Abstract :
Network Associates Laboratories research focused on three fundamental challenges for practically deploying non-bypassable system-call and library-call wrappers across an enterprise: 1) how to securely manage multi-platform, multi-vendor wrapper configurations over a network, 2) how to manage data flow, using both "push" and "pull" models, to facilitate intelligent, network-wide detection and response capabilities, and 3) how to write wrappers that take advantage of their new, networked environment without burdening the wrapper writer with system- and network-specific details. To meet these challenges, we: 1) identified extensions to our Wrapper Definition Language (WDL), database, and Wrapper Query Language (WQL) to permit high-level, abstract interactions with networked components, 2) developed policy specification, built a technology base, created APIs for host and network controllers, developed a new GUI, updated the wrappers, and demonstrated the new policy function, and 3) developed a boundary controller and other cross-platform components for interoperability. The results provide an architecture and prototype implementation for enforcing security policies at system-call and library-call levels across platforms and throughout an enterprise.
Keywords :
computer networks; graphical user interfaces; security of data; software libraries; software reliability; API; GUI; Wrapper Definition Language; Wrapper Query Language; boundary controller; data flow management; database; high-level abstract interactions; host controllers; information assurance; intelligent network-wide detection; interoperability; library-call wrappers; network controllers; policy specification; pull models; push models; secure multi-platform multivendor wrapper configuration management; system-call wrappers; Computer crashes; Data security; Filtering; Information security; Intrusion detection; Large-scale systems; Redundancy; Software libraries; Software systems; Wrapping;
