Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.

• “Tracing Worm Break-in and Contaminations via Process Coloring: A Provenance-Preserving Approach.” Xuxian Jiang, Florian Buchholz, AAron Walters, Dongyan Xu, Yi-Min Wang, and Eugene H. Spafford. To appear in IEEE Transactions on Parallel and Distributed Systems, 2007.

• "Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach.“ Xuxian Jiang, AAron Walters, Florian Buchholz, Dongyan Xu, Yi-Min Wang, Eugene H. Spafford. Proceedings of IEEE International Conference on Distributed Computing Systems (ICDCS 2006), Lisboa, Portugal, July 2006.

• Handout – A handout summarizing the process coloring technique.

• DTO Kickoff Presentation – The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting.
• Site Visit Presentation – A longer presentation discussing the process coloring work and the administrative details of the project and its funding.
• GMU Subcontract – A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring.
• September PI Meeting Presentation – A technical overview of the process coloring system and report of current progress.
• January Reverse Site Visit Presentation – An update of our progress over the last few quarters. Also contains the new client side problems we're approaching as of the presentation.
• April PI Meeting Presentation – A technical overview of the process coloring system and report of current progress.
• July Site Visit Presentation – A report of current progress including an introduction to the initial design of integration with DDFA.
• September PI Meeting Presentation - Purdue – A report of current progress including initial performance results.
• September PI Meeting Presentation - Collaboration – A report of current progress on the collaborative effort with Southwest Research Institute and the University of Texas.

• A preliminary demo – A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following: OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.
• Sinkfile demo – A demo of the client side process coloring prototype. We show insulation as well as an attack. Requires the XVID codec to view. (Or, VLC.) This demo corresponds to the April PI meeting presentation.

A preliminary release of the server side process coloring code is available upon request. Email us!

• Dongyan Xu
• Xuxian Jiang
• Eugene Spafford
• Ryan Riley

• Florian Buchholz
• AAron Walters
• Yi-Min Wang