User Tools

Site Tools


process_coloring

This is an old revision of the document!


Process Coloring

Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.

Publications

  • “Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach.” Xuxian Jiang, Florian Buchholz, AAron Walters, Dongyan Xu, Yi-Min Wang, and Eugene H. Spafford. To appear in IEEE Transactions on Parallel and Distributed Systems, 2007.
  • “Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach.” Xuxian Jiang, AAron Walters, Florian Buchholz, Dongyan Xu, Yi-Min Wang, Eugene H. Spafford. Proceedings of IEEE International Conference on Distributed Computing Systems (ICDCS 2006), Lisboa, Portugal, July 2006.

Documentation

  • Handout – A handout summarizing the process coloring technique.
  • DTO Kickoff Presentation – The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting.
  • Site Visit Presentation – A longer presentation discussing the process coloring work and the administrative details of the project and its funding.
  • GMU Subcontract – A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring.
  • September PI Meeting Presentation – A technical overview of the process coloring system and report of current progress.

Demo

A preliminary demo – A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.

Software

At this time a software release is not available. It should be in the near future, however.

People

process_coloring.1193763748.txt.gz · Last modified: 2007/10/30 13:02 by ryan