Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
IWAN '99 Proceedings of the First International Working Conference on Active Networks
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
A clean slate 4D approach to network control and management
ACM SIGCOMM Computer Communication Review
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
SoftBound: highly compatible and complete spatial memory safety for c
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
OFRewind: enabling record and replay troubleshooting for networks
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats
Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats
Cells: a virtual mobile smartphone architecture
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
A NICE way to test openflow applications
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
The VAD tree: A process-eye view of physical memory
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A security enforcement kernel for OpenFlow networks
Proceedings of the first workshop on Hot topics in software defined networks
Openflow random host mutation: transparent moving target defense using software defined networking
Proceedings of the first workshop on Hot topics in software defined networks
Hi-index | 0.00 |
In this paper we introduce active security, a new methodology which introduces programmatic control within a novel feedback loop into the defense infrastructure. Active security implements a unified programming environment which provides interfaces to (i) protect the infrastructure under common attack scenarios (e.g., configure a firewall), (ii) sense the current state of the infrastructure through a wide variety of information, (iii) adjust the configuration of the infrastructure at run time based on sensed information, (iv) collect forensic evidence on-demand, at run-time for attribution, and (v) counter the attack through more advanced mechanisms such as migrating malicious code to a quarantined system. We built an initial prototype that extends the FloodLight software-defined networking controller to automatically interface with the Snort intrusion detection system to detect anomalies, the Linux Memory Extractor to collect forensic evidence at run-time, and the Volatility parsing tool to extract an executable from physical memory and analyze information about the malware (which can then be used by the active security system to better secure the infrastructure).