![[ IBM Research ]](/research/newmast/projectmasts/masthead10.GIF)
BlueBox: A Policy-Driven Host-Based Intrusion Avoidance System
BlueBox is an intrusion prevention system which creates an
infrastructure for defining and enforcing very fine grained process
capabilities in the kernel. Process capabilities are specified as a
set of rules (policies) for regulating access to system resources on a
per executable basis. The language for expressing the rules is
intuitive and sufficiently expressive to effectively capture security
boundaries. We have designed the system to be very fast so that the
IDS has minimal impact on system performance.
We have prototyped our approach on Linux 2.2.14 kernel, and have built
rule templates for popular daemons such as Apache 2.0 and wu-ftpd. We
are validating our design by testing against a comprehensive database
of known attacks. Our system has been designed to minimize the kernel
changes and performance impact and thus can be ported easily to new
kernels.
A preliminary paper which describes our rationale, system design and
other details is available for download here.
Related Links:
Paper on BlueBox
![[ Find ]](http://www.ibm.com/i/v8/b/fi.gif){kind=small}
![[ News ]](http://www.ibm.com/i/v8/b/ne.gif){kind=small}
![[ Products ]](http://www.ibm.com/i/v8/b/pro.gif){kind=small}
![[ Support ]](http://www.ibm.com/i/v8/b/su.gif){kind=small}
![[ Business solutions ]](http://www.ibm.com/i/v8/b/so.gif){kind=small}
![[ Inside IBM ]](http://www.ibm.com/i/v8/b/ins_h.gif){kind=small}
![[ Interest groups ]](http://www.ibm.com/i/v8/b/int.gif){kind=small}
