User Tools

Site Tools


process_coloring

This is an old revision of the document!


Process Coloring

Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.

Publications

  • “Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach.” Xuxian Jiang, Florian Buchholz, AAron Walters, Dongyan Xu, Yi-Min Wang, and Eugene H. Spafford. To appear in IEEE Transactions on Parallel and Distributed Systems, 2007.

Documentation

  • Handout – A handout summarizing the process coloring technique.

Presentations

  • DTO Kickoff Presentation – The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting.
  • Site Visit Presentation – A longer presentation discussing the process coloring work and the administrative details of the project and its funding.
  • GMU Subcontract – A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring.
  • September PI Meeting Presentation – A technical overview of the process coloring system and report of current progress.
  • January Reverse Site Visit Presentation – An update of our progress over the last few quarters. Also contains the new client side problems we're approaching as of the presentation.
  • April PI Meeting Presentation – A technical overview of the process coloring system and report of current progress.

Demos

  • A preliminary demo – A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.
  • Sinkfile demo – A demo of the client side process coloring prototype. We show insulation as well as an attack. Requires the XVID codec to view. (Or, VLC.) This demo corresponds to the April PI meeting presentation.

Software

A preliminary release of the server side process coloring code is available upon request. Email us!

Current People

Past People

process_coloring.1207847971.txt.gz · Last modified: 2008/04/10 13:19 (external edit)