This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Israel 2011 Presentations"
| Line 26: | Line 26: | ||
| − | === | + | === Temporal Session Race Conditions === |
| − | ''''' | + | '''''Shay Chen, CTO, Hacktics Advanced Security Center, Ernst & Young''''' |
<u>Abstract</u> | <u>Abstract</u> | ||
| Line 38: | Line 38: | ||
<u></u>TBD | <u></u>TBD | ||
| − | === | + | === Building an Effective SDLC Program - Case Study === |
| − | ''''' | + | '''''Guy Bejerano, CSO, Liveperson''''' |
| + | '''''Ofer Maor, CTO, Seeker Security''''' | ||
<u>Abstract</u> | <u>Abstract</u> | ||
| Line 49: | Line 50: | ||
<u></u>TBD | <u></u>TBD | ||
| + | |||
| + | === Space-Time Tradeoffs in Software-Based Deep Packet Inspection === | ||
| + | |||
| + | '''''Yotam Harchol, IDC''''' | ||
| + | |||
| + | Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection Systems (NIDS). DPI aims to identify various malware by inspecting both the header and the payload of each packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the packet processing, thus the overall performance of the security tools is dominated by the speed of DPI. | ||
| + | |||
| + | The Aho-Corasick (AC) algorithm is the de-facto standard for pattern matching in NIDS. Basically, the AC algorithm constructs a Deterministic Finite Automaton (DFA) for detecting all occurrences of a given set of patterns by processing the input in a single pass. The input is inspected symbol by symbol, such that each symbol results in a state transition. Thus, in principle, the AC algorithm has deterministic performance, which does not depend on specific input and therefore is not vulnerable to algorithmic complexity attacks, making it very attractive. | ||
| + | |||
| + | In this talk I will show that, when implementing the AC algorithm in software, this property does not hold, due to the fact that contemporary pattern sets induce very large DFAs that cannot be stored entirely in cache. We propose a novel technique to compress the representation of the AC automaton, so it can fit in modern cache. We compare both the performance and the memory footprint of our technique to previously-proposed implementation, under various settings and pattern sets. Our results reveal the space-time tradeoffs of DPI. Specifically, we show that our compression technique reduces the memory footprint of the best prior-art algorithm by approximately 60%, while achieving comparable throughput. | ||
| + | |||
| + | ''Joint work with Anat Bremler-Barr (IDC) and David Hay (HUJI). | ||
| + | '' | ||
| + | ''This work was presented in IEEE International Conference on High Speed Switching and Routing (HPSR), July 2011, Cartagena, Spain. | ||
| + | '' | ||
| + | <u>Speaker Bio</u> | ||
| + | Yotam Harchol is a graduate student at the Hebrew University of Jerusalem. Currently he works with Dr. Anat Bremler-Barr (IDC) and Dr. David Hay (HUJI) on network algorithms and security, deep packet inspection and high performance computing. He received his bachelor degree in Computer Science from IDC Herzliya. | ||
Revision as of 12:32, 4 August 2011
Composite Applications Over Hybrid Clouds – Enterprise Security Challenges of the IT Supply Chain
Dr. Ethan Hadar, Senior Vice President Corporate Technical Strategy, CA
Abstract
TBD
Speaker Bio
TBD
Finding Security in Misery of Others
Amichai Shulman, CTO, Imperva
Abstract
TBD
Speaker Bio
TBD
Temporal Session Race Conditions
Shay Chen, CTO, Hacktics Advanced Security Center, Ernst & Young
Abstract
TBD
Speaker Bio
TBD
Building an Effective SDLC Program - Case Study
Guy Bejerano, CSO, Liveperson Ofer Maor, CTO, Seeker Security
Abstract
TBD
Speaker Bio
TBD
Space-Time Tradeoffs in Software-Based Deep Packet Inspection
Yotam Harchol, IDC
Deep Packet Inspection (DPI) lies at the core of contemporary Network Intrusion Detection Systems (NIDS). DPI aims to identify various malware by inspecting both the header and the payload of each packet and comparing it to a known set of patterns. DPI is often performed on the critical path of the packet processing, thus the overall performance of the security tools is dominated by the speed of DPI.
The Aho-Corasick (AC) algorithm is the de-facto standard for pattern matching in NIDS. Basically, the AC algorithm constructs a Deterministic Finite Automaton (DFA) for detecting all occurrences of a given set of patterns by processing the input in a single pass. The input is inspected symbol by symbol, such that each symbol results in a state transition. Thus, in principle, the AC algorithm has deterministic performance, which does not depend on specific input and therefore is not vulnerable to algorithmic complexity attacks, making it very attractive.
In this talk I will show that, when implementing the AC algorithm in software, this property does not hold, due to the fact that contemporary pattern sets induce very large DFAs that cannot be stored entirely in cache. We propose a novel technique to compress the representation of the AC automaton, so it can fit in modern cache. We compare both the performance and the memory footprint of our technique to previously-proposed implementation, under various settings and pattern sets. Our results reveal the space-time tradeoffs of DPI. Specifically, we show that our compression technique reduces the memory footprint of the best prior-art algorithm by approximately 60%, while achieving comparable throughput.
Joint work with Anat Bremler-Barr (IDC) and David Hay (HUJI). This work was presented in IEEE International Conference on High Speed Switching and Routing (HPSR), July 2011, Cartagena, Spain. Speaker Bio Yotam Harchol is a graduate student at the Hebrew University of Jerusalem. Currently he works with Dr. Anat Bremler-Barr (IDC) and Dr. David Hay (HUJI) on network algorithms and security, deep packet inspection and high performance computing. He received his bachelor degree in Computer Science from IDC Herzliya.
