and scope specific records.
27
Remote Branch organizations Internet (TCP/IP)
Connection
  • GAVAR
  • VANADZOR
  • GUMRI
  • KAPAN

KAPAN node is situated in town Kapan, which is in
some 300km. The network connection uses TCP/IP
protocols. The basic computer is PC Pentium
(Windows). Connection with Internet is being
realizied by ZyXEL Modem and CISCO 1020 system.
28
(No Transcript)
29
Case studiesKAPAN - SARMs remote branch
organization
  • SARMs Branch organization in Kapan manages
    provision of certification and accreditation
    process and documents, in relation to the
    product, services, quality system, etc.
  • The certification body works with standardization
    documentation to make a conclusion regarding the
    kinds and services under the consideration.
  • production certification (based on use of
    Technical Conditions)
  • certification of delivered product (based on
    laboratory analysis)
  • services certification
  • quality correspondence certification (ISO 9000)
  • After making conclusion certification body sends
    the concluding certification document to the
    SARMs server.

30
(No Transcript)
31
IS SARMglobal networking principle
  • The global networking principle is outlined
    schematically in the following picture

32
(No Transcript)
33
IS SARM CONNECTION
34
(No Transcript)
35
  • SPARTA
  • INTELLIGENCE

36
Data Analysis ModuleArchitecture(ARMENIAN
TECHNOLOGICAL WORKLOAD)
37
DAM User Scenarion(UML Use Case Diagram)
Tasks (static regime)
ltltUsesgtgt
ltltUsesgtgt
ltltUsesgtgt
38
DAMUML Class Diagram
39
SPARTA Specfic Validation
  • SPARTA Specific Validation issues consists of
  • Security Policy validation, monitoring and
    enforcing,
  • Monitoring of systems integrity,
  • Vulnerability assessment,
  • General purpose intrusion detection.

40
INTAS 00-652 Data mining algorithm incubator
project
41
HYBRID RECOGNITION SCHEMES
  • Monitoring systems collect huge information
    amounts which require novel algorithmic
    approaches to be able to provide an online
    analysis. In recognition and classification where
    learning set is known as very limited in size,
    the first priority is the detailed information
    analysis. The shift of input from learning set to
    monitoring information requires restructuring of
    recognition algorithms. Hybrid recognition works
    in two stages. First is a quick tree based
    procedure. Then comes metric recognition
    procedures, but these work with error classes
    after the first stage, which are much small in
    sizes.

42
FREQUENT PATTERNS MINING
  • Association rule mining is one of the basic data
    mining tools. The known realizations uses
    growing of frequent subsets as the way of
    finding association rules. An alternative
    approach is developed which uses the n-cube
    geometry elements. Monotone Boolean functions
    given by an oracle are recognized optimally
    through the special n-cube partitioning into the
    monotone growing chains. A modification of this
    structure is proven productive for frequent
    subsets finding.

43
LOGIC SEPARATION RECOGNITION
  • Logic based Pattern Recognition extends the well
    known similarity models, where the distance
    measure is the base instrument for recognition.
    Initial idea is under consideration since 70s and
    it reduces the logic based recognition models to
    the reduced disjunctive normal form of partially
    defined Boolean functions. An alternative pattern
    recognition approach combines the metric and
    logic hypotheses and features, and leads to
    studies of logic forms, hypotheses, hierarchies
    of hypotheses and effective algorithmic
    solutions. Current results provide probabilistic
    conclusions on effective recognition by logic
    means in a model environment of binary attributes
    and of data flows.

44
ABSTRACT
  • Security is not a finite state but is a permanent
    process. Basic means for network security include
    firewalls, secure protocols, PKI and electronic
    signature systems, virus and spam filtering. The
    final network protection level depends on correct
    integration of mentioned components. It is
    interesting to know if there exist alternative
    means for security.
  • Several EC funded research project results are
    discussed and concluded, that complication of
    basic means of security provide the same or
    comparable level of protection. In addition,
    distributed software agent systems may provide
    additional means being able to monitor wide
    network areas and analyzing the monitored
    information - mining useful knowledge on
    intrusions, malfunctioning, etc.
Write a Comment
User Comments (0)
About PowerShow.com