This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
process_coloring [2007/10/30 13:10] ryan |
process_coloring [2009/12/17 16:01] dxu |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Publications ===== | ===== Publications ===== | ||
- | * "Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach." Xuxian Jiang, Florian Buchholz, AAron Walters, Dongyan Xu, Yi-Min Wang, and Eugene H. Spafford. To appear in //IEEE Transactions on Parallel and Distributed Systems//, 2007. | + | * [[http://friends.cs.purdue.edu/pubs/TPDS_process_coloring.pdf|"Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach."]] Xuxian Jiang, Florian Buchholz, AAron Walters, Dongyan Xu, Yi-Min Wang, and Eugene H. Spafford. IEEE Transactions on Parallel and Distributed Systems, 19(7), 2008. |
- | * [[http://cairo.cs.purdue.edu/pubs/ICDCS06.pdf|"Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach]]." Xuxian Jiang, AAron Walters, Florian Buchholz, Dongyan Xu, Yi-Min Wang, Eugene H. Spafford. Proceedings of //IEEE International Conference on Distributed Computing Systems// ([[http://icdcs2006.di.fc.ul.pt/|ICDCS 2006]]), Lisboa, Portugal, July 2006. | + | * [[http://friends.cs.purdue.edu/pubs/ICDCS06.pdf|"Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach."]] Xuxian Jiang, AAron Walters, Florian Buchholz, Dongyan Xu, Yi-Min Wang, Eugene H. Spafford. Proceedings of //IEEE International Conference on Distributed Computing Systems// ([[http://icdcs2006.di.fc.ul.pt/|ICDCS 2006]]), Lisboa, Portugal, July 2006. |
===== Documentation ===== | ===== Documentation ===== | ||
- | * [[http://cairo.cs.purdue.edu/projects/pc/files/DTO-handout.pdf|Handout]] -- A handout summarizing the process coloring technique. | + | * [[http://friends.cs.purdue.edu/projects/pc/files/DTO-handout.pdf|Handout]] -- A handout summarizing the process coloring technique. |
- | * [[http://cairo.cs.purdue.edu/projects/pc/files/DTO_Kickoff_030707.ppt|DTO Kickoff Presentation]] -- The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting. | + | |
- | * [[http://cairo.cs.purdue.edu/projects/pc/files/DTO_Site_071907.ppt|Site Visit Presentation]] -- A longer presentation discussing the process coloring work and the administrative details of the project and its funding. | + | |
- | * [[http://cairo.cs.purdue.edu/projects/pc/files/DTO_Site_071907_GMU.ppt|GMU Subcontract]] -- A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring. | + | |
- | * [[http://cairo.cs.purdue.edu/projects/pc/files/DTO_Purdue_091907.ppt|September PI Meeting Presentation]] -- A technical overview of the process coloring system and report of current progress. | + | |
- | ===== Demo ===== | + | ===== Presentations ===== |
- | [[http://cairo.cs.purdue.edu/projects/pc/pc-demo.html|A preliminary demo]] -- A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps. | + | * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Kickoff_030707.ppt|DTO Kickoff Presentation]] -- The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting. |
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Site_071907.ppt|Site Visit Presentation]] -- A longer presentation discussing the process coloring work and the administrative details of the project and its funding. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Site_071907_GMU.ppt|GMU Subcontract]] -- A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/DTO_Purdue_091907.ppt|September PI Meeting Presentation]] -- A technical overview of the process coloring system and report of current progress. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_012508.ppt|January Reverse Site Visit Presentation]] -- An update of our progress over the last few quarters. Also contains the new client side problems we're approaching as of the presentation. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_0409.ppt|April PI Meeting Presentation]] -- A technical overview of the process coloring system and report of current progress. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_0725.ppt|July Site Visit Presentation]] -- A report of current progress including an introduction to the initial design of integration with DDFA. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Purdue_0923.ppt|September PI Meeting Presentation - Purdue]] -- A report of current progress including initial performance results. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/NICIAR_Colab_0923.ppt|September PI Meeting Presentation - Collaboration]] -- A report of current progress on the collaborative effort with Southwest Research Institute and the University of Texas. | ||
+ | |||
+ | ===== Demos ===== | ||
+ | * [[http://cairo.cs.purdue.edu/projects/pc/pc-demo.html|A preliminary demo]] -- A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/sinkfile.avi|Sinkfile demo]] -- A demo of the client side process coloring prototype. We show insulation as well as an attack. Requires the XVID codec to view. (Or, [[http://www.videolan.org/vlc/|VLC]].) This demo corresponds to the April PI meeting presentation. | ||
+ | * [[http://friends.cs.purdue.edu/projects/pc/files/email.avi|Email file stealing demo]] -- A demo showing the alerts being generated when a sensitive file is about to emailed out of the system. Requires the XVID codec to view. (Or, [[http://www.videolan.org/vlc/|VLC]].) This demo corresponds to the September PI meeting presentation. | ||
===== Software ===== | ===== Software ===== | ||
- | At this time a software release is not available. It should be in the near future, however. | + | A preliminary release of the server side process coloring code is available upon request. Email us! |
- | ===== People ===== | + | ===== Current People ===== |
- | * [[http://www.cs.purdue.edu/homes/rileyrd/|Ryan Riley]] | + | |
- | * [[http://www.ise.gmu.edu/~xjiang/|Xuxian Jiang]] | + | |
* [[http://www.cs.purdue.edu/homes/dxu/|Dongyan Xu]] | * [[http://www.cs.purdue.edu/homes/dxu/|Dongyan Xu]] | ||
+ | * [[http://www.ise.gmu.edu/~xjiang/|Xuxian Jiang]] | ||
+ | * [[http://spaf.cerias.purdue.edu/|Eugene Spafford]] | ||
+ | * [[http://www.cs.purdue.edu/homes/rileyrd/|Ryan Riley]] | ||
+ | * [[http://www.cs.purdue.edu/homes/dmstanle/|Dannie Stanley]] | ||
+ | |||
+ | ===== Past People ===== | ||
* [[http://users.cs.jmu.edu/buchhofp/|Florian Buchholz]] | * [[http://users.cs.jmu.edu/buchhofp/|Florian Buchholz]] | ||
* [[http://www.4tphi.net/~awalters/|AAron Walters]] | * [[http://www.4tphi.net/~awalters/|AAron Walters]] | ||
* [[http://research.microsoft.com/~ymwang/|Yi-Min Wang]] | * [[http://research.microsoft.com/~ymwang/|Yi-Min Wang]] | ||