Vulnerability Development mailing list archives
Regarding a selection for mobile code/scripting language
From: "Eric Knight" <eric () swordsoft com>
Date: Fri, 9 Jan 2004 12:31:34 -0700
Dear Vuln-Dev community: I've got a question for anyone who has an opinion about picking a scripting language for a "remote administration tool" that will be expected to provide reasonably efficient robustness for administration and security functions. I'm 90% tempted just to create my own (did it before) but I'd like to open the floor for discussion. Background: I'm wrapping up "Phase 2" of my defensive IW project, I've got roughly 75% of the framework completed as described in my "Treatise on Informational Warfare" and I'm starting to plan for Phase 3, which I hope won't take as long. The critical pieces appear to be completed and tested on small scales, made user friendly, and days away from being place into Beta. The missing pieces, as I see it, are the communications back-channel relay and the ability to provide for client/server side scripts (e.g., mobile code.) I realize not everyone read the publication, so I'll try to explain the current status: 1) It has the "feel" of a Trojan horse system (intelligent agent) that governs security and administrative functions. Although the features are present that are typical in any RA tool, this system has a lot of safeguards against abuses, by design. 2) Event framework for handling events of all kinds -- analytical, user initiated, schedule initiated, action/response, etc. 3) Communication framework currently supports transfers of files, commands, and record data across an encrypted socket. 4) Visualization framework for security information (charts, interactive controls, etc.) 5) Analysis framework for security analysis, action, response. 6) Internal record communication structure with ability to read/write/process XMLish tree record data. Like a giant native XML database. 7) Fun stuff like remote registry control, remote program execution, copying and transferring files omni-directionally, identifying hardware, equipment, configurations, etc. Allowing remote changes, etc.. Forensic analysis all over the place. 8) Appears to be hitting its anticipated target of 1,000 potential simultaneous clients on a beefed up server (?) No way to test. Yes, in theory its expandable higher up the chain as predicted in the model. 9) Yeah, sky's the limit, it can be used for almost anything -- its always present, managing tasks, collecting logs, transferring information, etc. You could toss your firewall logs to an unused desktop and have it perform analysis, you could reconfigure the filters on all the desktops. You could collect the contents of folders, directories, and perform analysis... Remote installation of software.. These steps would be easiest with a mobile code system and a shared public library of tools that administrators have already written. Maybe its easier to do this, too.. A picture is worth a thousand words:: http://www.swordsoft.com/VES/VESLook1.jpg http://www.swordsoft.com/VES/VESLook2.jpg http://www.swordsoft.com/VES/VESLook3.jpg Ultimately, the point is that computers react faster to threats than people do, and I'm building the associated framework to be able to move in that direction and make the whole day-to-day processes of crossreferencing and research "less difficult", easier to visualize and considerably faster. For the time being, the system's framework is limited to hardcode and needs to have its horizon's broadened. The system is very closely wired, so recording events and commands driven from the console can easily be done though the creation of "server agents", and I'm 2+2ing that together thinking that it can have "semi-self programming" abilities -- watch and learn -- and add them as tasks across the enterprise. By definition, I want these tasks to be disposable (memory resident) and discarded after use, or saved. Second, I want to have lots of mobile scripts that perform generalized tasks -- remote backup, vulnerability testing (both local/remote), event response/creation/analysis, WFC access, etc. Also, I don't want to limit myself to Windows, *nix is my best programming environment by personal choice, but I can do both. Third, I'm curious about depth of control -- I know that a sandbox for code is required, but if I can already extend outside the sandbox (script: copy executable to remote computer, run executable -- 100% outside the sandbox), should this even be a full programming language? I'm thinking something like Basic that is intuitive to write, or possibly Pascal-ish or C-ish (for the syntax). Object oriented? Not sure. Compiled or interpreted? Probably interpreted because I can already transfer compiled code. Anyway, the only closing thoughts I have is that what exists right now is a framework with some limited examples, its not quite the "masterpiece" of unified, automated, and fully reactionary enterprise security yet. I've been trying to locate comparable tools "out there", not finding anything much except some theoretical papers and some "project" pages that haven't been updated in a long time. Trojan technology appears to be the closest example, and it may be a good reference for visualization. When I released my paper, the general estimation of the completion of my project was supposed to be 15-30 years in the future (from comments made about it), and I thought it was possible to complete it in two. I'm concluding now that its going to be finished in about 6 months from current progress as an individual effort, although many parts of it are ready for solving immediate needs. I'd appreciate any feedback at all, this has been a quiet and relatively discreet coding project, and I'd like to know more about what the industry thinks. I hope that it will be ready for the "masses" as quickly as possible, and I don't have any intentions on delaying. Thank you, Eric Knight, Security Research Workaholic
Current thread:
- Regarding a selection for mobile code/scripting language Eric Knight (Jan 13)
- Message not available
- Re: Regarding a selection for mobile code/scripting language Eric Knight (Jan 14)
- Re: Regarding a selection for mobile code/scripting language Bennett Todd (Jan 14)
- Re: Regarding a selection for mobile code/scripting language Eric Knight (Jan 14)
- Message not available