lariat lincoln adaptable real time information assurance
play

LARIAT: Lincoln Adaptable Real-time Information Assurance Testbed - PowerPoint PPT Presentation

Oct 04, 2022 •44 likes •314 views

LARIAT: Lincoln Adaptable Real-time Information Assurance Testbed Lee M. Rossey Jesse C. Rabek, Robert K. Cunningham, David J. Fried, Rich P. Lippmann, Marc A. Zissman RAID 2001 October 10, 2001 This work was sponsored by the United States

  1. LARIAT: Lincoln Adaptable Real-time Information Assurance Testbed Lee M. Rossey Jesse C. Rabek, Robert K. Cunningham, David J. Fried, Rich P. Lippmann, Marc A. Zissman RAID 2001 October 10, 2001 This work was sponsored by the United States Air Force under contract F19628-00-C-0002. Opinions, interpretations, conclusions, and recommendations are those of the authors and are not necessarily endorsed by the United States Government. RAID 2001 - 1 LMR 10/26/2001

  2. Overview • Introduction – Motivation – Background – Goals • LARIAT Description • Attacks and Scenarios • Deployments & Uses • Current Efforts • Summary MIT Lincoln Laboratory RAID 2001 - 2 LMR 10/26/2001

  3. Motivation • Provide an environment to develop new information assurance (IA) systems • Provide tools to assist evaluation and configuration of IA technologies – Intrusion detection systems – Firewall settings and proxies – Access control lists MIT Lincoln Laboratory RAID 2001 - 3 LMR 10/26/2001

  4. Background DARPA 1998 1998 IDS Evaluations DARPA 1999 IDS 1999 Evaluations DARPA DoD: LARIAT Real-time, deployable 2000 IDS 2000 Full-automation Attack scenario DoD: LARIAT DARPA: CyberPanel High throughput, Large networks 2001 Attack scenarios Simulated Traffic Windows traffic time MIT Lincoln Laboratory RAID 2001 - 4 LMR 10/26/2001

  5. What does it do ? User Groups and attackers External Users Real or Internal Users Emulated Internet Background External traffic Enterprise Internal attacks Enterprise Network IDS • Emulates the network traffic from a small organization connected to the Host Internet IDS MIT Lincoln Laboratory RAID 2001 - 5 LMR 10/26/2001

  6. Goals • Extend the previous work to provide additional capabilities – Deployable – Simple to use – Full automation – Real-time – High throughput – Attack scenarios MIT Lincoln Laboratory RAID 2001 - 6 LMR 10/26/2001

  7. Overview • Introduction – Motivation – Background – Goals • LARIAT Description • Attacks and Scenarios • Deployments & Uses • Current Efforts • Summary MIT Lincoln Laboratory RAID 2001 - 7 LMR 10/26/2001

  8. Central Research Tasks • Background traffic for estimating IA tool false alarms – Realistic user models (administrators, secretaries, managers, developers) – Modernized traffic (MIME encoded mail w/ attachments, ftp downloads from Internets sites) – Multiple configurable user groups (collection of users) – Windows traffic (in development) – New operating systems and services • Attacks for estimating IA tool detection rates – Collection of attack components – New components – Attack models using scenarios – Framework to automate and manage attacks MIT Lincoln Laboratory RAID 2001 - 8 LMR 10/26/2001

  9. LARIAT Test Flow Select Profile - select & edit traffic profile - select attacks & strike time Network Discovery Verify accessibility of hosts and services Initialize Network Clean Up - reset user accounts - reinstate corrupted files - remove old traffic Distribute Configurations - remove pre-conditions - clear logs - archive traffic scripts - distribute profiles to hosts - clear process table - clear process table Pre-conditions Verify / Score - setup network conditions required - examine attack logs for the test (eg. Anonymous ftp) - verify attack success - generate traffic & attack scripts - examine IDS output (future) - schedule attack + traffic scripts - score IDS (future) - start loggers Run Traffic -view progress in “real-time” - attacks, IDS output MIT Lincoln Laboratory RAID 2001 - 9 LMR 10/26/2001

  10. LARIAT – Profile Selection Select time interval Select time interval Select Background Select Background Traffic Profile Traffic Profile Select Attack profile Select Attack profile MIT Lincoln Laboratory RAID 2001 - 10 LMR 10/26/2001

  11. LARIAT – User Models • Configure aggregate • Configure aggregate traffic generation times traffic generation times and amount of traffic and amount of traffic • Specify time interval, • Specify time interval, traffic distribution, and traffic distribution, and amount of traffic to be amount of traffic to be generated for each user generated for each user model (ftp, telnet, …) model (ftp, telnet, …) • Modify the service traffic • Modify the service traffic distribution & rate distribution & rate MIT Lincoln Laboratory RAID 2001 - 11 LMR 10/26/2001

