The MAST project proposes a novel security tool that serves two purposes: (a) Help system administrators find vulnerabilities and possible attacks on systems and networks and (b) Teach students and novice administrators about security concerns. In the first use case, administrators will be able to use the tool to check for known vulnerabilities on their systems, to check whether the latest security updates and patches have been installed, and to monitor their systems for different forms of attacks or break-ins. In the second use case, the tool can be used in a classroom, laboratory, or in the field to help students and novice administrators learn about the security domain, the latest known vulnerabilities, and how to fix them. The security tool will integrate and build upon two key technologies: mobile software agents and concept maps. Mobile agents will be used to move agents to hosts and routers on the network in order to execute locally and perform the necessary monitoring. In addition to checking for vulnerabilities, mobile agents can also correlate information from multiple systems to identify possible attacks or attempted break-ins. Agents will monitor systems continuously and notify administrators of important observations, thereby reducing the workload on the administrators. Moreover, the agents will be proactive in fixing vulnerabilities or other problems on the systems. Concept maps will be used as a way of expressing knowledge about the security domain. Concepts maps have been shown to be an effective mediating representation to capture expertise in a manner that allows students and novices to learn about a domain of knowledge. The tool will use concept maps to organize and present information about computer and network security. These concept maps will be updated to reflect new forms of attack as well as fixes and updates. They will also be used to organize the security agents and allow administrators to launch them as needed.
Comments