Upload
chad-haynes
View
212
Download
0
Embed Size (px)
Citation preview
Technical Objectives
• Wrap Data with Integrity Marks– Insure its Integrity– Record its processing history– Reconstruct it from this history if it is corrupted
• by program bugs
• by malicious attacks
• Demo these capabilities on major COTS product– Microsoft Office Suite
This Slide Intentionally Blank
Existing Practice
• Integrity Stove-Piped on Tool-by-Tool Basis
• End-to-End Integrity Not Supported
• Persistent Data only Safeguarded by OS
• Corruption Detection is Ad-Hoc
• Corruption Repair– Based on Backups– Not Integrated with Detection
• Wrap Program– Detect access of integrity marked data & decode it
M
M
M
M
Mediation Cocoon
Environment = Operating System External Programs
Program
ChangeMonitor
– Monitor User Interface to detect change actions• Translate GUI actions into application specific modifications
Technical Approach
– Detect update of integrity marked data • Re-encode & re-integrity mark the updated data
• Repair any subsequent Corruption from History• Build on existing research infrastructure
Program
M
M
M
Mediation Cocoon
M
Security Manager• Mediation Installer• Secure Mediation
NT Security & IntegrationEnhancements
Safe Execution Environments
• Safe Web Browsing• Safe Agent Execution• Safe Download/Macro Execution
File System Extensions
• Encryption Archive• Virtual File System• Copy-On-Modify
• Ppt Design Editor• EMACS in Eudora• Web Annotator
BalzerUSC INFORMATION SCIENCES INSTITUTE
• Diagram Animation• Monitoring C++ Development• Web Ad Buster
COTS Integration
Copy On Modify Demo
Safe Web Browser Demo
Domain SpecificDesign Editor
Demo
Major Risks and Planned Mitigation
• Ability to detect application-level modificationsApplication Openness Spectrum:– Event-Generators: Capture as transaction history– Scripting API: Examine state to infer action– Black-Box: Mediate GUI to infer action=> Generic Mediators + Tool Specific mapping
• Ability to protect transaction history=> Hide the location of the transaction history
• Virtual File System wrapper• System-level Randomization Techniques
• Tool-Specific Modification Trackers Expensive=> Automate common portions=> Provide rule-based scripting language
Task Schedule
• Dec99: Tool-Level Integrity Manager
– Monitor & Authorize Tool access & updates
• Jun00: Operation-Level Integrity Manager
– Monitor, Authorize, & Record Modifications
• Dec00: Integrity Management for MS-Office
• Jun01: Corruption Repair
• Jun02: Automated Modification Tracking
Expected Major Achievements
• for Integrity Marked Documents:– End-To-End Data Integrity (through multiple tools/sessions)
– Modifications Monitored, Authorized, & Recorded• Authorization Control of Users, Tools, and Operations • All Changes Attributed and Time Stamped
– Assured Detection of Corruption– Ability to Restore Corrupted Data
• Ability to operate with COTS products
• MS-Office Documents Integrity Marked
Measures of Success
• Widespread Deployment of Integrity Manager for MS-Office
• Extensibility of Integrity Manager to other COTS products
• Ease of creating Modification Trackers• Resistence to Malicious Attacks
– Corruption Avoidance– Corruption Detection– Corruption Repair=> Red-Team Experiment
Key Outstanding Issues
• None Yet
Transition of Technology
• Piggyback our Technology on a widely used Target Product (MS Office)– Integrity Manager automatically invoked as needed
• Make technology available for COTS products
• Work with Vendors to encouragepublication of modification events
Needed PM Assitance
• None Yet