Project 35 – IBM Midway presentation

1. Project 35 – IBMMidwaypresentation A platform for monitor definition, integration and synthesis in cloud security analysis tools. Supervisors: Tamer Salman, Ronen Levy Students: Sari Saba Sadiya, HeshamYassin

2. Milestones: • We were able to achieve our midway milestone by defining a “Monitor Language” capable of covering all the “test case” attacks and generic enough to allow addition (new rules) adaption (using templates) and adjustment. • We now have better understanding of the different traits of final product; Now we know to which extent the tool will be generic. Also the general specifications of the product (inputs, output …) crystalized and are much clearer. addition: Any users can add new rules. adaption: The “smart user” can create new templates. adjustment: The Use of parameters enables the users to adjust existing templates to their needs.

3. Final Product: Traffic log Traffic simulator GUI Using this GUI the user will be able to edit and define monitors Traffic Executable monitors temporal logic components Traffic Analysis Tool (T.A.T) Monitor Language Definition

4. Conclusions so far: • The tool won’t be “generic” in the sense that the “monitor specification language” defined is static and unchangeable. • The tool will be “generic” in the sense that it will allow the “smart user” to define templates for the “simple user”.

5. Revised work plan: • The monitor language is now well defined and is both versatile enough to allow the “smart user” to define monitors suitable to most security events and simple enough for the “simple user”. • We have started working on the parser and the template definition feature of our tool; now all that is left is the translation stage from our “monitor specification language” to PSL. Probably using Bison yacc and lex!

6. Actual flow: User input in His “adapted” MSL IBM TOOL GUI and Initial Parser Compiler (Probably written with Bison and Lex) C + PSL .exe MSL