  12. User Groups Real or External Emulated Engineering User Group Internet User Group ~60 hosts ~2600 sites ~30 hosts DMZ External Enterprise Operations Internal User Group Enterprise ~30 hosts • Groups interact using Background defined service models traffic – http, https, smtp, ftp, telnet, – ssh, icmp, irc, pop, imap, sql, finger HR User Group – Active directory , exchange , file-sharing, ~50 hosts – Protocol interdependencies: arp, dns, nfs, direct-hosting (SMB over TCP), LDAP, … • Traffic volume scales from 0-100Mbps MIT Lincoln Laboratory RAID 2001 - 12 LMR 10/26/2001

  13. Overview • Introduction – Motivation – Background – Goals • LARIAT Description • Attacks and Scenarios • Deployments & Uses • Current Efforts • Summary MIT Lincoln Laboratory RAID 2001 - 13 LMR 10/26/2001

  14. Attack Components Solaris (sparc) Solaris (x86) Windows Linux NT/2000 Surveillance/ IP Sweep Smurf IP Sweep Smurf IP Sweep Smurf IP Sweep Smurf Nmap Dig Nmap Dig Nmap Dig Nmap Dig Probing Portsweep Satan Portsweep Satan Portsweep Satan Portsweep Satan Dsniff Siphon Dsniff Siphon Dsniff Siphon Denial of Mailbomb Apache2 Syslogd Streaming Zeros Apache2 Teardrop Service UDP Storm Neptune Jolt2 Back Neptune Neptune Mailbomb Back mStream Mailbomb UDP Storm Process Table Process Table Stream2 Process Table named-xfer named-xfer Remote to Dictionary Dictionary Phf Telnet2000 Dictionary Xlock Phf Local Ftp-write Guest Ftp-write IIS Unicode Ftp-write Xsnoop Imap Xsnoop Xlock Guest lprNG Sadmind Sadmind Named Sendmail Udirectory guestbook User to Eject SCM- Eject catman Perl Imwheel Impersonation Ffbconfig Xterm Pamslam Ffbconfig Superuser Fdformat Tmpwatch Epcs2 Fdformat Ps Dump-exp Man dump Ps Tools on ssh trojan ssh trojan Adore ssh trojan Victim host Transport Xfer, rwwwshell, netcat, cryptocat • 50 attacks against 9 operating systems • Need a way to manage, reuse and automate attack components MIT Lincoln Laboratory RAID 2001 - 14 LMR 10/26/2001

  15. Attack Component Description (XML) Attack component UID UID Parameters Parameters Multiple Variations: •Victim IPs Multiple Variations: •Victim IPs • Different skill levels •Victim Ports • Different skill levels •Victim Ports • Visibility • Visibility 1. Simplifies deployment • Speed of execution 1. Simplifies deployment • Speed of execution 2. Component reuse 2. Component reuse Attack scenario Scripts Scripts • Attack • Attack • Verify • Verify • Cleanup • Cleanup Preconditions: Preconditions: what does the what does the attack require attack require … MIT Lincoln Laboratory RAID 2001 - 15 LMR 10/26/2001

  16. Attacker Knowledge Base • Repository for runtime attack information – Attack parameters: launch time, source IP, target IP, user … – Attack launch, execution and verification status – Acquired results for scenario • Simple API – Store and retrieve information – Coordinates attack components MIT Lincoln Laboratory RAID 2001 - 16 LMR 10/26/2001

  17. Attack Scenario Model Time 1 4 5 6 7 8 1 4 5 6 7 8 External Internal Identify Remote- Download User-to- External Internal Identify Remote- Download User-to- Network Network IIS to-User User-to- Super Network Network IIS to-User User-to- Super Scan Scan Server exploit SuperUser User Scan Scan Server exploit SuperUser User code exploit code exploit 2 2 Identify 3 Identify 3 IDS Blind IDS Agent IDS Blind IDS Agent Agent Agent • Requires: Started Attack components don’t start until Requires: Completed requirements are satisfied Until: Completed MIT Lincoln Laboratory RAID 2001 - 17 LMR 10/26/2001

  18. Network Data from IIS Server Attack HTTP Named pipe banner grabber impersonation Setup IIS UNICODE FTP client backdoor on web server traversal download payload Win2K server • Network traffic recorded on the inside of the firewall MIT Lincoln Laboratory RAID 2001 - 18 LMR 10/26/2001

  19. Overview • Introduction – Motivation – Background – Goals • LARIAT Description • Attacks and Scenarios • Deployments & Uses • Current Efforts • Summary MIT Lincoln Laboratory RAID 2001 - 19 LMR 10/26/2001

