Security Research Proposal

Peter Cheung(mcheung63@hotmail.com)

Security Trend

Security

Product

Hardware(firewall)

Software(antivirus, software firewall

Service

AD Consultant 7x24

Hardware

• Why we are not qualify– we don’t have network OS– We don’t have network CPU (firewall, switch,

router)• Investment cycle is very long– Juniper Network OS take over 15 years– CPU need thousands of researchers

Software (firewall)• First generation: packet filters

– If a packet matches the packet filter's set of rules, the packet filter will drop (silently discard) the packet, or reject it (discard it, and send "error responses" to the source)

• Second generation: "stateful" filters– Second-generation firewalls perform the work of their first-generation

predecessors but operate up to layer 4

• Third generation: application layer– Our opportunity

• Forth generation: cloud firewall– VM Migration, distributed firewall

Why software firewall

• No need huge investment cost– No need to research anything in hardware– Saving time

• Software expertise is easier to find than hardware security expertise

• Great security company must has their own security product

Market information

What is firewallhttp://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg

Application Firewall

• 4 major architectures– Java– .net– Php– Other (ROR, perl, etc)

Application Firewall

Java is No 1.C# is No 2.

Java web server

• Type:– Tomcat– Websphere– Weblogic– Jboss

• Opensource or close source?

How to find our first customer

• Type:– Gov– Big corp– Public tender

• I know some– Oracle director– JOS director– Microsoft director

How many people we need

• Architecture – consolidate the whole design• Programmer – Do actual coding• Design – We do need some graphic design• Sales – We need him to help us to find the first

test-case user

We we can give to company?

• A workable software firewall• A way to sales• A way to do firewall monitoring and

consultanting business

How to form team• This is a research, not just a project• This is a product, not just a project• We need to have heart• Tradition waterfall dev model will not work

How to form team

BOD

GOAL

Team leader

(not pm)

Assign job

Core member

If we fail, what should company do?

Just fire me