====== Process Coloring ======
Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.

===== Publications =====
  * [[http://friends.cs.purdue.edu/pubs/TPDS_process_coloring.pdf|"Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach."]]  Xuxian Jiang, Florian Buchholz, AAron Walters, Dongyan Xu, Yi-Min Wang, and Eugene H. Spafford.  IEEE Transactions on Parallel and Distributed Systems, 19(7), 2008.

  * [[http://friends.cs.purdue.edu/pubs/ICDCS06.pdf|"Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach."]]  Xuxian Jiang, AAron Walters, Florian Buchholz, Dongyan Xu, Yi-Min Wang, Eugene H. Spafford.  Proceedings of //IEEE International Conference on Distributed Computing Systems// ([[http://icdcs2006.di.fc.ul.pt/|ICDCS 2006]]), Lisboa, Portugal, July 2006.

===== Documentation =====
  * [[http://friends.cs.purdue.edu/projects/pc/files/DTO-handout.pdf|Handout]] -- A handout summarizing the process coloring technique.

===== Presentations =====
  * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Kickoff_030707.ppt|DTO Kickoff Presentation]] -- The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting.
  * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Site_071907.ppt|Site Visit Presentation]] -- A longer presentation discussing the process coloring work and the administrative details of the project and its funding.
  * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Site_071907_GMU.ppt|GMU Subcontract]] -- A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring.
  * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Purdue_091907.ppt|September PI Meeting Presentation]] -- A technical overview of the process coloring system and report of current progress. 
  * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_012508.ppt|January Reverse Site Visit Presentation]] -- An update of our progress over the last few quarters. Also contains the new client side problems we're approaching as of the presentation.
  * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_0409.ppt|April PI Meeting Presentation]] -- A technical overview of the process coloring system and report of current progress.
  * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_0725.ppt|July Site Visit Presentation]] -- A report of current progress including an introduction to the initial design of integration with DDFA.
  * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_0923.ppt|September PI Meeting Presentation - Purdue]] -- A report of current progress including initial performance results.
  * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Colab_0923.ppt|September PI Meeting Presentation - Collaboration]] -- A report of current progress on the collaborative effort with Southwest Research Institute and the University of Texas.

===== Demos =====
  * [[http://friends.cs.purdue.edu/projects/pc/pc-demo.html|A preliminary demo]] -- A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.
  * [[http://friends.cs.purdue.edu/projects/pc/files/sinkfile.avi|Sinkfile demo]] -- A demo of the client side process coloring prototype. We show insulation as well as an attack. Requires the XVID codec to view. (Or, [[http://www.videolan.org/vlc/|VLC]].)  This demo corresponds to the April PI meeting presentation.
  * [[http://friends.cs.purdue.edu/projects/pc/files/email.avi|Email file stealing demo]] -- A demo showing the alerts being generated when a sensitive file is about to emailed out of the system. Requires the XVID codec to view. (Or, [[http://www.videolan.org/vlc/|VLC]].)  This demo corresponds to the September PI meeting presentation.

===== Software =====
A preliminary release of the server side process coloring code is available upon request.  Email us!

===== Current People =====
  * [[http://www.cs.purdue.edu/homes/dxu/|Dongyan Xu]]
  * [[http://www.ise.gmu.edu/~xjiang/|Xuxian Jiang]]
  * [[http://spaf.cerias.purdue.edu/|Eugene Spafford]]
  * [[http://www.cs.purdue.edu/homes/rileyrd/|Ryan Riley]]
  * [[http://www.cs.purdue.edu/homes/dmstanle/|Dannie Stanley]]

===== Past People =====
  * [[http://users.cs.jmu.edu/buchhofp/|Florian Buchholz]]
  * [[http://www.4tphi.net/~awalters/|AAron Walters]]
  * [[http://research.microsoft.com/~ymwang/|Yi-Min Wang]]