PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Incremental Regression Testing
ICSM '93 Proceedings of the Conference on Software Maintenance
Proceedings of a symposium on Compiler optimization
ACM Transactions on Computer Systems (TOCS)
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Back to the Future: A Framework for Automatic Malware Removal and System Repair
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Undo for operators: building an undoable e-mail store
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Imperative self-adjusting computation
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
WOWCS'08 Proceedings of the conference on Organizing Workshops, Conferences, and Symposia for Computer Systems
Efficient online validation with delta execution
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Wikipedia workload analysis for decentralized hosting
Computer Networks: The International Journal of Computer and Telecommunications Networking
PRES: probabilistic replay with execution sketching on multiprocessors
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Intrusion recovery using selective re-execution
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Using automatic persistent memoization to facilitate data analysis scripting
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Intrusion recovery for database-backed web applications
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Proceedings of the Second Asia-Pacific Workshop on Systems
Efficiently Running Test Suites Using Abstract Undo Operations
ISSRE '11 Proceedings of the 2011 IEEE 22nd International Symposium on Software Reliability Engineering
TACHYON: tandem execution for efficient live patch testing
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Optimizing unit test execution in large software programs using dependency analysis
Proceedings of the 4th Asia-Pacific Workshop on Systems
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Asynchronous intrusion recovery for interconnected web services
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Hi-index | 0.00 |
POIROT is a system that, given a patch for a newly discovered security vulnerability in a web application, helps administrators detect past intrusions that exploited the vulnerability. POIROT records all requests to the server during normal operation, and given a patch, re-executes requests using both patched and unpatched software, and reports to the administrator any request that executes differently in the two cases. A key challenge with this approach is the cost of re-executing all requests, and POIROT introduces several techniques to reduce the time required to audit past requests, including filtering requests based on their control flow and memoization of intermediate results across different requests. A prototype of POIROT for PHP accurately detects attacks on older versions of MediaWiki and HotCRP, given subsequently released patches. POIROT's techniques allow it to audit past requests 12-51× faster than the time it took to originally execute the same requests, for patches to code executed by every request, under a realistic Media-Wiki workload.