broker
play

Broker Matthias Vallentin UC Berkeley International Computer - PowerPoint PPT Presentation

Mar 14, 2024 •345 likes •755 views

Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16 Communication in Bro Tap Internal Internet Firewall Tap Network Frontend Nodes Manager + Proxy + ... ... Proxy Backend Nodes

  1. Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16

  2. Communication in Bro Tap Internal Internet Firewall Tap Network Frontend Nodes Manager + Proxy + ... ... Proxy Backend Nodes Broccoli, Python Ruby & Perl Bro Independent Bindings Bindings Cluster Broccoli Broccoli State 2005 2007 2008 2011

  3. Communication in Bro Exploiting Independent State For Network Intrusion Detection Tap Internal Internet Firewall Tap Network Robin Sommer Vern Paxson Frontend Nodes TU M¨ unchen ICSI/LBNL Manager sommer@in.tum.de vern@icir.org + Proxy + coming ... ... Proxy Backend Nodes soon! Broccoli, Abstract in the context of a single process is a minor subset of the Python Ruby & Perl NIDS process’s full state: either higher-level results (often Bro just alerts) sent between processes to facilitate correlation or Broker Broker Network intrusion detection systems (NIDSs) critically Independent Bindings Bindings aggregation, or log files written to disk for processing in the rely on processing a great deal of state. Often much of this future. The much richer (and bulkier) internal state of the state resides solely in the volatile processor memory acces- Cluster Broccoli Broccoli 0.4 1.0 NIDS remains exactly that, internal. It cannot be accessed State sible to a single user-level process on a single machine. In by other processes unless a special means is provided for this work we highlight the power of independent state , i.e., doing so, and it is permanently lost upon termination of the internal fine-grained state that can be propagated from one 2005 2007 2008 2015 2016/17 2011

  4. Outline • Overview • API • Performance • Outlook

  5. Overview

  6. Broker = Bro'ish data model + publish/subscribe communication + distributed key-value stores

  7. Publish/Subscribe Communication Organization Internet

  8. Publish/Subscribe Communication C++ C++ C++ Organization Internet

  9. Publish/Subscribe Communication C++ Model Model Model C++ C++ Organization Internet

  10. Publish/Subscribe Communication C++ Model Model Model C++ C++ Organization Internet

  11. Publish/Subscribe Communication C++ C++ C++ Organization Internet Model Model Model

  12. Publish/Subscribe Communication C++ C++ C++ Organization Internet

  13. Publish/Subscribe Communication C++ C++ C++ File File File Organization Internet

  14. Publish/Subscribe Communication C++ C++ C++ File File File Organization Internet

  15. Publish/Subscribe Communication C++ File C++ File C++ File Organization Internet

  16. Publish/Subscribe Communication C++ C++ C++ Result Organization Internet

  17. Publish/Subscribe Communication C++ C++ C++ Result Organization Internet

  18. Publish/Subscribe Communication C++ Result C++ C++ Organization Internet

  19. Distributed Key-Value Stores M C C C M endpoint master M C C clone C

  20. Broker's Data Model Arithmetic Network Container Other Time none address vector boolean interval port set string count timestamp subnet table integer real

  21. API

  22. Lessons Learned • Functionality : It Just Works • Usability : no native type support, lots of "data wrapping" • Semantics : no support for nonblocking processing

  23. Current API using&namespace&broker; Initialize the Broker library. (Only one broker instance per process allowed.) init(); endpoint&ep{"sender"}; Create a local endpoint. ep.peer("127.0.0.1",&9999); Block until connection status changes. ep.outgoing_connection_status().need_pop(); auto&msg&=&message{ When communicating with Bro, the first &&"my_event", argument must be a string identifying the event &&"Hello&C++&Broker!", name. The remaining values represent the event &&42u arguments. }; Publish the event under topic bro/event . ep.send("bro/event",&msg); Block until connection status changes. ep.outgoing_connection_status().need_pop();

  24. New API using&namespace&broker; A context encapsulates global state for a set of context&ctx; endpoints (e.g., worker threads, scheduler, etc.) auto&ep&=&ctx.spawn<blocking>(); Create a local endpoint with blocking API. ep.peer("127.0.0.1",&9999); auto&v&=&vector{ Create a vector of data. &&"my_event", New semantics: a message is a topic plus data , not a sequence of data. &&"Hello&C++&Broker!", &&42u }; Publish the event under topic bro/event . ep.publish("bro/event",&v);

  25. Blocking vs. Non-Blocking API context&ctx; context&ctx; auto&ep&=&ctx.spawn<blocking>(); auto&ep&=&ctx.spawn<nonblocking>(); ep.subscribe("foo"); //&Called&asynchronously&by&the&runtime. ep.subscribe("bar"); ep.subscribe( &&"foo", //&Block&and&wait. &&[=](const&topic&&t,&const&data&&d)&{ auto&msg&=&ep.receive(); &&&&cout&<<&t&<<&"&Q>&"&<<&d&<<&endl; cout&<<&msg.topic() &&} &&&&&<<&"&Q>&" ); &&&&&<<&msg.data() &&&&&<<&endl; //&As&above,&just&for&a&different&topic. ep.subscribe( //&Equivalent&semantics;&functional&API.& &&"bar", ep.receive( &&[=](const&topic&&t,&const&data&&d)&{ &&[&](const&topic&&t,&const&data&&d)&{ &&&&cout&<<&t&<<&"&Q>&"&<<&d&<<&endl; &&&&scout&<<&t&<<&"&Q>&"&<<&d&<<&endl; &&} &&} ); )

  26. Available backends: Data Store APIs 1. In-memory 2. SQLite 3. RocksDB //&Setup&endpoint&topology. context&ctx; auto&ep0&=&ctx.spawn<blocking>(); auto&ep1&=&ctx.spawn<blocking>(); auto&ep2&=&ctx.spawn<blocking>(); M ep0.peer(ep1); ep0.peer(ep2); //&Attach&stores. auto&m&=&ep0.attach<master,&memory>("lord"); auto&c0&=&ep1.attach<clone>("lord"); auto&c1&=&ep2.attach<clone>("lord"); //&Write&to&the&master&directly. mQ>put("foo",&42); mQ>put("bar",&"baz"); C C //&After&propagation,&query&the&clones. sleep(propagation_delay); auto&v0&=&c0Q>get("key");& auto&v1&=&c1Q>get("key"); assert(v0&&&&v1&&&&*v0&==&*v1);

  27. Data Store APIs // Blocking API. Returns expected<data>. auto v = c->get<blocking>("key"); // Non-blocking API. // Runtime invokes callback. M c->get<nonblocking>("key").then( [=](data& d) { cout << "got it: " << d << endl; }, [=](error& e) { cerr << "uh, this went wrong: " << e << endl; } C C );

  28. Performance

  29. Simple Benchmark • Throughput analysis • Two endpoints: sender & receiver • Message = conn.log entry • System: MacBook Pro • 16 GB RAM • 4 x 2.8 GHz Core i7

  30. Throughput 60K 40% Throughput (msg/sec) 40K 20K 0 new old Version

  31. Outlook

  32. Roadmap to 1.0 function &lookup(key:&string)&:&any;& 1. Finish Python bindings when&(& local &x&=&lookup("key")&)& &&{& && local &result&=&"";& 2. Implement Bro endpoint && switch (&x&)& &&&&{& &&&& case &addr:& 3. Pattern matching in Bro &&&&&& if &(&x&in&10.0.0.0/8&)& &&&&&&&&result&=&"contained";& &&&& case &string:& 4. Flow control &&&&&&result&=&"error:&lookup()&failed:&"&+&x;& &&&&}& &&}

