HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis
|
|
- Brittney McDonald
- 6 years ago
- Views:
Transcription
1 HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory
2 A Tale of Three Open-Source IDS Shared functionality? Essentially none. Suricata Same for packet filters, firewalls, proxies, routers, switches, OS stack 2
3 Deep Packet Inspection Internet Tap Internal Network IDS Example: Finding downloads of known malware. 1. Find and parse all Web traffic. 2. Find and extract binaries. 3. Compute hash and compare with database. 4. Report, and potentially kill, if found. 3
4 DPI Architecture Application User Interface Configuration, logs, alarms Common primitives & idioms but hardly any reuse Analysis Logic Analysis Primitives State Management Protocol Parsing Network Traffic Signature matching, policy enforcement Pattern matching, packet classification, event correlation, multiplexing Flow table, DFAs, request/reply correlation IP, TCP, HTTP, DNS and that even though this stuff is hard. Why? Different low-level structure & data flows. No common language. 4
5 A High-Level Intermediary Language for Traffic Inspection Application User Interface Analysis Logic Analysis Compiler Host Application Firewall rules, IDS signatures, forwarding rules, Analysis Primitives State Management Protocol Parsing Library of Reusable Functionality HILTI Abstract Machine Intermediary language Execution Model LLVM-based compiler Runtime library Reusable components Network Traffic 5
6 Example: BPF Filters host or src net /24 type IP::Header = overlay { hdr_len: int<8> at 0 unpack UInt8InBigEndian (0, 3), version: int<8> at 0 unpack UInt8InBigEndian (4, 7), [...] src: addr at 12 unpack IPv4InNetworkOrder, dst: addr at 16 unpack IPv4InNetworkOrder } bool filter(ref<bytes> packet) { local addr a1, a2 local bool b1, b2, b3 } a1 = overlay.get IP::Header src packet b1 = equal a a1 = overlay.get IP::Header dst packet b2 = equal a b1 = or b1 b2 b2 = equal /24 a1 b3 = or b1 b2 return b3 6
7 Instruction Set Bitsets Booleans CIDR masks Callbacks Closures Channels Debug support Doubles Enumerations Exceptions File i/o Flow control Hashmaps Hashsets IP addresses Integers Lists Packet input Packet classification Packet dissection Ports Profiling Raw data References Regular expressions Strings Structs Unions Time intervals Timer management Timers Times Tuples Vectors/arrays 7
8 HILTI Machine Model Focus Areas Rich Domain-specific Data Types Flexible Control Flow Concurrent Analysis Robust & Secure Execution Comprehensive Host Interface Real-time Performance Debugging & Profiling Support High-level Optimization 8
9 Implementation: The HILTI Toolchain Host Application HILTI Environment LLVM Toolchain App Core C Interface Stubs Analysis Specification Analysis Compiler HILTI Machine Code HILTI Compiler LLVM Bitcode Compiler/ Linker Native Executable Runtime Library Just-in time via C++ API 9
10 Hello, World! module Main import Hilti void run() { call Hilti::print("Hello, World!") } hello.hlt # hilti-build hello.hlt -o a.out &&./a.out Hello, World! # hiltic -j hello.hlt Hello, World! 10
11 Can HILTI support complex applications? 11
12 Application Case Studies BPF Filter Stateful Firewall Protocol Parsing Bro Script Execution 12
13 BinPAC - A Yacc for Network Protocols Grammar example: Parsing SSH banners. SSH-2.0-OpenSSH_3.8.1p1 type SSH::Banner = unit { magic : /SSH-/; version : /[^-]*/; dash : /-/; software: /[^\r\n]*/; } BinPAC compiles grammar into HILTI parser. HILTI compiles parser into executable code just-in-time. Bro plugin integrates parsers at startup. 13
