Precise interprocedural chopping
SIGSOFT '95 Proceedings of the 3rd ACM SIGSOFT symposium on Foundations of software engineering
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
The Mathematics of Infectious Diseases
SIAM Review
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A survey of rollback-recovery protocols in message-passing systems
ACM Computing Surveys (CSUR)
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Throttling Viruses: Restricting propagation to defeat malicious mobile code
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
IEEE Security and Privacy
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Proceedings of the 2004 ACM workshop on Rapid malcode
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Secure routing for structured peer-to-peer overlay networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Proceedings of the 12th ACM conference on Computer and communications security
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
Building a reactive immune system for software services
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
INFOCOM'96 Proceedings of the Fifteenth annual joint conference of the IEEE computer and communications societies conference on The conference on computer communications - Volume 2
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
On the effectiveness of automatic patching
Proceedings of the 2005 ACM workshop on Rapid malcode
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Exploit hijacking: side effects of smart defenses
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Finding diversity in remote code injection exploits
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM workshop on Recurring malcode
Profiling self-propagating worms via behavioral footprinting
Proceedings of the 4th ACM workshop on Recurring malcode
Signature metrics for accurate and automated worm detection
Proceedings of the 4th ACM workshop on Recurring malcode
Improving software security via runtime instruction-level taint checking
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
Thresholds for virus spread on networks
valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
Peer to peer networks for defense against internet worms
Interperf '06 Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs
WOSP '07 Proceedings of the 6th international workshop on Software and performance
Fireflies: scalable support for intrusion-tolerant network overlays
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Practical taint-based protection using demand emulation
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Framework for instruction-level tracing and analysis of program executions
Proceedings of the 2nd international conference on Virtual execution environments
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
Raksha: a flexible information flow architecture for software security
Proceedings of the 34th annual international symposium on Computer architecture
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Cooperative secondary authorization recycling
Proceedings of the 16th international symposium on High performance distributed computing
Sweeper: a lightweight end-to-end system for defending against fast worms
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
BrowserShield: Vulnerability-driven filtering of dynamic HTML
ACM Transactions on the Web (TWEB)
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Triage: diagnosing production run failures at the user's site
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Honey@home: a new approach to large-scale threat monitoring
Proceedings of the 2007 ACM workshop on Recurring malcode
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
On the infeasibility of modeling polymorphic shellcode
Proceedings of the 14th ACM conference on Computer and communications security
Understanding and visualizing full systems with data flow tomography
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Parallelizing security checks on commodity hardware
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Better bug reporting with better privacy
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Towards self-propagate mal-packets in sensor networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Application-level isolation and recovery with solitude
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Switchblade: enforcing dynamic personalized system call models
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Eudaemon: involuntary and on-demand emulation against zero-day exploits
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Automated peer-to-peer security-update propagation network
ICCOMP'07 Proceedings of the 11th WSEAS International Conference on Computers
Efficient fine-grained binary instrumentationwith applications to taint-tracking
Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
From STEM to SEAD: speculative execution for automated defense
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Detecting worm variants using machine learning
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Parallelizing dynamic information flow tracking
Proceedings of the twentieth annual symposium on Parallelism in algorithms and architectures
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Spectator: detection and containment of JavaScript worms
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Towards Automatically Generating Double-Free Vulnerability Signatures Using Petri Nets
ISC '08 Proceedings of the 11th international conference on Information Security
Swarm Attacks against Network-Level Emulation/Analysis
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Fast and Black-box Exploit Detection and Signature Generation for Commodity Software
ACM Transactions on Information and System Security (TISSEC)
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Online Accumulation: Reconstruction of Worm Propagation Path
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Online Network Forensics for Automatic Repair Validation
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Panalyst: privacy-aware remote error analysis on commodity software
SS'08 Proceedings of the 17th conference on Security symposium
ASSURE: automatic software self-healing using rescue points
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Complete information flow tracking from the gates up
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
On the race of worms, alerts, and patches
IEEE/ACM Transactions on Networking (TON)
Self-healing control flow protection in sensor applications
Proceedings of the second ACM conference on Wireless network security
Pointless tainting?: evaluating the practicality of pointer tainting