  33. Flow Control

  34. Flow Control Intermediate buffer

  35. Flow Control STILL OVERFLOWING

  36. Flow Control

  37. Flow Control Reject at the boundary

  38. CAF: Messaging Building Block • CAF = C ++ A ctor F ramework • Implementation of the Actor Model • Light-weight, type-safe, scalable • Network transparency

  39. Bro Data Flows Master Events Workers Logs write(2) Packets

  40. Questions? Docs: &https://bro.github.io/broker& Chat: https://gitter.im/bro/broker& Code: https://github.com/bro/broker

Recommend

Who is Broker Direct? Broker Direct is a blend of Underwriting Agency, Wholesale Broker and Third

Who is Broker Direct? Broker Direct is a blend of Underwriting Agency, Wholesale Broker and Third

Who is Broker Direct? Broker Direct is a blend of Underwriting Agency, Wholesale Broker and Third Party Administrator focussed on the UK Personal and Commercial Lines market. The brand was established in 1997 with a unique proposition: a general

234 views • 8 slides
Broker Seminar Oct 17 Agenda Broker Solutions Manufacturer &amp; Wholesaler of Investment

Broker Seminar Oct 17 Agenda Broker Solutions Manufacturer &amp; Wholesaler of Investment

Broker Seminar Oct 17 Agenda Broker Solutions Manufacturer &amp; Wholesaler of Investment Product 100% Broker focused Broker FX A new FX and International Payments Platform MiFID II &amp; the New Consumer Protection

1.07k views • 80 slides
DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2

DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2

Broker &amp; TPA JAD May 23, 2013 DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2 Broker Topics Transaction files Broker XSD Group file 834 Individual initial enrollment with broker

730 views • 25 slides
K.SKOURAS CUSTOMS BROKER (AEOF CERTIFIED AGENT) Brief Company Presentation K.Skouras Customs

K.SKOURAS CUSTOMS BROKER (AEOF CERTIFIED AGENT) Brief Company Presentation K.Skouras Customs

K.SKOURAS CUSTOMS BROKER (AEOF CERTIFIED AGENT) Brief Company Presentation K.Skouras Customs Broker K.SKOURAS Customs Broker Kyriakos Skouras Customs Broker, is one of the leading agencies in the customs brokers industry in Greece, operating

534 views • 12 slides
ASN Broker Public Company Limited Opportunity Day 26 November 2018 ASN Broker Public Company

ASN Broker Public Company Limited Opportunity Day 26 November 2018 ASN Broker Public Company

ASN Broker Public Company Limited ASN Broker Public Company Limited Opportunity Day 26 November 2018 ASN Broker Public Company Limited Agenda Company Overview I Q3 2018 Financial Performance II Q3 2018 Key Developments III 2 ASN Broker Public

542 views • 16 slides
Broker/Navigator Changes 4.1 Washington Healthplanfinder System Re l e as e April 11, 2017 65

Broker/Navigator Changes 4.1 Washington Healthplanfinder System Re l e as e April 11, 2017 65

Washington Health Benefit Exchange Broker/Navigator Changes 4.1 Washington Healthplanfinder System Re l e as e April 11, 2017 65 Broker/Navigator Changes Broker/Navigator Partnership Enhancements Navigators can Terminate Partnership with

512 views • 12 slides
Software Engineering and Architecture Broker IPC over HTTP History In the 1990, there was a

Software Engineering and Architecture Broker IPC over HTTP History In the 1990, there was a

Software Engineering and Architecture Broker IPC over HTTP History In the 1990, there was a lot of hype about building distributed systems in the OO paradigm / Broker based CORBA Version 1 - 1991 Microsoft DCOM About the same

554 views • 22 slides
Mortgage Broker Mortgage Broker 1. Brokers teach you how to buy. Good brokers will guide you

Mortgage Broker Mortgage Broker 1. Brokers teach you how to buy. Good brokers will guide you

