CASTELLAN:
Managing Distributed Intrusion Detection
Many organizations use intrusion detection systems (IDSs) to protect themselves against threats such as viruses and attacks. We are developing new self-securing devices (e.g., self-securing storage and NIC-based firewalls), to provide increased security by creating separate, smaller security domains. However, this distribution of security raises significant administrative challenges.
In this project, we are developing Castellan, a software tool for managing distributed intrusion detection systems. Castellan will support network administrators in:
- Configuration - Setting appropriate policies on different self-securing devices.
- Detection - Notification of security alerts.
- Diagnosis - Investigating alerts to determine what action to take (if any).
- Recovery - Using the logging and other enhanced features of self-securing devices to recover from intrusions.
We are currently in the design stages of Castellan and are talking
with network administrators about their needs for managing distributed
intrusion detection. A sketch of the Castellan interface
follows.
People
FACULTY
STUDENTS
Ernest Chan
Acknowledgements
We thank the members and companies of the PDL Consortium: Amazon, Datadog, Google, Honda, Intel Corporation, IBM, Jane Street, Meta, Microsoft Research, Oracle Corporation, Pure Storage, Salesforce, Samsung Semiconductor Inc., Two Sigma, and Western Digital for their interest, insights, feedback, and support.