Threat Reporter

1
Threat Reporter

• By
• R.Sankar
• Advisor Dr.Shen

2
What is Threat Reporter?

• Threat Reporter is a tool that will facilitate
  threat analysts to generate reports based on
  immediate or historical data to design a
  security system for a domain.
• Domain may vary from a single home to the entire
  nation.

3
How the Report Could Be Used ?

• Could be utilized to predict the future Threats.
• Could be utilized to improve the existing
  security systems.
• Could be utilized to design new security models
  for vulnerable domains.

4
How Does it Works ?

• Data to generate the report is obtained from a
  central database which is populated by
  information from various security organizations.
• A WebService allows the Providers to push data
  into the central Database
• Another WebService fetch the Data and serves the
  client requesting the information.
• The Client Utilizes the data to generate Graphs
  and Reports based on the data obtained.
• It also facilitates the analyst to provide hand
  written comment and modify the security threat
  level advised by the tool.
• It facilitates the analyst to communicate with
  the Ground Station through a two way chat
  communication system using typed text or hand
  written data.

5
What is in the Report?

• The report is a graph generated based on the data
  obtained together with the actual data .
• This data is used to generate the color code .
• Color Code is one of Green, Blue, Yellow, Orange
  Or Red .
• The Data Obtained from each provider is
  represented as a geometrical shape (Visio Shapes)
  with their color indicating maximum threat level
  deduced from the data obtained from the Provider.
  
• The report can also be generated as a Crystal
  Report with the threat level Graph and the actual
  data .
• This Report could also be exported to a PDF
  document which ,if decided, could be used on a
  web page built to view reports.

6
Features of The Application

• Java Web Services capable of serving
  heterogeneous clients
• Web Services use Soap Authentication to prevent
  unauthorized providers
• SAX and DOM Parsers to Parse Pushed Data
• 3D Graphs to represent the Threat levels
• Customized Visio Interface for displaying threats
  obtained from the central Database.
• Ability to be ported to a Tablet Pc which
  increases the mobility of the analyst.
• One Click Report Generation capability to
  generate reports ranging from Crystal Reports to
  PDF Reports.
• Ability to Filter the Data displayed in the
  Report.

7
Contd..

• Windows XP like Panels to modify the user
  interface options.
• Two Way Chat system with ability to deliver hand
  written messages and typed text.
• Hand Writing Recognition
• Ability to Serialize and Save data

8
Topics

• Serialization

9
What is Serialization ?

• Serialization is the process of converting an
  object or a series of objects into a contiguous
  stream of bytes.
• DeSerialization is the process of converting a
  contiguous stream of bytes back into object(s).
  The ability to convert objects to and from a byte
  stream is an incredibly useful mechanism .

10
Examples

• An application's state (object graph) can easily
  be saved in a disk file or database and then
  restored the next time the application is run.
  ASP.NET saves and restores session state by way
  of Serialization and Deserialization.
• A set of objects can easily be copied to the
  system's clipboard and then pasted into the same
  or another application. In fact, Windows Forms
  uses this procedure.
• A set of objects can be cloned and set aside as a
  backup while a user manipulates the main set of
  objects.
• A set of objects can easily be sent over the
  network to a process running on another machine.
  The Microsoft .NET Framework remoting
  architecture serializes and deserializes objects
  that are marshaled by value.

11
How to Use it?

• NameSpace System.Runtime.Serialization.Formatters
  .Binary
• To Serialize
• Stream streamFile.Create(_at_"C\Test\SerializedData
  .rtf")
• BinaryFormatter serializer new
  BinaryFormatter()
• serializer.Serialize(stream,V)
• stream.Close()
• To DeSerialize
• Stream myFileStream File.OpenRead(_at_"C\Test\Seri
  alizedData.rtf")
• BinaryFormatter deserializer new
  BinaryFormatter()
• Vehicles V (Vehicles)(deserializer.Deserialize(m
  yFileStream))
• myFileStream.Close()
• Where Vehicles is a Class to hold the data to be
  serialized.

12
Tablet PC Interface

• Tablet PC

13
What is a Tablet PC ?

• In Simple Terms , A Tablet PC is like a laptop,
  only lesser in weight and smaller in size with
  the ability to take hand written user input.
• It runs on Windows XP Tablet PC Edition , a
  superset of Windows XP Professional Edition .

14
Contd..

• Definition A Tablet PC is computer shaped in
  the form of a notebook except with the
  capabilities of being written on through the use
  of digitizing tablet technology or a touch
  screen. The Tablet PC screen only receives
  information from a special pen. It will not take
  information from your finger or your shirt
  sleeveso you can rest your wrist on the screen
  and write naturally.
• What is not a Tablet Computer ?
• Pocket Sized Pcs
• Electronic Book Readers
• Web Pads
• Remote Access Pads

15
A Tablet
16
Programming For Tablet Pc

• Any program running on a windows XP could be run
  on Tablet Pc.
• Programs requiring hand written input needs more
  than a normal program.
• Tablet PC API provides libraries which can be
  used to write programs that can take hand written
  inputs.
• Hand writing Recognizers can be used to recognize
  hand written inputs.

