Augmenting Network Flows with User Interface Context to Inform Access Control Decisions
PúblicoConteúdo disponível para baixar
open in viewerWhitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic.<br /> Organizations employing a default-deny approach can stop many malicious threats, even including zero-day attacks, because it only allows explicitly stated legitimate activities. <br /> However, creating a comprehensive whitelist for a default-deny approach is difficult due to user-supplied destinations that can only be known at the time of usage.<br /> Whitelists, therefore, interfere with user experience by denying network traffic to user-supplied legitimate destinations.<br /> In this thesis, we focus on creating dynamic whitelists that are capable of allowing user-supplied network activity.<br /> We designed and built a system called Harbinger, which leverages user interface activity to provide contextual information in which network activity took place.<br /> We built Harbinger for Microsoft Windows operating systems and have tested its usability and effectiveness on four popular Microsoft applications.<br /> We find that Harbinger can reduce false positives-positive detection rates from 44%-54% to 0%-0.4% in IP and DNS whitelists. Furthermore, while traditional whitelists failed to detect propagation attacks, Harbinger detected the same attacks 96% of the time. We find that our system only introduced six milliseconds of delay or less for 96% of network activity.<br />
- Creator
- Colaboradores
- Degree
- Unit
- Publisher
- Identifier
- etd-3101
- Palavra-chave
- Advisor
- Defense date
- Year
- 2019
- Date created
- 2019-12-12
- Resource type
- Rights statement
- Última modificação
- 2023-12-05
Relações
- Em Collection:
Itens
Itens
Miniatura | Título | Acesso | Embargo Release Date | Ações |
---|---|---|---|---|
Zorigtbaatar_s_MS_Thesis.pdf | Público | Baixar |
Permanent link to this page: https://digital.wpi.edu/show/fx719p46g