Organizations need to protect their computer systems from attackers. They often group their own computers into risk pools to reduce threat propagation and monitor the communication between these groups. Unfortunately, this boundary monitoring is unable to see traffic within groups and, since each monitor is segmented, they cannot form a holistic picture of the entire network. Finally, modern approaches must examine network traffic in isolation, without the ability to know what action on the originating computer caused it.
This project addresses these limitations in network control and understanding by creating a centralized access control system for all network traffic. With monitoring software on each computer, the access controller learns about the originating host's operating context and the application that initiated the network traffic. This empowers the access controller to make informed decisions.
To achieve these goals, the project investigates three directions: 1) it monitors computer requests to translate human-readable host names into computer-routable addresses, 2) it forces all traffic, even within a risk pool, to receive approval from a router and access controller, and 3) it instruments each computer with software that monitors each application's network traffic and interactions with the human operator to provide a context to the access controller.
This project will increase the security of computer systems and networks, which will have a direct impact on government, military, educational, and industrial organizations. The project will improve educational experiments at both the graduate and undergraduate levels while also supporting extracurricular educational activities, such as cyber security competitions.
