Summary of past and present projects

1
Summary of past and present projects
Linux kernel hacking, network processor
programming, low-level devices drivers, etc.
Research Technological Development
Dept., http//www.vtrip.net Virtual Trip,
Ltd. Thessaloniki, Greece
Konstantinos Xinidis Software Engineer
xinidis_at_vtripgroup.com
2
Roadmap

• Discovery of the topology of Gnutella and study
  of its performance
• An expressive and flexible network monitoring API
• A high-performance (1 Gbps) network intrusion
  prevention system using network processors
• A high-performance (10 Gbps) remote storage
  system
• Wireless network intrusion prevention system
• Protecting against unknown exploits using
  honeypots (NoAH)
• Applications for mobile devices (Plastic)
• Miscellaneous projects

3
Discovery of the Topology of Gnutella and Study
of its Performance

• Motivation
• The query algorithm of Gnutella does not scale
• Goals
• Take a snapshot of Gnutella network
• Improve Gnutellas efficiency by changing the
  network topology
• Explore various alternatives to Gnutellas query
  algorithm
• Result
• propose a more efficient query/routing algorithm

4
Network Monitoring API

• Motivation
• Absence of effective network traffic monitoring
  abstraction
• Goals
• Provide an expressive API for network monitoring
  applications
• flexible enough to capture emerging application
  needs
• allow the system to exploit specialized
  monitoring hardware
• Result
• Linux kernel module and a support user space
  library

linmapi.sourceforge.net
5
A High-Performance Network Intrusion Prevention
System (1/2)

• Motivation
• Routers are capable of operating at high speed
  links, why network intrusion prevention systems
  arent?
• High-performance is important but we also need
  flexibility
• Goals
• Design and implement a high-performance,
  flexible, scalable and low-cost network intrusion
  prevention system (NIPS)
• Design highlights
• Scalable architecture combining a
  high-performance network processor (NP) and an
  array of sensors on commodity PCs
• Efficient coordination between NP and sensors for
  making prevention decisions

Network
Splitter
Sensor 2
Sensor 1
6
A High-Performance Network Intrusion Prevention
System (2/2)

• Results
• A prototype system with 4 sensors able to monitor
  a fully-loaded Gigabit Ethernet link

• K. Xinidis, I. Charitakis, S. Antonatos, K. G.
  Anagnostakis, and E. P. Markatos. An Active
  Splitter Architecture for Intrusion Detection and
  Prevention. In IEEE Transactions on Dependable
  and Secure Computing, Vol. 3, No. 1,
  January-March 2006
• K. G. Anagnostakis, S. Sidiroglou, P. Akritidis,
  K. Xinidis, E. P. Markatos and A. D. Keromytis.
  Detecting Targeted Attacks Using Shadow
  Honeypots. In Proceedings of the 14th USENIX
  Security Symposium, August 2005
• K. Xinidis, K. G. Anagnostakis and E. P.
  Markatos. Design and Implementation of a
  High-Performance Network Intrusion Prevention
  System. In Proceedings of the 20th International
  Information Security Conference (SEC 2005), June
  2005

7
A high-performance remote storage system (1/2)

• Motivation
• Primary networked storage subsystems
• Consolidation of storage in one subsystem
• Single interconnect for application and storage
  nodes
• Goals
• Efficient remote I/O
• using commodity components
• maintain transparent access
• identify address overheads
• on a real system prototype

8
A high-performance remote storage system (2/2)

• Approach
• Minimal NIC architecture
• RDMA-write, notification capabilities
• Design remote I/O protocol (kernel)

• M. Marazakis, K. Xinidis, V. Papaefstathiou, and
  A. Bilas. Efficient Remote Block-level I/O over
  an RDMA-capable NIC. InThe 20th ACM International
  Conference on Supercomputing, July 2006

9
Wireless network intrusion prevention system

• Motivation
• Wireless networks is starting to attract unwanted
  attention as potential targets for malicious
  activities
• Goals
• Develop defenses for wireless networks
• Result
• A prototype that provides protection against
  emerging wireless malware threats
• wireless phishing
• spoofing
• wildfire worms

www.cybairsec.org
10
Network of Affined Honeypots

• Goals
• Detect zero-day attacks and worms
• Track down selective attacks
• Analyse unknown exploit code
• Generate signatures
• Approach
• build a pilot infrastructure that allows for
  malware collection, identification and analysis
• combination of low- and high-interaction
  honeypots
• dark traffic redirectors

www.fp6-noah.org
11
Applications for mobile devices

• Sensitive Opinion Research (SOR)
• Mobile e-Voting in a Crisis Management System
  (CMS)
• Trusted Content Repository (TCR)

12
Miscellaneous Projects

• Porting Linux to a Virtex-II Pro FPGA
• Experience with Xilinx tools (ISE, EDK)
• Experience with Microblaze processors
• Developing applications for embedded systems
• DIL/NetPC DNP/1110
• IPC_at_CHIP embedded controller

13
Thanks!
http//www.csd.uoc.gr/xinidis