Asynchronous Policy Evaluation and Enforcement

Burnside, Matthew Spindel; Keromytis, Angelos D.

Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network.



Also Published In

Proceedings of the 2nd ACM Workshop on Computer Security Architectures: 2008, Alexandria, Virginia, USA, October 31-31, 2008

More About This Work

Academic Units
Computer Science
Published Here
July 11, 2012