  20. First Use Cases • MIT Lincoln Laboratory – Development laboratory • First remote installation – Standalone network configuration running attack scenarios • Second remote installation – Integrated into an existing network environment MIT Lincoln Laboratory RAID 2001 - 20 LMR 10/26/2001

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline 1. Overview of LArIAT 2. The LArIAT Light Collection System 3. Select ongoing

Outline 1. Overview of LArIAT 2. The LArIAT Light Collection System 3. Select ongoing

Light Collection in LArIAT DUNE Photon Detection System Meeting December 17 th , 2015 William Foreman UChicago Outline 1. Overview of LArIAT 2. The LArIAT Light Collection System 3. Select ongoing

994 views • 32 slides
Pion scattering with the Pion scattering with the LArIAT experiment LArIAT experiment Justin

Pion scattering with the Pion scattering with the LArIAT experiment LArIAT experiment Justin

Pion scattering with the Pion scattering with the LArIAT experiment LArIAT experiment Justin Hugon (On behalf of the LArIAT experiment) Louisiana State University 1 Liquid Argon in a Test Beam (LArIAT) Liquid Argon in a Test Beam (LArIAT)

681 views • 39 slides
GENI real time workshop, Reston VA, 6,7 Feb 2006 Assurance, Security, Certification for GENI John

GENI real time workshop, Reston VA, 6,7 Feb 2006 Assurance, Security, Certification for GENI John

GENI real time workshop, Reston VA, 6,7 Feb 2006 Assurance, Security, Certification for GENI John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Assurance, Security, Certification: 1 Certification

333 views • 17 slides
Developing LAr Scintillation Light Applications at Neutrino Energies with LArIAT Andrzej Szelc,

Developing LAr Scintillation Light Applications at Neutrino Energies with LArIAT Andrzej Szelc,

Developing LAr Scintillation Light Applications at Neutrino Energies with LArIAT Andrzej Szelc, Manchester (for the LArIAT collaboration) What is LArIAT? A test facility to calibrate and test LArTPCs and their components using a beam of

395 views • 26 slides
LArTPC Testbeam: CAPTAIN and LArIAT Jason St. John, University of Cincinnati On behalf of the

LArTPC Testbeam: CAPTAIN and LArIAT Jason St. John, University of Cincinnati On behalf of the

LArTPC Testbeam: CAPTAIN and LArIAT Jason St. John, University of Cincinnati On behalf of the LArIAT Collaboration and for the CAPTAIN Collaboration NuFact 2015, Rio de Janeiro Outline miniCAPTAIN (neutrons) & LArIAT (charged species) -

677 views • 49 slides
Evaluating the use of Geant4 through LArSoft in the LArIAT simulation Hans Wenzel LArSoft

Evaluating the use of Geant4 through LArSoft in the LArIAT simulation Hans Wenzel LArSoft

Evaluating the use of Geant4 through LArSoft in the LArIAT simulation Hans Wenzel LArSoft Coordination Meeting October 6 th 2015 Charge Begin a two week (FTE effort not real 3me) project evalua3ng

145 views • 13 slides
Inputs to LArIAT physics results and lessons for broader LArTPC program Andrea Falcone (UTA) on

Inputs to LArIAT physics results and lessons for broader LArTPC program Andrea Falcone (UTA) on

Inputs to LArIAT physics results and lessons for broader LArTPC program Andrea Falcone (UTA) on behalf of LArIAT Coll. LArIAT 15th May 17 Liquid Argon In A Testbeam Primary Target Secondary Target (Cu) (Cu) Primary 120 GeV P Tunable

340 views • 33 slides
Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #15 Updated 2009-03-03 Dependable Distributed Dependable Distributed Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real Aircraft/automotive

501 views • 9 slides
RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS Real-time extensions to general-purpose OS Chenyang Lu 2 RTOS: Features for Efficiency Small Minimal set of functionality Fast context switch

504 views • 16 slides
Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10 Updated 2009-02-15 Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time system Logical function What should be done &

500 views • 8 slides
Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate Engine + Fabric Offline Develop initial monitoring query Back-test Progressive Non-temporal analysis Interactive Query Authoring

383 views • 15 slides
LArIAT Calibration with Stopping Tracks LArTPC Calibration & Reconstruction Workshop

LArIAT Calibration with Stopping Tracks LArTPC Calibration & Reconstruction Workshop

LArIAT Calibration with Stopping Tracks LArTPC Calibration & Reconstruction Workshop December 10-11, 2018 Jen Raaf LArIAT TPC Caveats: Small! Tabletop-sized, and so does not have some of the same challenges

603 views • 36 slides
Online Data Quality Monitoring Johnny Ho LArIAT Operational Readiness Review 13 October 2015

Online Data Quality Monitoring Johnny Ho LArIAT Operational Readiness Review 13 October 2015

