This is an old revision of the document!
Process Coloring
Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.
Publications
“Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach.” Xuxian Jiang, Florian Buchholz, AAron Walters, Dongyan Xu, Yi-Min Wang, and Eugene H. Spafford. To appear in IEEE Transactions on Parallel and Distributed Systems, 2007.
“Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach.” Xuxian Jiang, AAron Walters, Florian Buchholz, Dongyan Xu, Yi-Min Wang, Eugene H. Spafford. Proceedings of
IEEE International Conference on Distributed Computing Systems (
ICDCS 2006), Lisboa, Portugal, July 2006.
Documentation
Handout – A handout summarizing the process coloring technique.
DTO Kickoff Presentation – The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting.
Site Visit Presentation – A longer presentation discussing the process coloring work and the administrative details of the project and its funding.
GMU Subcontract – A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring.
-
Demo
A preliminary demo – A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.
Software
At this time a software release is not available. It should be in the near future, however.
People