Abstract

Techniques are provided herein to enhance detection of compromised network devices by maintaining a list of network device indicators of compromise (i.e., a footprint), determining the viable footprints relevant to the device’s specific deployment context, and placing checks for these footprints onto a device. Based on the reduced set of footprints, these footprints are placed in a cryptoprocessor (e.g., Trusted Platform Module (TPM)) to ensure that potentially relevant evidence cannot be silently discarded. As soon as a new footprint is characterized, devices may forward found instances of these footprints to a security controller. This allows the security controller to do remediation well prior to the installation of fixes/patches. Placement of events in a TPM also allows attacks on bare metal machines to be detected by virtual machines.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Voit, Eric; Pendleton, Jared; and Mccoy, Chris, "DYNAMIC DEVICE COMPROMISE FOOTPRINT PRE-FILTERING", Technical Disclosure Commons, (October 08, 2018)
https://www.tdcommons.org/dpubs_series/1578

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

DYNAMIC DEVICE COMPROMISE FOOTPRINT PRE-FILTERING

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

DYNAMIC DEVICE COMPROMISE FOOTPRINT PRE-FILTERING

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information