2008 Articles
Asynchronous Policy Evaluation and Enforcement
Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network.
Subjects
Files
- arachne-overview.pdf application/pdf 84.4 KB Download File
Also Published In
- Title
- Proceedings of the 2nd ACM Workshop on Computer Security Architectures: 2008, Alexandria, Virginia, USA, October 31-31, 2008
- Publisher
- ACM
- DOI
- https://doi.org/10.1145/1456508.1456517
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 11, 2012