Availability-sensitive intrusion recovery

Authors:
Shengzhi Zhang;Xi Xiong;Xiaoqi Jia;Peng Liu
Affiliations:
Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA/ Graduate University of Chinese Academy of Sciences, Beijing, China;Pennsylvania State University, University Park, PA, USA
Venue:
Proceedings of the 1st ACM workshop on Virtual machine security
Year:
2009

Citing 12
Cited 1

Backtracking intrusions

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
ReVirt: enabling intrusion analysis through virtual-machine logging and replay

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
The taser intrusion recovery system

Proceedings of the twentieth ACM symposium on Operating systems principles
Rx: treating bugs as allergies---a safe method to survive software failures

Proceedings of the twentieth ACM symposium on Operating systems principles
Practical taint-based protection using demand emulation

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Building a reactive immune system for software services

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
QEMU, a fast and portable dynamic translator

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Flashback: a lightweight extension for rollback and deterministic replay for software debugging

ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Enhancing server availability and security through failure-oblivious computing

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
From STEM to SEAD: speculative execution for automated defense

ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Decoupling dynamic program analysis from execution in virtual environments

ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Using virtual machines to do cross-layer damage assessment

Proceedings of the 1st ACM workshop on Virtual machine security

Cross-layer comprehensive intrusion harm analysis for production workload server systems

Proceedings of the 26th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

A system-wide comprehensive cleaning is the primary goal of intrusion recovery. However, the diversity of the vulnerabilities, the creativity of the attackers and the complexity of system contribute to the difficulty of 'sweeping the footprint' of attacks. In this paper, we propose a VM-based intrusion recovery architecture with more concerns on service availability and continuity. Integrating the state of art techniques such as backtracking, cross-layer damage assessment and heterogeneous VM migration, our system can comprehensively sweep out the footprint of intrusion while providing desired service availability and continuity.