Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.
– A handout summarizing the process coloring technique.
A preliminary demo
– A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS
-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.
– A demo of the client side process coloring prototype. We show insulation as well as an attack. Requires the XVID codec to view. (Or, VLC
.) This demo corresponds to the April PI meeting presentation.
Email file stealing demo
– A demo showing the alerts being generated when a sensitive file is about to emailed out of the system. Requires the XVID codec to view. (Or, VLC
.) This demo corresponds to the September PI meeting presentation.
A preliminary release of the server side process coloring code is available upon request. Email us!