Online Network Forensics for Automatic Repair Validation

Michael E. Locasto; Matthew Spindel Burnside; Angelos D. Keromytis

Online Network Forensics for Automatic Repair Validation
Locasto, Michael E.
Burnside, Matthew Spindel
Keromytis, Angelos D.
Computer Science
Permanent URL:
Part Number:
Book/Journal Title:
Advances in Information and Computer Security: Third International Workshop on Security, IWSEC 2008, Kagawa, Japan, November 25-27, 2008: Proceedings
Book Author:
Matsuura, Kanta
Publisher Location:
New York
Automated intrusion prevention and self-healing software are active areas of security systems research. A major hurdle for the widespread deployment of these systems is that many system administrators lack confidence in the quality of the generated fixes. Thus, a key requirement for future self-healing software is that each automatically-generated fix must be validated before deployment. Under the response rates required by self-healing systems, we believe such verification must proceed automatically. We call this process Automatic Repair Validation (ARV). We describe the design and implementation of Bloodhound, a system that tags and tracks information between the kernel and the application and correlates symptoms of exploits (such as memory errors) with high-level data (e.g., network flows). By doing so, Bloodhound can replay the flows that triggered the repair process against the newly healed application to help show that the repair is accurate (i.e., it defeats the exploit). We show through experimentation a performance impact of as little as 2.6%.
Computer science
Publisher DOI:
Item views:
Additional metadata is currently unavailable for this item.
Suggested Citation:
Michael E. Locasto, Matthew Spindel Burnside, Angelos D. Keromytis, 2008, Online Network Forensics for Automatic Repair Validation, Columbia University Academic Commons, http://hdl.handle.net/10022/AC:P:13961.

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries | Terms of Use | Copyright