TINA as a virtual market place for telecommunication and information services: the VITAL experiment

The VITAL (Validation of Integrated Telecommunication Architectures for the Long-Term) project has defined, implemented and demonstrated an open distributed telecommunication architecture (ODTA) for deploying, managing and using a set of heterogeneous multimedia, multi-party, and mobility services. The architecture was based on the latest specifications released by TINA-C. The architecture was challenged in a set of trials by means of a heterogeneous set of applications. Some of the applications were developed within the project from scratch, while some others focused on integrating commercially available applications. The applications were selected in such a way as to assure full coverage of the architecture implementation and reflect a realistic use of it. The VITAL experience of refining and implementing TINA specifications and challenging the resulting platform by a heterogeneous set of services has proven the openness, flexibility and reusability of TINA. This paper describes the VITAL approach when choosing the different services and how they challenge and interact with the architecture, focusing especially on the service architecture and the Ret reference point definitions. The VITAL adjustments and enhancements to the TINA architecture are described. This paper contributes to proving that the TINA-based VITAL ODTA allows for easy and cost-effective development and deployment of advanced end-user and operator services, and can indeed act as the basis for a virtual market place for telecommunications service

Detecting Network-Based Obfuscated Code Injection Attacks Using Sandboxing

Intrusion detection systems (IDSs) are widely recognised as the last line of defence often used to enable incident response when intrusion prevention mechanisms are ineffective, or have been compromised. A signature based network IDS (NIDS) which operates by comparing network traffic to a database of suspicious activity patterns (known as signatures) is a popular solution due to its ease of deployment and relatively low false positive (incorrect alert) rate. Lately, attack developers have focused on developing stealthy attacks designed to evade NIDS. One technique used to accomplish this is to obfuscate the shellcode (the executable component of an attack) so that it does not resemble the signatures the IDS uses to identify the attacks but is still logically equivalent to the clear-text attacks when executed. We present an approach to detect obfuscated code injection attacks, an approach which compensates for efforts to evade IDSs. This is achieved by executing those network traffic segments that are judged potentially to contain executable code and monitoring the execution to detect operating system calls which are a necessary component of any such code. This detection method is based not on how the injected code is represented but rather on the actions it performs. Correct configuration of the IDS at deployment time is crucial for correct operation when this approach is taken, in particular, the examined executable code must be executed in an environment identical to the execution environment of the host the IDS is monitoring with regards to both operating system and architecture. We have implemented a prototype detector that is capable of detecting obfuscated shellcodes in a Linux environment, and demonstrate how it can be used to detect new or previously unseen code injection attacks and obfuscated attacks as well as well known attacks