Home

Online Network Forensics for Automatic Repair Validation

Michael E. Locasto; Matthew Spindel Burnside; Angelos D. Keromytis

Title:
Online Network Forensics for Automatic Repair Validation
Author(s):
Locasto, Michael E.
Burnside, Matthew Spindel
Keromytis, Angelos D.
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Part Number:
5312
Book/Journal Title:
Advances in Information and Computer Security: Third International Workshop on Security, IWSEC 2008, Kagawa, Japan, November 25-27, 2008: Proceedings
Book Author:
Matsuura, Kanta
Publisher:
Springer
Publisher Location:
New York
Abstract:
Automated intrusion prevention and self-healing software are active areas of security systems research. A major hurdle for the widespread deployment of these systems is that many system administrators lack confidence in the quality of the generated fixes. Thus, a key requirement for future self-healing software is that each automatically-generated fix must be validated before deployment. Under the response rates required by self-healing systems, we believe such verification must proceed automatically. We call this process Automatic Repair Validation (ARV). We describe the design and implementation of Bloodhound, a system that tags and tracks information between the kernel and the application and correlates symptoms of exploits (such as memory errors) with high-level data (e.g., network flows). By doing so, Bloodhound can replay the flows that triggered the repair process against the newly healed application to help show that the repair is accurate (i.e., it defeats the exploit). We show through experimentation a performance impact of as little as 2.6%.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1007/978-3-540-89598-5_9
Item views:
46
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use