8 Powerful Reasons 8 Powerful Reasons You Need A You Need A Mortgage Broker Mortgage Broker 1. Brokers teach you how to buy. Good brokers will guide you through the home buying process, from application, liaising with your solicitor,

674 views • 10 slides
The profitability analysis of the multi-band spectrum broker Marcin PARZY Poznan University of

The profitability analysis of the multi-band spectrum broker Marcin PARZY Poznan University of

The profitability analysis of the multi-band spectrum broker Marcin PARZY Poznan University of Technology Spectrum crunch 2 New licensing scheme DVB-T PMSE DVB-T PMSE BROKER BROKER Trading and auctioning

417 views • 13 slides
ASN Broker Public Company Limited Opportunity Day 11 November 2016 ASN Broker Public Company

ASN Broker Public Company Limited Opportunity Day 11 November 2016 ASN Broker Public Company

ASN Broker Public Company Limited ASN Broker Public Company Limited Opportunity Day 11 November 2016 ASN Broker Public Company Limited Agenda I II III IV 2 ASN Broker Public Company Limited Company Overview 3 Company structure ASN

644 views • 21 slides
SEC Fiduciary Rule Initiative HISTORICAL DISTINCTION BETWEEN ADVISERS AND BROKER-DEALERS In

SEC Fiduciary Rule Initiative HISTORICAL DISTINCTION BETWEEN ADVISERS AND BROKER-DEALERS In

SEC Fiduciary Rule Initiative HISTORICAL DISTINCTION BETWEEN ADVISERS AND BROKER-DEALERS In the aftermath of the Great Depression, the U.S. securities industry was reorganized and regulated based on a fundamental premise that broker-dealers

447 views • 11 slides
Latest Case Law Developments Navigating the Evolving Scope and Breadth of a Broker's Duties and

Latest Case Law Developments Navigating the Evolving Scope and Breadth of a Broker's Duties and

Presenting a live 90-minute webinar with interactive Q&amp;A Insurance Broker Liability to Policyholders for Denied Claims: Latest Case Law Developments Navigating the Evolving Scope and Breadth of a Broker's Duties and Obligations WEDNESDAY,

745 views • 51 slides
Finders and Unregistered Broker-Dealers: Understanding the Risks and Recent Developments Avoiding

Finders and Unregistered Broker-Dealers: Understanding the Risks and Recent Developments Avoiding

Presenting a 90-Minute Encore Presentation of the Webinar with Live, Interactive Q&amp;A Finders and Unregistered Broker-Dealers: Understanding the Risks and Recent Developments Avoiding the Pitfalls of Broker-Dealer Registration Violations,

1.14k views • 58 slides
The USAs Only All -Asia Broker Who We Are Decker is the ONLY Asian emerging and frontier

The USAs Only All -Asia Broker Who We Are Decker is the ONLY Asian emerging and frontier

The USAs Only All -Asia Broker Who We Are Decker is the ONLY Asian emerging and frontier specialist broker in the United States. Launched in 2013 at the request of 5 of the USAs largest emerging market investment funds Decker now

199 views • 18 slides
ASKET Ltd Simon broker@asket.co.uk 00971 528 333 164 0044 782 7012 195 www.asket.co.uk ASKET

ASKET Ltd Simon broker@asket.co.uk 00971 528 333 164 0044 782 7012 195 www.asket.co.uk ASKET

ASKET Ltd Simon broker@asket.co.uk 00971 528 333 164 0044 782 7012 195 www.asket.co.uk ASKET Ltd Worlds leading independent security broker founded in 2013 Fully independent and integrated service working directly for the shipping

334 views • 22 slides
WHOLESALE BROKER TRAINING SUMMARY OF Thank you for choosing to partner up with Nations Direct

WHOLESALE BROKER TRAINING SUMMARY OF Thank you for choosing to partner up with Nations Direct