17
Advantages

• By interacting directly with the screen, rather
  than with a mouse and keyboard, the PC becomes
  more comfortable and easy to use. There is no
  need to find a flat space on which to use your
  PC, nor does a vertical screen become a dividing
  wall between you and the person with you whom you
  are meeting. What's more, a Tablet PC can even be
  used while standing up, which is perfect for
  professionals on the move such as doctors,
  analysts, sales managers etc.

18
How to Use it?

• Download Tablet PC API from Microsoft Web Page.
• Make a reference to the API from your project .
• Namespace MicroSoft.Ink
• InkCollector Inknew InkCollector()
• Ink.HandleControl.Handle
• Ink.Enabledtrue

19
WebServices

• Interoperability

20
What is Interoperability?

• The ability of a system or a product to work with
  other systems or products without special effort
  on the part of the customer.
• An Interoperable WebService is a service which
  could serve any client, no matter if the client
  is from the same or a different Platform.
• Example
• Java WebService serving a .Net Client

21
What Causes Interoperable Issues?

• Different Types in Different Platforms
• The W3C XML Schema standard defines a number of
  built-in data types, among them string, integers
  of various sizes, Boolean, single- and
  double-precision floating point, dateTime, and
  others.
• Most Web services runtimes (including the one
  built-in to the .NET Framework and the WSDK) can
  map between these XML Schema primitives and
  platform-specific primitives, i.e. a string in
  XML Schema maps to a System.String in .NET, and
  to a java.lang.String in Java.
• Mapping Complex Data Types is Complicated
• Example Mapping DataSets in .Net to Vectors in
  JAVA

22
Solution

• WSDL First design By using XML Schema types to
  define the data types used in the Web service you
  increase the probability that you will use data
  types that can be mapped from one platform to
  another.
• Create the WSDL document. Use XML Schema to
  define complex type in the WSDL.
• Implement the WSDL document
• Create the Web service
• Create the Web service client
• Generating Code from XML Schema types makes sure
  that the application doesnt uses data types
  which are platform specific .
• Serialization There is a possibility to share
  Serialized data between different platforms.
• java byte .NET sbyte

23
Form Controls

• Visio ActiveX Control

24
Visio ActiveX

• To provide a better interactive user interface ,
  Visio ActiveX could be used to create an
  interface which will function like Microsoft
  Visio.
• This Interface will be hosted by Windows Forms .

25
How to Use It ?

• Download Visio ActiveX Control From Microsoft Web
  Page .
• Add a reference to the ActiveX DLL from your
  .Net Project.
• The control can be added to the ToolBox Items and
  can be used like any other windows forms control.
  
• Override Base Methods to implement custom actions.

26
Crystal Reports

• Crystal Reports facilitate generating Reports
  using data from the DataBase or from the
  Application.
• Easy to Use With a wide range of options to
  customize the reports.
• Can be programmed from within the C / VB.Net
  Application and hence is Dynamic .
• Can Be exported to a PDF or Excel document .
• Provides features to generate and view Reports
  and sub reports in a single control .
• Reports can be printed Easily either locally or
  over a network.

27
Graphs

• Graphs can be generated using a variety of 3rd
  party libraries.
• Example ZedGraph , .Net Chart etc
• How to Use them in .Net Projects?
• Download the DLLs from the provider.
• Add a Reference to the DLL from your project.
• Most of them should let you use them as a control
  which can be manipulated as any normal windows
  Controls.
• Explore the features, Customize and generate the
  Graphs.

28
sample - .Net Chart
29
Sample - ZedGraph
30
Temporary DataBase

• System Cache

31
Details

• Caching facilitates storing most frequently used
  data on the server. This is done by using the
  Cache class, a dictionary that allows you to
  store arbitrary data objects, such as hash tables
  and data sets. It also provides expiration
  functionality for those objects, and methods that
  allow you to add and removed the objects. You can
  also add the objects with a dependency upon other
  files or cache entries, and perform a callback to
  notify your application when an object is removed
  from the Cache.

32
How to Use it?

• NameSpace System.Web.Caching
• Example
• To Insert
• AppMain.Cache.Insert(
• "INPUT",
• StrokeString,
• null, /Dependency/
• Cache.NoAbsoluteExpiration,
• TimeSpan.FromSeconds( 60 )/Sliding Expiration
  Remove object after 60 seconds since last
  access/ )
• To Retreive
• StrokeStringAppMain.Cache "INPUT" as string

33
Conclusion

• Threat Reporter, a Prototype for future versions
  explore some of the technologies available in
  .NET and tries to answer some of the technical
  issues that may arise while using .NET.
• The Prototype aims at providing a easy to use
  interface for non technical end users while
  hiding most of the technical details.
• Future Developments and Enhancements
• An integrated Data Viewing Web Module to view the
  serialized data over the web on a Cross Platform
  Environment.
• Including Image Reader interface to read images
  from Digital Cameras directly to the application.
• Enhancing the WebServices to receive, store and
  send images as serialized bytes to facilitate
  viewing the images of incidents .
• Providing support to view latest (Crytal/PDF)
  reports over the web .

34
Questions ?

• Questions ???
• Comments???