PARALLEL DATA LAB

CASTELLAN:

Managing Distributed Intrusion Detection

Many organizations use intrusion detection systems (IDSs) to protect themselves against threats such as viruses and attacks. We are developing new self-securing devices (e.g., self-securing storage and NIC-based firewalls), to provide increased security by creating separate, smaller security domains. However, this distribution of security raises significant administrative challenges.

In this project, we are developing Castellan, a software tool for managing distributed intrusion detection systems. Castellan will support network administrators in:

  • Configuration - Setting appropriate policies on different self-securing devices.
  • Detection - Notification of security alerts.
  • Diagnosis - Investigating alerts to determine what action to take (if any).
  • Recovery - Using the logging and other enhanced features of self-securing devices to recover from intrusions.

We are currently in the design stages of Castellan and are talking with network administrators about their needs for managing distributed intrusion detection. A sketch of the Castellan interface follows.




People

FACULTY

Greg Ganger

STUDENTS

Ernest Chan

Acknowledgements

We thank the members and companies of the PDL Consortium: Amazon, Bloomberg, Datadog, Google, Honda, Intel Corporation, IBM, Jane Street, Meta, Microsoft Research, Oracle Corporation, Pure Storage, Salesforce, Samsung Semiconductor Inc., Two Sigma, and Western Digital for their interest, insights, feedback, and support.