Process Coloring

Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.

Publications

Documentation

  • Handout – A handout summarizing the process coloring technique.

Presentations

Demos

  • A preliminary demo – A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.
  • Sinkfile demo – A demo of the client side process coloring prototype. We show insulation as well as an attack. Requires the XVID codec to view. (Or, VLC.) This demo corresponds to the April PI meeting presentation.
  • Email file stealing demo – A demo showing the alerts being generated when a sensitive file is about to emailed out of the system. Requires the XVID codec to view. (Or, VLC.) This demo corresponds to the September PI meeting presentation.

Software

A preliminary release of the server side process coloring code is available upon request. Email us!

Current People

Past People

 
process_coloring.txt · Last modified: 2009/12/17 16:02 by dxu
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki