SUCCESS Lab

SUCCESS Lab

How to write FRESCO application

We provide script language to help users to compose security service/application in FRESCO. Each script file ends with “.fre”. Here is the tutorial about how to write FRESCO applications.

SCRIPT LANGUAGE

We provide script language to help users to compose security service/application according to their demands. The script language is written in attribute-value pairs in JSON format (e.g., “name” : “reflector_net”).

APPLICATION ATTRIBUTES

for each application, we require users to specify several attributions including:
1. name : the name of the application
2. description : the description of the application
3. moduleNum: the number of modules in the application
4. modules: a list of module descriptions in the application
Note that, it is a simple attribute-value pair for the attribute 1-3, but for modules, we need the user to specify the description of each module to be used in the application.

MODULE ATTRIBUTES

for each module, we require users to specify its description including:
1. id : the application-scope unique identify of the module (normally use number 1,2,3..etc)
2. type: the name of the module as shown in (module list)
3. event: the trigger event of the module (see Module Trigger Event for more information)
4. parameter: the initialization parameters for the module if applicable
5. inputs: the input parameters for the module from previous modules (see Module Input Parameters for more information)

Module Trigger Event

Currently, we support several trigger events for modules to enforce their policies including:
1. INCOMMING_FLOW : the subscribed module is triggered when new flow comes to FRESCO.
2. TCP : the subscribed module is triggered when TCP traffic comes to FRESCO.
3. TCP_CONNECTION_FAIL: the subscribed module is triggered when FRESCO detects TCP connection failure.
4. TCP_CONNECTION_SUCCESS: the subscribed module is triggered when FRESCO detects TCP connection succeed.

Module Input Parameters

Module Input Parameter is used to descripe the data-flow depedency between modules. In detail, the input parameter is in form of “input_number:module_id:module_output_number”. For example, “1:2:3” means the first input of the module is from the 3rd output of the module “2”. If one module needs more than one inputs, it can use comma(,) to sparate them like [“1:2:3”, “2:1:2”]

APPLICATION EXAMPLE

The below code snippet is an example FRESCO script to enforce a simple firewall application. There are three modules in the application: the first module is triggered by new coming flow (i.e., “INCOMMING_FLOW”) and output the source IP address of the incoming flow as output; the second module is to check if its input1 (from the output1 of the module “1” as specified in “inputs” : [“1:1:1”]) matches the user specified parameter “10.0.0.1”; the third module is to drop the incoming flow if its input1 (from the output1 of module “2”) is true.

{ “name” : “Simple Firewall”,
“description” : “block traffic sent from malicious host with IP address”,
“moduleNum” : “3”,
“modules” :
[{ “id” : “1”,
“type” : “FM_flow_sourceIP”,
“event” : “INCOMMING_FLOW”,
“parameters” : [],
“inputs” : [] },
{ “id” : “2”,
“type” : “FM_match_ip”,
“event” : “PUSH”,
“parameters” : [“10.0.0.1”],
“inputs” : [“1:1:1”]},
{ “id” : “3”,
“type” : “FM_drop_flow”,
“event” : “PUSH”,
“parameters” : [],
“inputs” : [“1:2:1”]}] }