14 Hello, World! type SSH::Banner = unit { magic : /SSH-/; version : /[^-]*/; dash : /-/; software: /[^\r\n]*/; } ssh.pac2 grammar ssh.pac2; protocol analyzer SSH over TCP: parse with SSH::Banner, port 22/tcp; on SSH::Banner -> event ssh_banner(self.version, self.software); ssh.evt event ssh_banner(version: string, software: string) { { print software, version; } ssh.bro # bro -r ssh.trace ssh.evt ssh.bro OpenSSH_3.9p1, 1.99 OpenSSH_3.8.1p1,
15 Application Case Studies BPF Filter Stateful Firewall Protocol Parsing Bro Script Execution 15
16 Bro Scripts Script example: A simple scan detector. global attempts: table[addr] of count &default=0; event connection_rejected(c: connection) { local orig = c$id$orig_h; # Get originator address. local n = ++attempts[orig]; # Increase counter. } if ( n == SOME_THRESHOLD ) # Check for threshold. NOTICE(...); # Alarm. Bro plugin compiles scripts into HILTI code. HILTI compiles that into executable code just-in-time. 16
17 Evaluation Use HILTI plugin for Bro to compare parsing & script execution with a native Bro. Traces: HTTP: 1/25 of Berkeley port 80 traffic. 30GB trace, 52min, 340k messages. DNS: Full Berkeley port 53 traffic. 1GB trace, 10min, 65M messages. Correctness HILTI captures semantics correctly. Performance Let s see. 17
18 Protocol Parsing HTTP 6tanGaUG 683G 643G 241G 1567G HIL7I 852G 450G 21G 258G 1580G 6tanGaUG DNS 1.25x 177G 356G 180G 712G Protocol PDrsing 6cULSt ExHcutLon HIL7I-to-BUo GOuH 2thHU HIL7I 469G 405G 81G 217G 2.65x 1173G 0.0B 0.2B 0.4B 0.6B 0.8B 1.0B 1.2B 1.4B 1.6B 1.8B C38 cycohs 18
19 Bro Scripts HTTP 6tanGaUG 683G 635G 244G 1562G HIL7I 6tanGaUG HIL7I DNS 698G 781G 76G 254G 175G 358G 176G 709G 175G 243G 139G136G 694G 0.68x 1.23x 3UotocoO 3aUsLng 1810G ScriSt ExHcution HIL7I-to-BUo GOuH 2thHU 0.0B 0.5B 1.0B 1.5B 2.0B C38 cycohs 19
20 Summary HILTI: A new platform for network traffic analysis. A compiler-target for host applications to leverage. Provides common data structures and control flow primitives. Case studies demonstrate aptness of design. Packet filter, stateful firewall, protocol parsing, Bro scripts. Initial performance experiments encouraging. Not too different from native applications. It s still a prototype, with lots of potential. Sommer/Vallentin/De Carli/Paxson: HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis. ACM IMC
21 The HILTI Vision Performance via Abstraction Transparent improvement under the hood. Integration of non-standard hardware. High-level compiler optimizations. Automatic parallelization. Facilitate Reuse Means and glue to share functionality. HILTI library of common high-level components. HILTI is available under BSD license at De Carli/Sommer/Jha: Beyond Pattern Matching: A Concurrency Model for Stateful Deep Packet Inspection. ACM CCS 2014.
Spicy: A Unified Deep Packet Inspection Framework Dissecting All Your Data
Spicy: A Unified Deep Packet Inspection Framework Dissecting All Your Data Robin Sommer International Computer Science Institute, & Corelight, Inc. robin@icsi.berkeley.edu robin@corelight.io http://www.icir.org/robin
More informationHILTI: An Abstract Execution Environment for High Performance Network Traffic Analysis
HILTI: An Abstract Execution Environment for High Performance Network Traffic Analysis Robin Sommer, Nick Weaver, and Vern Paxson TR 10 003 February 2010 Abstract When building applications that process
More informationNetwork Security Today: Finding Complex Attacks at 100Gb/s
: Finding Complex Attacks at 100Gb/s Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin The Old Days Border
More informationExploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention
Exploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org
More informationThe NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware
The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware Matthias Vallentin 1, Robin Sommer 2,3, Jason Lee 2, Craig Leres 2 Vern Paxson 3,2, and Brian Tierney 2 1 TU München
More informationThe Bro Network Security Monitor. Broadmap. Bro Workshop NCSA, Urbana-Champaign, IL. Bro Workshop 2011
The Bro Network Security Monitor Broadmap NCSA, Urbana-Champaign, IL Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Version 2.0 Final 3 Version 2.0 Final Timeline: Early
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationThe Bro Network Intrusion Detection System
The Bro Network Intrusion Detection System Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org Outline Design of the Bro NIDS Philosophy Architecture LBNL s Bro Installation
More informationFollowing the Packets: A Walk Through Bro s Internal Processing Pipeline
Following the Packets: A Walk Through Bro s Internal Processing Pipeline Robin Sommer robin@icir.org Corelight, Inc. International Computer Science Institute Lawrence Berkeley National Laboratory Outline
More informationSuricata Performance with a S like Security
Suricata Performance with a S like Security É. Leblond Stamus Networks July. 03, 2018 É. Leblond (Stamus Networks) Suricata Performance with a S like Security July. 03, 2018 1 / 31 1 Introduction Features
More informationThe Bro Cluster The Bro Cluster
The Bro Cluster The Bro Cluster Intrusion Detection at 10 Gig and A High-Performance beyond using the NIDS Bro Architecture IDS for the Lawrence Berkeley National Lab Robin International Computer Science
More informationBro vs Suricata Two Approaches to Network Security Monitoring
Bro vs Suricata Two Approaches to Network Security Monitoring Christian Kreibich christian@corelight.com @ckreibich Your speaker Part 1 Background on Bro ( ) Already covered yesterday Part 2 Background
More informationOperational Experiences With High-Volume Network Intrusion Detection
Operational Experiences With High-Volume Network Intrusion Detection Holger Dreger 1 Anja Feldmann 1 Vern Paxson 2 Robin Sommer 1 1 TU München Germany 2 ICSI / LBNL Berkeley, CA, USA ACM Computer and Communications
More informationBroker. Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16
Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16 Communication in Bro Exploiting Independent State For Network Intrusion Detection Tap Broccoli, Independent
More informationC# 6.0 in a nutshell / Joseph Albahari & Ben Albahari. 6th ed. Beijin [etc.], cop Spis treści
C# 6.0 in a nutshell / Joseph Albahari & Ben Albahari. 6th ed. Beijin [etc.], cop. 2016 Spis treści Preface xi 1. Introducing C# and the.net Framework 1 Object Orientation 1 Type Safety 2 Memory Management
More informationMaking Dynamic Instrumentation Great Again
Making Dynamic Instrumentation Great Again Malware Research Team @ @xabiugarte [advertising space ] Deep Packer Inspector https://packerinspector.github.io https://packerinspector.com Many instrumentation
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationKUPF: 2-Phase Selection Model of Classification Records
KUPF: 2-Phase Selection Model of Classification Records KAKIUCHI Masatoshi Nara Institute of Science and Technology Background Many Internet services classify the data to be handled according to rules
More informationCross-compiling C++ to JavaScript. Challenges in porting the join.me common library to HTML5
Cross-compiling C++ to JavaScript Challenges in porting the join.me common library to HTML5 JUNE 24, 2015 LEVENTE HUNYADI join.me at a glance 2 join.me at a glance 3 join.me characteristics Application
More informationHardware Flow Offload. What is it? Why you should matter?
