The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Programming Perl
Recovery from Malicious Transactions
IEEE Transactions on Knowledge and Data Engineering
Framework for Testing the Fault-Tolerance of Systems Including OS and Network Aspects
HASE '01 The 6th IEEE International Symposium on High-Assurance Systems Engineering: Special Topic: Impact of Networking
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
FS: An In-Kernel Integrity Checker and Intrusion Detection File System
LISA '04 Proceedings of the 18th USENIX conference on System administration
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
Speculative execution in a distributed file system
Proceedings of the twentieth ACM symposium on Operating systems principles
Automatic diagnosis and response to memory corruption vulnerabilities
Proceedings of the 12th ACM conference on Computer and communications security
Using time travel to diagnose computer problems
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Speculative execution in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Using queries for distributed monitoring and forensics
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Automatic high-performance reconstruction and recovery
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Building a reactive immune system for software services
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Correlating multi-session attacks via replay
HOTDEP'06 Proceedings of the 2nd conference on Hot Topics in System Dependability - Volume 2
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Parallax: managing storage for a million machines
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
RegColl: centralized registry framework for infrastructure system management
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Constructing services with interposable virtual hardware
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Configuration debugging as search: finding the needle in the haystack
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Secure file system versioning at the block level
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Zyzzyva: speculative byzantine fault tolerance
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Staged deployment in mirage, an integrated software upgrade testing and distribution system
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
AutoBash: improving configuration management with operating system causality analysis
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Flight data recorder: monitoring persistent-state interactions to improve systems management
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Automated Rule-Based Diagnosis through a Distributed Monitor System
IEEE Transactions on Dependable and Secure Computing
Using hypervisor to provide data secrecy for user applications on a per-page basis
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Application-level isolation and recovery with solitude
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
SWEEPER: an efficient disaster recovery point identification mechanism
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Reconstructing system state for intrusion analysis
ACM SIGOPS Operating Systems Review
Using causality to diagnose configuration bugs
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Architecting Dependable and Secure Systems Using Virtualization
Architecting Dependable Systems V
Enforcing authorization policies using transactional memory introspection
Proceedings of the 15th ACM conference on Computer and communications security
Using virtual machines to do cross-layer damage assessment
Proceedings of the 1st ACM workshop on Virtual machine security
Online Network Forensics for Automatic Repair Validation
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
CloudAV: N-version antivirus in the network cloud
SS'08 Proceedings of the 17th conference on Security symposium
Diagnosing distributed systems with self-propelled instrumentation
Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware
Capo: a software-hardware interface for practical deterministic multiprocessor replay
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
FAST '09 Proccedings of the 7th conference on File and storage technologies
POTSHARDS—a secure, recoverable, long-term archival storage system
ACM Transactions on Storage (TOS)
ACM Transactions on Storage (TOS)
Availability-sensitive intrusion recovery
Proceedings of the 1st ACM workshop on Virtual machine security
ACM Transactions on Information and System Security (TISSEC)
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
"Out-of-the-Box" monitoring of VM-based high-interaction honeypots
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
An OS security protection model for defeating attacks from network
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Pushing boulders uphill: the difficulty of network intrusion recovery
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Layering in provenance systems
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Trail of bytes: efficient support for forensic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Cost-aware systemwide intrusion defense via online forensics and on-demand detector deployment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Cross-layer comprehensive intrusion harm analysis for production workload server systems
Proceedings of the 26th Annual Computer Security Applications Conference
Automating configuration troubleshooting with dynamic information flow analysis
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Baaz: a system for detecting access control misconfigurations
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Attribution of malicious behavior
ICISS'10 Proceedings of the 6th international conference on Information systems security
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Correlating multi-session attacks via replay
HotDep'06 Proceedings of the Second conference on Hot topics in system dependability
Repair from a chair: computer repair as an untrusted cloud service
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Safe side effects commitment for OS-level virtualization
Proceedings of the 8th ACM international conference on Autonomic computing
Vision: automated security validation of mobile apps at app markets
MCS '11 Proceedings of the second international workshop on Mobile cloud computing and services
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Proceedings of the 18th ACM conference on Computer and communications security
Integrating IDS alert correlation and OS-Level dependency tracking
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture
A framework for post-event timeline reconstruction using neural networks
Digital Investigation: The International Journal of Digital Forensics & Incident Response
An empirical study of automatic event reconstruction systems
Digital Investigation: The International Journal of Digital Forensics & Incident Response
On the role of file system metadata in digital forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Shadow attacks: automatically evading system-call-behavior based malware detection
Journal in Computer Virology
DIONE: a flexible disk monitoring and analysis framework
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
International Journal of Information Security and Privacy
Cyrus: unintrusive application-level record-replay for replay parallelism
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Proceedings of the 40th Annual International Symposium on Computer Architecture
Evaluation of a Hybrid Approach for Efficient Provenance Storage
ACM Transactions on Storage (TOS)
POSTER: Sechduler: a security-aware kernel scheduler
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
LogGC: garbage collecting audit log
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
RelaxReplay: record and replay for relaxed-consistency multiprocessors
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Hi-index | 0.00 |
Analyzing intrusions today is an arduous, largely manual task because system administrators lack the information and tools needed to understand easily the sequence of steps that occurred in an attack. The goal of BackTracker is to identify automatically potential sequences of steps that occurred in an intrusion. Starting with a single detection point (e.g., a suspicious file), BackTracker identifies files and processes that could have affected that detection point and displays chains of events in a dependency graph. We use BackTracker to analyze several real attacks against computers that we set up as honeypots. In each case, BackTracker is able to highlight effectively the entry point used to gain access to the system and the sequence of steps from that entry point to the point at which we noticed the intrusion. The logging required to support BackTracker added 9% overhead in running time and generated 1.2 GB per day of log data for an operating-system intensive workload.