CASTELLAN:
    Managing Distributed Intrusion Detection

    [ Summary | People ]
    Related Projects:
    [ Self-Securing Devices | Self-Securing Storage | NIC-based Firewalls ]


    Many organizations use intrusion detection systems (IDSs) to protect themselves against threats such as viruses and attacks. We are developing new self-securing devices (e.g., self-securing storage and NIC-based firewalls), to provide increased security by creating separate, smaller security domains. However, this distribution of security raises significant administrative challenges.

    In this project, we are developing Castellan, a software tool for managing distributed intrusion detection systems. Castellan will support network administrators in:

    • Configuration - Setting appropriate policies on different self-securing devices.
    • Detection - Notification of security alerts.
    • Diagnosis - Investigating alerts to determine what action to take (if any).
    • Recovery - Using the logging and other enhanced features of self-securing devices to recover from intrusions.

    We are currently in the design stages of Castellan and are talking with network administrators about their needs for managing distributed intrusion detection. A sketch of the Castellan interface follows.

    People

      FACULTY
      • Greg Ganger

      STUDENTS
      • Ernest Chan

    Acknowledgements

    We thank the members and companies of the PDL Consortium: American Power Conversion, Cisco Systems, EMC, Google, Hewlett-Packard Labs, Hitachi, IBM, Intel, LSI, Network Appliance, Oracle, Panasas, Seagate Technology, and Symantec for their interest, insights, feedback, and support.


    PDL Home Abacus Top

    © 2008.
    Last updated 21 September, 2005