Hardware Offload What is it? Why you should matter? Good News: Network Speed The market is moving from 10 Gbit to 40/100 Gbit At 40 Gbit frame inter-arrival time is ~16 nsec At 100 Gbit frame inter-arrival
More informationUsing Scala for building DSL s
Using Scala for building DSL s Abhijit Sharma Innovation Lab, BMC Software 1 What is a DSL? Domain Specific Language Appropriate abstraction level for domain - uses precise concepts and semantics of domain
More informationInside Broker How Broker Leverages the C++ Actor Framework (CAF)
Inside Broker How Broker Leverages the C++ Actor Framework (CAF) Dominik Charousset inet RG, Department of Computer Science Hamburg University of Applied Sciences Bro4Pros, February 2017 1 What was Broker
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationA Graphical User Interface Framework for Detecting Intrusions using Bro IDS
A Graphical User Interface Framework for Detecting Intrusions using Bro IDS Shaffali Gupta M.Tech Scholar Thapar University, Patiala Rachit Goel M.tech Scholar Doon Valley, Karnal ABSTRACT Internet has
More informationicast / TRUST Collaboration Year 2 - Kickoff Meeting
icast / TRUST Collaboration Year 2 - Kickoff Meeting Robin Sommer International Computer Science Institute robin@icsi.berkeley.edu http://www.icir.org Projects Overview Project 1 NIDS Evasion Testing in
More informationDispelling myths Ingress and Egress Hardening The good and the bad Memory analysis Server 2008/2012 security enhancements BYOD security out of the
Kevin Cardwell 1 Dispelling myths Ingress and Egress Hardening The good and the bad Memory analysis Server 2008/2012 security enhancements BYOD security out of the box network design 2 2012 54% servers
More informationComputer Networks Prof. Ashok K. Agrawala
CMSC417 Computer Networks Prof. Ashok K. Agrawala 2018Ashok Agrawala September 6, 2018 Fall 2018 Sept 6, 2018 1 Overview Client-server paradigm End systems Clients and servers Sockets Socket abstraction
More informationUEPtSS: Unconstrained End-Point Security System
UEPtSS: Unconstrained End-Point Security System Fatema Bannat Wala Security Engineer Technical Security Group University of Delaware Fatema.bannatwala@gmail.com 2 About Me A very big fan of BRO IDS Have
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationSoftware Defined Networking
Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite
More informationForensic Network Analysis in the Time of APTs
SharkFest 16 Forensic Network Analysis in the Time of APTs June 16th 2016 Christian Landström Senior IT Security Consultant Airbus Defence and Space CyberSecurity Topics - Overview on security infrastructure
More informationSoftware-Defined Networking (Continued)
Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations
More information(h)icn Socket Library for HTTP Leveraging (h)icn socket library for carrying HTTP messages
(h)icn Socket Library for HTTP Leveraging (h)icn socket library for carrying HTTP messages Mauro Sardara, Luca Muscariello, Alberto Compagno Software Engineer ICNRG Interim Meeting, London, 18 th of March
More informationMalicious Activity and Risky Behavior in Residential Networks
Malicious Activity and Risky Behavior in Residential Networks Gregor Maier 1, Anja Feldmann 1, Vern Paxson 2,3, Robin Sommer 2,4, Matthias Vallentin 3 1 TU Berlin / Deutsche Telekom Laboratories 2 International
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More informationThe Challenges of XDP Hardware Offload
FOSDEM 18 Brussels, 2018-02-03 The Challenges of XDP Hardware Offload Quentin Monnet @qeole ebpf and XDP Q. Monnet XDP Hardware Offload 2/29 ebpf, extended Berkeley Packet
More informationForescout. Configuration Guide. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationSlicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More informationWriting Bro Analyzers. Vlad Grigorescu Bro Workshop Germany 2018
Writing Bro Analyzers Vlad Grigorescu Bro Workshop Germany 2018 Goal You're not going to become experts in 30 minutes. Present an overview of the steps needed to write a new binpac protocol or file analyzer
More informationP4 Language Design Working Group. Gordon Brebner
P4 Language Design Working Group Gordon Brebner Language Design Working Group Responsibilities Defining the P4 language specification Managing the graceful evolution of the language Membership Co-chairs:
More informationIntroduction to Bro-IDS. Seth Hall The Ohio State University