Online Data Quality Monitoring Johnny Ho LArIAT Operational Readiness Review 13 October 2015 Online data quality monitor The online data quality monitor (DQM) lets us check the quality of the data we are writing to disk in near-real-time

616 views • 43 slides
Establishing Real Time ASEAN Food Security Information Network and Developing Human Resource

Establishing Real Time ASEAN Food Security Information Network and Developing Human Resource

Establishing Real Time ASEAN Food Security Information Network and Developing Human Resource December, 2019 Korea Agency of Education, Promotion and Information Service in Food, Agriculture, Forestry and Fisheries (EPIS ) Background of Real-time

603 views • 23 slides
Antiproton Annihilation on Argon Nuclei in LArIAT William Foreman, University of Chicago On

Antiproton Annihilation on Argon Nuclei in LArIAT William Foreman, University of Chicago On

Antiproton Annihilation on Argon Nuclei in LArIAT William Foreman, University of Chicago On Behalf of the LArIAT Collaboration DPF 2017 Fermilab Wednesday, August 2, 2017 Motivation: Neutron-Antineutron Oscillation Feature of many BSM

345 views • 22 slides
Real-Time Operating system (RTOS) Real-time Embedded systems often have real-time computing

Real-Time Operating system (RTOS) Real-time Embedded systems often have real-time computing

Real-Time Operating system (RTOS) Real-time Embedded systems often have real-time computing constraints (Temporal) Determinism Correctness of system depends not only on the logical result of the computation, but also on the time at which

531 views • 13 slides
Show me the tests! Writing Automated Tests for Drupal Me Lee Rowlands - @larowlan Senior

Show me the tests! Writing Automated Tests for Drupal Me Lee Rowlands - @larowlan Senior

DEV TRACK | LEE ROWLANDS | FEBRUARY 8 2013 Show me the tests! Writing Automated Tests for Drupal Me Lee Rowlands - @larowlan Senior Drupal Developer with PreviousNext Working with Drupal 4+ years Maintainer of 35+ contrib

684 views • 31 slides
Draft fting a Testing Strategy How a subscription-based business increased conversions by 121%

Draft fting a Testing Strategy How a subscription-based business increased conversions by 121%

Draft fting a Testing Strategy How a subscription-based business increased conversions by 121% Ben Eva Benjamin Huppertz Global Head of Conversion Management Senior Research Manager Euromoney Institutional Investor MECLABS Session speaker

1.22k views • 58 slides
Testing the Essential with AutoFixture Enrico Campidoglio @ecampidoglio Premise:

Testing the Essential with AutoFixture Enrico Campidoglio @ecampidoglio Premise:

Testing the Essential with AutoFixture Enrico Campidoglio @ecampidoglio Premise: + Small Expressive Essential 3 unit testing AutoFixture patterns Context Set() 123 System System under test under test

536 views • 30 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymous Authorisation in Smart Environments Florian Baumann Chair for Network Architectures

Anonymous Authorisation in Smart Environments Florian Baumann Chair for Network Architectures

Anonymous Authorisation in Smart Environments Florian Baumann Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen August 13, 2014 Florian Baumann: Anonymous Authorisation in

358 views • 21 slides
Don't Call Us, We'll Call You: Characterizing Callbacks in JavaScript Keheliya Gallaba, Ali

Don't Call Us, We'll Call You: Characterizing Callbacks in JavaScript Keheliya Gallaba, Ali

Don't Call Us, We'll Call You: Characterizing Callbacks in JavaScript Keheliya Gallaba, Ali Mesbah, Ivan Beschastnikh University of British Columbia 1 Why JavaScript? On the client 2 Why JavaScript? On the client On the server 3 Why

987 views • 63 slides
A Tour of Perl Testing A Tour of Perl Testing Perl agentzh@yahoo.cn

A Tour of Perl Testing A Tour of Perl Testing Perl agentzh@yahoo.cn

A Tour of Perl Testing A Tour of Perl Testing Perl agentzh@yahoo.cn (agentzh) 2009.9 Why testing? When things have gone wrong in collaboration... agentzh: With my patch in r2545, Jifty's I18N should work for

562 views • 54 slides
Traceable Group Encryption t Libert 1 Moti Yung 2 Marc Joye 1 Thomas Peters 3 Beno 1

Traceable Group Encryption t Libert 1 Moti Yung 2 Marc Joye 1 Thomas Peters 3 Beno 1

Traceable Group Encryption t Libert 1 Moti Yung 2 Marc Joye 1 Thomas Peters 3 Beno 1 Technicolor (France) 2 Google Inc. and Columbia University (USA) 3 UCL Crypto Group (Belgium) March 28, 2014 Buenos Aires B. Libert (Technicolor) PKC 2014

190 views • 18 slides

More recommend