Augmenting Network Flows with User Interface Context to Inform Access Control Decisions
ÖffentlichHerunterladbarer Inhalt
open in viewerWhitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic.<br /> Organizations employing a default-deny approach can stop many malicious threats, even including zero-day attacks, because it only allows explicitly stated legitimate activities. <br /> However, creating a comprehensive whitelist for a default-deny approach is difficult due to user-supplied destinations that can only be known at the time of usage.<br /> Whitelists, therefore, interfere with user experience by denying network traffic to user-supplied legitimate destinations.<br /> In this thesis, we focus on creating dynamic whitelists that are capable of allowing user-supplied network activity.<br /> We designed and built a system called Harbinger, which leverages user interface activity to provide contextual information in which network activity took place.<br /> We built Harbinger for Microsoft Windows operating systems and have tested its usability and effectiveness on four popular Microsoft applications.<br /> We find that Harbinger can reduce false positives-positive detection rates from 44%-54% to 0%-0.4% in IP and DNS whitelists. Furthermore, while traditional whitelists failed to detect propagation attacks, Harbinger detected the same attacks 96% of the time. We find that our system only introduced six milliseconds of delay or less for 96% of network activity.<br />
- Creator
- Mitwirkende
- Degree
- Unit
- Publisher
- Identifier
- etd-3101
- Stichwort
- Advisor
- Defense date
- Year
- 2019
- Date created
- 2019-12-12
- Resource type
- Rights statement
- Zuletzt geändert
- 2023-12-05
Beziehungen
- In Collection:
Objekte
Artikel
Miniaturansicht | Titel | Sichtbarkeit | Embargo Release Date | Aktionen |
---|---|---|---|---|
Zorigtbaatar_s_MS_Thesis.pdf | Öffentlich | Herunterladen |
Permanent link to this page: https://digital.wpi.edu/show/fx719p46g