Computer virus-antivirus coevolution
Communications of the ACM
Using the SimOS machine simulator to study complex computer systems
ACM Transactions on Modeling and Computer Simulation (TOMACS)
A new model for availability in the face of self-propagating attacks
Proceedings of the 1998 workshop on New security paradigms
The “worm” programs—early experience with a distributed computation
Communications of the ACM
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Stratego: A Language for Program Transformation Based on Rewriting Strategies
RTA '01 Proceedings of the 12th International Conference on Rewriting Techniques and Applications
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
The Design and Implementation of an Intrusion Tolerant System
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
On computer viral infection and the effect of immunization
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Scale and performance in the Denali isolation kernel
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Shockwave Rider
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Hardware support for self-healing software services
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Defending against hitlist worms using network address space randomization
Proceedings of the 2005 ACM workshop on Rapid malcode
Speculative virtual verification: policy-constrained speculative execution
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs
WOSP '07 Proceedings of the 6th international workshop on Software and performance
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
Surviving internet catastrophes
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Building a reactive immune system for software services
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Defending against hitlist worms using network address space randomization
Computer Networks: The International Journal of Computer and Telecommunications Networking
Biologically-inspired Complex Adaptive Systems approaches to Network Intrusion Detection
Information Security Tech. Report
A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
VM-based security overkill: a lament for applied systems security research
Proceedings of the 2010 workshop on New security paradigms
Robust reactions to potential day-zero worms through cooperation and validation
ISC'06 Proceedings of the 9th international conference on Information Security
Tackling worm detection speed and false alarm in virus throttling
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
FLIPS: hybrid adaptive intrusion prevention
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A dynamic mechanism for recovering from buffer overflow attacks
ISC'05 Proceedings of the 8th international conference on Information Security
TAO: protecting against hitlist worms using transparent address obfuscation
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
| Hi-index | 0.00 |
The ability of worms to spread at rates that effectivelypreclude human-directed reaction has elevated them to afirst-class security threat to distributed systems. We presentthe first reaction mechanism that seeks to automaticallypatch vulnerable software. Our system employs a collectionof sensors that detect and capture potential worm infectionvectors. We automatically test the effects of these vectorson appropriately-instrumented sandboxed instances of thetargeted application, trying to identify the exploited softwareweakness. Our heuristics allow us to automaticallygenerate patches that can protect against certain classes ofattack, and test the resistance of the patched applicationagainst the infection vector. We describe our system architecture,discuss the various components, and propose directionsfor future research.