This is an old revision of the document!
Process Coloring
Process coloring is a work designed to leverage OS level information flows for intrusion detection. This webpage is here to provide a place to consolidate some of the documents put together thus far. In the near future this will hopefully expand into a full fledged project page.
Publications
Documentation
Handout – A handout summarizing the process coloring technique.
Presentations
DTO Kickoff Presentation – The powerpoint slides corresponding to the 5 minutes introduction presention given at the DTO kickoff meeting.
Site Visit Presentation – A longer presentation discussing the process coloring work and the administrative details of the project and its funding.
GMU Subcontract – A brief presentation discussing the GMU subcontract as well as the evaluation facility of process coloring.
-
-
-
-
-
-
Demos
A preliminary demo – A demo of the process coloring prototype. While still under development, the current prototype (based on Xen) is able to perform the following:
OS-level color diffusion, external (relative to the VM) logging and processing, and reconstruction of malware contamination steps.
Sinkfile demo – A demo of the client side process coloring prototype. We show insulation as well as an attack. Requires the XVID codec to view. (Or,
VLC.) This demo corresponds to the April PI meeting presentation.
Email file stealing demo – A demo showing the alerts being generated when a sensitive file is about to emailed out of the system. Requires the XVID codec to view. (Or,
VLC.) This demo corresponds to the September PI meeting presentation.
Software
A preliminary release of the server side process coloring code is available upon request. Email us!
Current People
Past People