Introduction to Bro-IDS Seth Hall The Ohio State University Concepts Fundamentally, Bro provides a real-time network analysis framework. Not necessarily aiming to create an IDS turns
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationA hacker in a hoodie with leather gloves tapping a glowing blue lock icon on a transparent touchscreen with ones and zeroes raining down in green
A hacker in a hoodie with leather gloves tapping a glowing blue lock icon on a transparent touchscreen with ones and zeroes raining down in green onto a circuit board jason SYSTEMATIC NETWORK SECURITY
More informationVAST. AUnifiedPlatformforInteractiveNetworkForensics. Matthias Vallentin 1,2 Vern Paxson 1,2 Robin Sommer 2,3. March 17, 2016 USENIX NSDI
VAST AUnifiedPlatformforInteractiveNetworkForensics Matthias Vallentin 1,2 Vern Paxson 1,2 Robin Sommer 2,3 1 UC Berkeley 2 International Computer Science Institute (ICSI) 3 Lawrence Berkeley National
More informationCALIFORNIA SOFTWARE LABS
Real-time Implementation of NAT and Firewall in VxWorks CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite 100 Pleasanton CA 94566, USA. Phone
More informationNetwork Wide Policy Enforcement. Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta)
Network Wide Policy Enforcement Michael K. Reiter (joint work with V. Sekar, R. Krishnaswamy, A. Gupta) 1 Enforcing Policy in Future Networks MF vision includes enforcement of rich policies in the network
More informationIntroduction to Programming Using Java (98-388)
Introduction to Programming Using Java (98-388) Understand Java fundamentals Describe the use of main in a Java application Signature of main, why it is static; how to consume an instance of your own class;
More informationIntroduction to OSI model and Network Analyzer :- Introduction to Wireshark
Sungkyunkwan University Introduction to OSI model and Network Analyzer :- Introduction to Wireshark Syed Muhammad Raza s.moh.raza@gmail.com Copyright 2000-2014 Networking Laboratory 1/56 An Overview Internet
More informationDistributed Cooperative Security Monitoring
Distributed Cooperative Security Monitoring Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org/robin Cooperative Security Monitoring Internet sites monitor their network
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationGaE Graphs Ain t Easy. Andrew Jones (adj2129) Kevin Zeng (ksz2109) Samara Nebel (srn2134)
GaE Graphs Ain t Easy Andrew Jones (adj2129) Kevin Zeng (ksz2109) Samara Nebel (srn2134) Introduction Graphs Complex data structure Ubiquitous and fundamental Goal: We want to provide the end user a streamlined
More informationNAT logging basics. David Ford OxCERT (OUCS)
NAT logging basics David Ford OxCERT (OUCS) What is NAT? Formally - the method of modifying network address information in a packet whilst in transit The effect is to modify one (or more) of the Source
More informationIntroduction to Programming (Java) 2/12
Introduction to Programming (Java) 2/12 Michal Krátký Department of Computer Science Technical University of Ostrava Introduction to Programming (Java) 2008/2009 c 2006 2008 Michal Krátký Introduction
More informationM/s. Managing distributed workloads. Language Reference Manual. Miranda Li (mjl2206) Benjamin Hanser (bwh2124) Mengdi Lin (ml3567)
1 M/s Managing distributed workloads Language Reference Manual Miranda Li (mjl2206) Benjamin Hanser (bwh2124) Mengdi Lin (ml3567) Table of Contents 1. Introduction 2. Lexical elements 2.1 Comments 2.2
More informationC19: User Datagram and Multicast
CISC 3120 C19: User Datagram and Multicast Hui Chen Department of Computer & Information Science CUNY Brooklyn College 4/18/2018 CUNY Brooklyn College 1 Outline Recap Network fundamentals IPv4, IPv6 addresses
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationBluegiga Wi-Fi Software 9/19/2013 1
Bluegiga Wi-Fi Software 9/19/2013 1 Table of Contents Key Features Benefits Wi-Fi Software Architecture Use cases 9/19/2013 2 Key Features IEEE 802.11 features 802.11 b/g/n 802.11d STA mode AP mode* Security
More informationIndex. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309
A Arithmetic operation floating-point arithmetic, 11 12 integer numbers, 9 11 Arrays, 97 copying, 59 60 creation, 48 elements, 48 empty arrays and vectors, 57 58 executable program, 49 expressions, 48
More informationSymbol Tables. ASU Textbook Chapter 7.6, 6.5 and 6.3. Tsan-sheng Hsu.
