Academic Commons


Asynchronous Policy Evaluation and Enforcement

Burnside, Matthew Spindel; Keromytis, Angelos D.

Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network.



Also Published In

Proceedings of the 2nd ACM Workshop on Computer Security Architectures: 2008, Alexandria, Virginia, USA, October 31-31, 2008

More About This Work

Academic Units
Computer Science
Published Here
July 11, 2012
Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.