The growth and globalization of the Internet have made computer and network security a paramount challenge. In 1988, the Internet Worm caused much havoc and effectively shutdown the Internet. However, the systems that were affected were mostly at universities and other research centers. Today, circumstances are very different from 1988. Many businesses rely on networks of systems connected to the Internet. Network attacks result in downtime that cost companies significant time and money due to lost productivity and/or loss of data. Moreover, critical infrastructural systems are being connected to the Internet thereby raising the potential for disruption through network-based attacks. Unfortunately, this same characteristic attracts attackers who wish to make highly-visible statements.
This project, will build a security tool that serves two purposes: (a) Help system administrators find vulnerabilities and possible attacks on systems and networks and (b) Teach students and novice administrators about security concerns.
Administrators will be able to use the tool to check for known vulnerabilities on their systems, to check whether the latest security updates and patches have been installed, and to monitor their systems for different forms of attacks or break-ins. The tool can be used in a classroom, laboratory, or in the field to help students and novice administrators learn about the security domain, the latest known vulnerabilities, and how to fix them.
The security tool will integrate and build upon two key technologies: mobile software agents and concept maps. The NOMADS mobile agent system will provide the agent framework and security kernels while the CMapTools software will be used as the application to build and maintain the knowledge base. The proposed security tool will integrate these technologies in an administrator console that will provide extreme flexibility, monitoring and control of the system through remote execution of mobile code.
The security tool will consist of four components, the An administrator's console, the security kernel, the knowledge model and a set of security agents that will be provided and distributed with the tool.
The Concept Map based knowledge model and the flexibility imbued by the use of mobile agents ensures that the proposed tool will be equally useful and effective in production, teaching and training environments. The MAST security tool, proposed in this work will be freely distributed for academic and non-profit use.