WHOLESALE BROKER TRAINING SUMMARY OF Thank you for choosing to partner up with Nations Direct Mortgage for your Wholesale Lending needs. We are CONTENTS 100% commited to our Broker partner's success. OUR MAIN - Important Info TOPICS TODAY

474 views • 23 slides
BROKER APPROVAL REQUEST P RE SE NTED BY: Carolyn Shellman Chief Legal &amp; Administrative

BROKER APPROVAL REQUEST P RE SE NTED BY: Carolyn Shellman Chief Legal &amp; Administrative

BROKER APPROVAL REQUEST P RE SE NTED BY: Carolyn Shellman Chief Legal &amp; Administrative Officer (CLAO) September 24, 2018 Approv al Requested AGENDA CONTEXT INCLUDED CAMPUSES REQUEST FOR APPROVAL NEXT STEPS 2 BROKER

884 views • 7 slides
Broker of Record Discussion EAIC Meeting June 13, 2013 A service of Maryland Health Benefit

Broker of Record Discussion EAIC Meeting June 13, 2013 A service of Maryland Health Benefit

Broker of Record Discussion EAIC Meeting June 13, 2013 A service of Maryland Health Benefit Exchange Individual Exchange Broker of Record change - only during open enrollment or at a special enrollment time 2 SHOP Broker of Record Change

444 views • 5 slides
Facilitating Informed Consumer Health Plan Choices: Web- Broker/Technology Companies Peter

Facilitating Informed Consumer Health Plan Choices: Web- Broker/Technology Companies Peter

Facilitating Informed Consumer Health Plan Choices: Web- Broker/Technology Companies Peter Nakahata Principal, PTN Consulting Group, LLC Background on Web-Broker Channel Web-based health insurance brokers operate private online health

231 views • 11 slides
Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition from IPv4 to IPv6 Typical Tunnel Broker Tunnel Broker Utilizing IPv4 Anycast From IPv4 to IPv6 IPv6 = Internet Protocol Version 6

722 views • 14 slides
Data Plane Broker Integration, Configuration &amp; Implementation. Paul McCherry Data Plane

Data Plane Broker Integration, Configuration &amp; Implementation. Paul McCherry Data Plane

Data Plane Broker Integration, Configuration &amp; Implementation. Paul McCherry Data Plane Broker Integration OSM Creation: Connection Points, Bandwidth Deletion: Service_Id DPB WIM Connector Modify: In development, Service_Id

241 views • 20 slides
WHO WE ARE Direct &amp; Reinsurance Broker and Risk Management Company with over 21 years of

WHO WE ARE Direct &amp; Reinsurance Broker and Risk Management Company with over 21 years of

WHO WE ARE 21+ years of experience Serving 10,000+ satisfied clients 325+ highly experienced and professional team C lient R etention - 97%+ P resence in 10+ cities H andling INR 800 Crs+ Premium WHO WE ARE Direct &amp; Reinsurance Broker and Risk

774 views • 32 slides
On the Impact of Clustering for IoT Analytics and Message Broker Placement across Cloud and Edge

On the Impact of Clustering for IoT Analytics and Message Broker Placement across Cloud and Edge

On the Impact of Clustering for IoT Analytics and Message Broker Placement across Cloud and Edge Daniel Happ (TU Berlin, happ@tkn.tu-berlin.de) Suzan Bayhan (University of Twente) EdgeSys 2020 April 27, 2020 IoT Analytics and Message Broker

372 views • 15 slides
Warren Hutcheon Ansvar Overview TODAYS FORMAT PART 1 BROKER FORUM Risk Management II for

Warren Hutcheon Ansvar Overview TODAYS FORMAT PART 1 BROKER FORUM Risk Management II for

Warren Hutcheon Ansvar Overview TODAYS FORMAT PART 1 BROKER FORUM Risk Management II for NFP Boards CEP Grant Recipient presentation Morning tea PART 2 PRODUCT LAUNCH Management Liability Lunch PART 1. BROKER FORUM 1.

496 views • 47 slides

More recommend