ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Initial Report on A LISP Programmer''s Apprentice
Initial Report on A LISP Programmer''s Apprentice
Dependency Directed Reasoning for Complex Program Understanding
Dependency Directed Reasoning for Complex Program Understanding
The role of suspicion in model-based intrusion detection
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Model-based diagnosis for information survivability
IWSAS'01 Proceedings of the 2nd international conference on Self-adaptive software: applications
Probabilistic dispatch, dynamic domain architecture, and self-adaptive software
IWSAS'01 Proceedings of the 2nd international conference on Self-adaptive software: applications
Hi-index | 0.00 |
The Infrastructure of modern society is controlled by software systems that are vulnerable to attacks. Many such attacks, launched by "recreational hackers" have already led to severe disruptions and significant cost. It, therefore, is critical that we find ways to protect such systems and to enable them to continue functioning even after a successful attack. This paper describes AWDRAT, a middleware system for providing survivability to both new and legacy applications. AWDRAT stands for Architectural-differencing, Wrappers, Diagnosis, Recovery, Adaptive software, and Trust-modeling. AWDRAT uses these techniques to gain visibility into the execution of an application system and to compare the application's actual behavior to that which is expected. In the case of a deviation, AWDRAT conducts a diagnosis that figures out which computational resources are likely to have been compromised and then adds these assessments to its trust-model. The trust model in turn guides the recovery process, particularly by guiding the system in its choice among functionally equivalent methods and resources. AWDRAT has been used on an example application system, a graphical editor for constructing mission plans. We present data showing the effectiveness of AWDRAT in detecting a variety of compromises to the application system.