WP3 WISDOM SOFTWARE PACKAGE Elias Athanasopoulos FORTH Cork, Ireland, January 2009

WP3WISDOM SOFTWARE PACKAGE

Elias Athanasopoulos([email protected])FORTH

Cork, Ireland, January 2009

mailto:[email protected]

Good News!• WSIM: A software platform to

simulate all-optical security operations. – Antonis Krithinakis, Lubomir Stroetmann,

Elias Athanasopoulos, Georgios Kopidakis, Evangelos P. Markatos.

– In Proceedings of the 4th European Conference on Computer Network Defense (EC2ND 2008). December 2008, Dublin, Ireland.

Elias Athanasopoulos, FORTH WP3 2

Organization• SAPI– Software core, mini Operating System

• WSIM– Simulated environment

• Integration (SAPI, WSIM) –WISDOM Software Package–Main front-end

3Elias Athanasopoulos, FORTH WP3

SAPI• High-Level API – Filter Creation– Firewall Configuration – Bridge with device using DLL provided by

Avanex• Filter creation– Predefined or custom

• Filter processing– Export in a snort-like language

• Filter feeding– WISDOM firewall– WISDOM simulator


Example – Filter Creation

/* e-mail filter example. */SAPI_TCP_Filter *mailFilter = new SAPI_TCP_Filter();

mailFilter->SetDestinationPort(25);


Example – Feed Rule to Device

SAPI_Firewall *fw = SAPI::Board_Init();


mailFilter->SetDestinationPort(25);mailFilter->Apply(fw);


Example – Feed Rule to WSIM

SAPI_Simulator *ws = new SAPI_Simulator();


mailFilter->SetDestinationPort(25);ws->Attach(mailFilter->Export());ws->Run();


Main Front End


Launch WSIM

Set Rules in the actual

device

Rule Inspector

Custom Rules

WSIM – Simulated Environment

• Information source– Real-time, traces

• Configuration– User driven, SAPI’s rule-set

• Stable application


WSIM – Evaluation (40 Gbps)


Packet Drops due to

Congestion

No False Positives

Overall Processing

WISDOM Software PackageDemo

Documents

WP3 WISDOM SOFTWARE PACKAGE Elias Athanasopoulos FORTH Cork, Ireland, January 2009