Symbol Tables ASU Textbook Chapter 7.6, 6.5 and 6.3 Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Definitions Symbol table: A data structure used by a compiler to keep track
More informationThe current topic: Python. Announcements. Python. Python
The current topic: Python Announcements! Introduction! reasons for studying languages! language classifications! simple syntax specification Object-oriented programming: Python Types and values Syntax
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationWhat's New in CDT 7.0? dominique dot toupin at ericsson dot com
What's New in CDT 7.0? dominique dot toupin at ericsson dot com 23 committers Project Status Representing IDE vendors, consultants, and users Downloads continue to grow Galileo SR-1: 530,000! CDT / Linux
More informationTechnology Overview. Overview CHAPTER
CHAPTER 2 Revised: July 29, 2013, This overview of AVC technology includes the following topics: Overview, page 2-1 AVC Features and Capabilities, page 2-2 AVC Architecture, page 2-4 Interoperability of
More informationA Data Driven Approach to Designing Adaptive Trustworthy Systems
A Data Driven Approach to Designing Adaptive Trustworthy Systems Ravishankar K. Iyer (with A. Sharma, K. Pattabiraman, Z. Kalbarczyk, Center for Reliable and High-Performance Computing Department of Electrical
More informationWHITE PAPER A10 SSL INSIGHT & FIREWALL LOAD BALANCING WITH SONICWALL NEXT-GEN FIREWALLS
WHITE PAPER A10 SSL INSIGHT & FIREWALL LOAD BALANCING WITH SONICWALL NEXT-GEN FIREWALLS TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 INTRODUCTION... 3 SOLUTION REQUIREMENTS... 3 SOLUTION COMPONENTS... 4 SOLUTION
More informationCOMMUNICATION PROTOCOLS: REMOTE PROCEDURE CALL (RPC)
COMMUNICATION PROTOCOLS: REMOTE PROCEDURE CALL (RPC) 1 2 CONVENTIONAL PROCEDURE CALL (a) (b) Parameter passing in a local procedure call: the stack before the call to read. The stack while the called procedure
More informationCNIT 50: Network Security Monitoring. 6 Command Line Packet Analysis Tools
CNIT 50: Network Security Monitoring 6 Command Line Packet Analysis Tools Topics SO Tool Categories Running Tcpdump Using Dumpcap and Tshark Running Argus and the Ra Client SO Tool Categories Three Types
More informationAbout the Authors... iii Introduction... xvii. Chapter 1: System Software... 1
Table of Contents About the Authors... iii Introduction... xvii Chapter 1: System Software... 1 1.1 Concept of System Software... 2 Types of Software Programs... 2 Software Programs and the Computing Machine...
More informationVisual Profiler. User Guide
Visual Profiler User Guide Version 3.0 Document No. 06-RM-1136 Revision: 4.B February 2008 Visual Profiler User Guide Table of contents Table of contents 1 Introduction................................................
More informationHands-On with STM32 MCU Francesco Conti
Hands-On with STM32 MCU Francesco Conti f.conti@unibo.it Calendar (Microcontroller Section) 07.04.2017: Power consumption; Low power States; Buses, Memory, GPIOs 20.04.2017 21.04.2017 Serial Interfaces
More informationHybrid Information-Centric Networking
Hybrid Information-Centric Networking ICN inside the Internet Protocol Luca Muscariello, Principal Engineer Giovanna Carofiglio, Distinguished Engineer Jordan Augé, Michele Papalini, Mauro Sardara, Alberto
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationDS 2009: middleware. David Evans
DS 2009: middleware David Evans de239@cl.cam.ac.uk What is middleware? distributed applications middleware remote calls, method invocations, messages,... OS comms. interface sockets, IP,... layer between
More informationA Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models
A Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models Marc Ph. Stoecklin Jean-Yves Le Boudec Andreas Kind
More information15-744: Computer Networking. Middleboxes and NFV
15-744: Computer Networking Middleboxes and NFV Middleboxes and NFV Overview of NFV Challenge of middleboxes Middlebox consolidation Outsourcing middlebox functionality Readings: Network Functions Virtualization
More informationAutomation Framework for Large-Scale Regular Expression Matching on FPGA. Thilan Ganegedara, Yi-Hua E. Yang, Viktor K. Prasanna
Automation Framework for Large-Scale Regular Expression Matching on FPGA Thilan Ganegedara, Yi-Hua E. Yang, Viktor K. Prasanna Ming-Hsieh Department of Electrical Engineering University of Southern California
More informationNetwork Defenses KAMI VANIEA 1
Network Defenses KAMI VANIEA 26 SEPTEMBER 2017 KAMI VANIEA 1 First the news http://arstech nica.com/secu rity/2015/04/ meet-greatcannon-theman-in-themiddleweapon-chinaused-ongithub/ 2 First the news http://arstechni
More informationA Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence
A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Bernhard Amann 1, Robin Sommer 1,2, Aashish Sharma 2, and Seth Hall 1 1 International Computer Science Institute
More informationCompiling Regular Expressions COMP360
Compiling Regular Expressions COMP360 Logic is the beginning of wisdom, not the end. Leonard Nimoy Compiler s Purpose The compiler converts the program source code into a form that can be executed by the
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationData Flow Oriented Software Design in a FACE Architecture
Data Flow Oriented Software Design in a FACE Architecture US Army Aviation FACE TIM Paper by: David Heath Georgia Tech Research Institute Trevor Stittleburg Georgia Tech Research Institute November, 2015
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationJiST Java in Simulation Time An efficient, unifying approach to simulation using virtual machines
JiST Java in Simulation Time An efficient, unifying approach to simulation using virtual machines Rimon Barr, Zygmunt Haas, Robbert van Renesse rimon@acm.org haas@ece.cornell.edu rvr@cs.cornell.edu. Cornell
More informationI Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks.
I Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks. Paper by: Nikhil Handigol, Brandon Heller, Vimalkumar Jeyakumar, David Mazières, and Nick McKeown, Stanford University
More informationThe Bro Network Security Monitor
The Bro Network Security Monitor Bro Integrations: Some Misc. Bro Related Stuff Jon Schipp, NCSA BroCon15 MIT, Cambridge, Massachusetts Agenda Outlining a few things I ve worked on ISLET - Software that
More informationP4 for an FPGA target
P4 for an FPGA target Gordon Brebner Xilinx Labs San José, USA P4 Workshop, Stanford University, 4 June 2015 What this talk is about FPGAs and packet processing languages Xilinx SDNet data plane builder
More informationLecture 2. Outline. Layering and Protocols. Network Architecture. Layering and Protocols. Layering and Protocols. Chapter 1 - Foundation
Lecture 2 Outline Wireshark Project 1 posted, due in a week Lab from a different textbook Work through the lab and answer questions at the end Chapter 1 - Foundation 1.1 Applications 1.2 Requirements 1.3
More informationPython INTRODUCTION: Understanding the Open source Installation of python in Linux/windows. Understanding Interpreters * ipython.
INTRODUCTION: Understanding the Open source Installation of python in Linux/windows. Understanding Interpreters * ipython * bpython Getting started with. Setting up the IDE and various IDEs. Setting up
More informationElastic Load Balancing
Elastic Load Balancing Deep Dive & Best Practices Mariano Vecchioli, Sr. Technical Account Manager AWS Michaela Kurkiewicz, Principal Service Manager Co-op Tina Howell, Platform Lead - Co-op June 28 th,
More informationASA Access Control. Section 3
[ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look
More informationCSE 413 Languages & Implementation. Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341)
CSE 413 Languages & Implementation Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341) 1 Goals Representing programs as data Racket structs as a better way to represent
More informationPacket Sniffing and Spoofing
Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Packet Sniffing and Spoofing Chester Rebeiro IIT Madras Shared Networks Every network packet reaches every
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationSemantic Analysis. Compiler Architecture
Processing Systems Prof. Mohamed Hamada Software Engineering Lab. The University of Aizu Japan Source Compiler Architecture Front End Scanner (lexical tokens Parser (syntax Parse tree Semantic Analysis
More informationNetwork Analyzer :- Introduction to Wireshark
Sungkyunkwan University Network Analyzer :- Introduction to Wireshark Syed M. Raza s.moh.raza@skku.edu H. Choo choo@skku.edu Copyright 2000-2018 Networking Laboratory Networking Laboratory 1/56 An Overview
More informationID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:
ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationC18: Network Fundamentals and Reliable Sockets
CISC 3120 C18: Network Fundamentals and Reliable Sockets Hui Chen Department of Computer & Information Science CUNY Brooklyn College 4/16/2018 CUNY Brooklyn College 1 Outline Networking fundamentals Network
More informationCOP4020 Programming Languages. Compilers and Interpreters Robert van Engelen & Chris Lacher
COP4020 ming Languages Compilers and Interpreters Robert van Engelen & Chris Lacher Overview Common compiler and interpreter configurations Virtual machines Integrated development environments Compiler
More information