Integrity Through Mediated Interfaces PI Meeting Feb. 15, 2001 Bob Balzer, Marcelo Tallis Teknowledge <balzer,mtallis>@teknowle dge.com nd: Turquoise Changes from July 99 PI meet Green Changes from Feb 00 PI meeting Red Changes from July 00 PI meeting
21
Embed
Integrity Through Mediated Interfaces PI Meeting Feb. 15, 2001 Bob Balzer, Marcelo Tallis Teknowledge @teknowledge.com Legend: Turquoise Changes from July99.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Integrity Through Mediated Interfaces
PI Meeting Feb. 15, 2001
Bob Balzer, Marcelo Tallis
Teknowledge
<balzer,mtallis>@teknowledge.comLegend: Turquoise Changes from July 99 PI meeting
Green Changes from Feb 00 PI meetingRed Changes from July 00 PI meeting
Technical Objectives
• Wrap Data with Integrity Marks– Insure its Integrity– Record its processing history– Reconstruct it from this history if it is corrupted
• by program bugs• by malicious attacks
• Demo these capabilities on major COTS product– Microsoft Office Suite (PowerPoint & Word only)– Also demo on a mission critical military system
• PowerPoint and Word
This Slide Intentionally Blank
Existing Practice
• Integrity Stove-Piped on Tool-by-Tool Basis
• End-to-End Integrity Not Supported
• Persistent Data only Safeguarded by OS
• Corruption Detection is Ad-Hoc
• Corruption Repair– Based on Backups– Not Integrated with Detection
• Wrap Program– Detect access of integrity marked data & decode it
M
M
M
M
Mediation Cocoon
Environment = Operating System External Programs
Program
ChangeMonitor
– Monitor User Interface to detect change actions• Translate GUI actions into application specific modifications
Technical Approach
– Detect update of integrity marked data • Re-encode & re-integrity mark the updated data
• Repair any subsequent Corruption from History• Build on existing research infrastructure
Major Risks and Planned Mitigation
• Ability to detect application-level modificationsApplication Openness Spectrum:– Event-Generators: Capture as transaction history– Scripting API: Examine state to infer action– Black-Box: Mediate GUI to infer action=> Generic Mediators + Tool Specific mapping
• Ability to detect application-level modificationsApplication Openness Spectrum:– Event-Generators: Capture as transaction history– Scripting API: Examine state to infer action– Black-Box: Mediate GUI to infer action=> Generic Mediators + Tool Specific mapping
• Ability to protect transaction history=> Hide the location of the transaction history
• Virtual File System wrapper• System-level Randomization Techniques
• Tool-Specific Modification Trackers Expensive=> Automate common portions=> Provide rule-based scripting language
Accomplishments To Date
• Corruption Detector– IDs Document Version on Save (in Document)– Records Document Cryptographic Digest on Save– Checks Document Cryptographic Digest on Load
Demo
Demo
• Change Monitor for MS Word 2000– Determines parameters for application-level action– Records transaction history (for possible Replay)
• Corruption Repairer– Rebuilds document by replaying transaction history
• Time Lever shows document development– User selects range of interest– Move Forwards through Operations Log– Move Backwards through Undo Stack
Operations Log
Accomplishments To Date
• Corruption Detector– IDs Document Version on Save (in Document)– Records Document Cryptographic Digest on Save– Checks Document Cryptographic Digest on Load
Demo
Demo
• Change Monitor for MS Word 2000– Determines parameters for application-level action– Records transaction history (for possible Replay)
• Corruption Repairer– Rebuilds document by replaying transaction history
• Files that can be read/written• Remote Sites that can be downloaded-from/uploaded-to• Portions of Registry that can be read/written• Processes that can be spawned
Demo
• Email Attachment Context Determined• Alerts Logged with Context• AIA Experiment conducted with IMSC(Musman)