Biblio
Filters: Author is DeRidder, Mitch [Clear All Filters]
.
2017. Using VisorFlow to Control Information Flow Without Modifying the Operating System Kernel or Its Userspace. Proceedings of the 2017 International Workshop on Managing Insider Security Threats. :13–24.
VisorFlow aims to monitor the flow of information between processes without requiring modifications to the operating system kernel or its userspace. VisorFlow runs in a privileged Xen domain and monitors the system calls executing in other domains running either Linux or Windows. VisorFlow uses its observations to prevent confidential information from leaving a local network. We describe the design and implementation of VisorFlow, describe how we used VisorFlow to confine na\"ıve users and malicious insiders during the 2017 Cyber-Defense Exercise, and provide performance measurements. We have released VisorFlow and its companion library, libguestrace, as open-source software.