Asynchronous policy evaluation and enforcement

13 years 4 months ago
Asynchronous policy evaluation and enforcement
Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection--access controls, information flow controls General Terms Management, Security Keywords Pol...
Matthew Burnside, Angelos D. Keromytis
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Matthew Burnside, Angelos D. Keromytis
Comments (0)