integrity through mediated interfaces pi meeting august 19 2002 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Integrity Through Mediated Interfaces PI Meeting August 19, 2002 PowerPoint Presentation
Download Presentation
Integrity Through Mediated Interfaces PI Meeting August 19, 2002

Loading in 2 Seconds...

  share
play fullscreen
1 / 9
kareem

Integrity Through Mediated Interfaces PI Meeting August 19, 2002 - PowerPoint PPT Presentation

107 Views
Download Presentation
Integrity Through Mediated Interfaces PI Meeting August 19, 2002
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Integrity Through Mediated InterfacesPI Meeting August 19, 2002 Bob Balzer, Marcelo Tallis Teknowledge <balzer,mtallis>@teknowledge.com Legend: TurquoiseChanges from Feb. 02 PI meeting

  2. Technical Objectives • Wrap Data with Integrity Marks • Insure its Integrity • Record its processing history • Reconstruct it from this history if it is corrupted • by program bugs • by malicious attacks • Demo these capabilities on major COTS product • Microsoft Office Suite (PowerPoint & Word only) • Also demo on a mission critical military system • PowerPoint and Word

  3. M Mediation Cocoon Environment = Operating System External Programs M M M Change Monitor • Wrap Program • Detect access of integrity marked data & decode it • Monitor User Interface to detect change actions • Translate GUI actions into application specific modifications Technical Approach Program • Detect update of integrity marked data • Re-encode & re-integrity mark the updated data • Repair any subsequent Corruption from History • Build on existing research infrastructure

  4. MS Word Data IntegrityTechnical Approach To Attribution • Time Lever shows document development • User selects range of interest • Move Forwards through Operations Log • Move Backwards through Undo Stack Operations Log

  5. Demo Completed (except for integration of generic mechanisms from PowerPoint Data Integrity) GUI Monitortied to change history Data IntegrityCurrent Status • MS Word Data Integrity • Completed • MS PowerPoint Data Integrity • Generic Data Integrity Architecture • Shape creation/deletion • Shape move/resize/recolor/rotate • Connector attachment/detachment • Group/ungroup • Problems (requiring unique development) • Single Process Debug/Demo Architecture • Typed Text (different low-level implementation) • Dangling Connectors (incomplete COM model)

  6. Data IntegrityFuture Plans • Complete Coverage of PowerPoint Operations • Integrate generic mechanisms from PowerPoint Integrity Manager back into Word • Deploy Word and PowerPoint Integrity Managers

  7. SafeEmail Attachments Spawn Email Client SafeEmail Attachments M M M Attachment Handler Safety Rulesi Wrapper M M M M M M Safety Rulesj Wrapper SafeEmail Attachments Spawn • Each opened attachment spawns new process M M M Attachment Handler • Wrapper encapsulateseach spawned process Safety Rulesk Wrapper Attachment Safe EmailAttachments Attachment • Deployment • Bundled with ADF as OPX Hardened Client • MARFORPAC Usability Test 2/02 • FBE-Juliet Red Team Experiment 8/02

  8. Response • New rule system & GUI • Autonomic responses Demo Deployment/Red-Team Results • MARFORPAC Usability Test (2/02) • No field usage problems (no attacks) • Assessed as unmaintainable • Not configurable by Marine Sysadmins • Alerts not understandable by Marine personnel • Hardened Client II Red-Team Experiment (5/02) • Test new ByPass Protection mechanism • All attacks on or to disable ByPass Protector failed • Attack on unprotected wrapper data succeeded • This vulnerability disclosed to Red-Team prior to experiment • FBE-Juliet Red-Team Experiment (8/02) • Test SafeEmail against malicious attachments • All attacks on SafeEmail failed • SafeEmail field portable to OfficeXP

  9. SafeEmail Plans • Integration with Enterprise Wrappers • Offboard Policy Manager • Offboard Alert Dissemination • Dynamic Policies • Pilot Deployments • Within Military and Federal Government • Development of Contained Execution Compartments • No persistent effects from opening email attachments • Only new document versions from editors • Integration with autonomic attack detector (SBIR) • Hardening & Independent Assessment (OPX) • Broader Coverage (all user processes) (OPX)