Proceedings of the 4th ACM European conference on Computer systems
Test Input Generation for Programs with Pointers
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
An integrated approach to detection of fast and slow scanning worms
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
CrystalBall: predicting and preventing inconsistencies in deployed distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Malyzer: Defeating Anti-detection for Application-Level Malware Analysis
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Loop-extended symbolic execution on binary programs
Proceedings of the eighteenth international symposium on Software testing and analysis
Self-healing: science, engineering, and fiction
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Automatically patching errors in deployed software
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Debugging in the (very) large: ten years of implementation and experience
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Proceedings of the 16th ACM conference on Computer and communications security
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Predicting and preventing inconsistencies in deployed distributed systems
ACM Transactions on Computer Systems (TOCS)
Neon: system support for derived data management
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Detection of slow malicious worms using multi-sensor data fusion
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Execution synthesis: a technique for automated software debugging
Proceedings of the 5th European conference on Computer systems
Self-protection for distributed component-based applications
SSS'06 Proceedings of the 8th international conference on Stabilization, safety, and security of distributed systems
Statistically regulating program behavior via mainstream computing
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
Advanced allergy attacks: does a corpus really help
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Vortex: enabling cooperative selective wormholing for network security systems
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Worm versus alert: who wins in a battle for control of a large-scale network?
OPODIS'07 Proceedings of the 11th international conference on Principles of distributed systems
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Client-side detection of XSS worms by monitoring payload propagation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Thwarting zero-day polymorphic worms with network-level length-based signature generation
IEEE/ACM Transactions on Networking (TON)
Pointer tainting still pointless: (but we all see the point of tainting)
ACM SIGOPS Operating Systems Review
NetShield: massive semantics-based vulnerability signature matching for high-speed networks
Proceedings of the ACM SIGCOMM 2010 conference
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
HSP: A solution against heap sprays
Journal of Systems and Software
Community epidemic detection using time-correlated anomalies
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Fast and practical instruction-set randomization for commodity systems
Proceedings of the 26th Annual Computer Security Applications Conference
Cross-layer comprehensive intrusion harm analysis for production workload server systems
Proceedings of the 26th Annual Computer Security Applications Conference
Paranoid Android: versatile protection for smartphones
Proceedings of the 26th Annual Computer Security Applications Conference
Bypassing races in live applications with execution filters
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Searching the searchers with searchaudit
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Automatically generating patch in binary programs using attribute-based taint analysis
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Ensuring content integrity for untrusted peer-to-peer content distribution networks
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Tightlip: keeping applications from spilling the beans
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
DKAL and Z3: a logic embedding experiment
Fields of logic and computation
Theoretical aspects of compositional symbolic execution
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Secure virtualization for cloud computing
Journal of Network and Computer Applications
PEASOUP: preventing exploits against software of uncertain provenance (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
An adversarial evaluation of network signaling and control mechanisms
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Security architecture for virtual machines
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part I
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems
ACM Transactions on Architecture and Code Optimization (TACO)
libdft: practical dynamic data flow tracking for commodity systems
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Allergy attack against automatic signature generation
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Paragraph: thwarting signature learning by training maliciously
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
SafeCard: a gigabit IPS on the network card
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Minemu: the world's fastest taint tracker
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Community-based analysis of netflow for early detection of security incidents
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Malware characteristics and threats on the internet ecosystem
Journal of Systems and Software
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 34th International Conference on Software Engineering
Body armor for binaries: preventing buffer overflows without recompilation
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Recovering from intrusions in distributed systems with DARE
Proceedings of the Asia-Pacific Workshop on Systems
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
AutoDunt: dynamic latent dependence analysis for detection of zero day vulnerability
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
High-coverage symbolic patch testing
SPIN'12 Proceedings of the 19th international conference on Model Checking Software
Recovering from intrusions in distributed systems with DARE
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
Efficient patch-based auditing for web application vulnerabilities
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Automatic protocol reverse-engineering: Message format extraction and field semantics inference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Enforcing system-wide control flow integrity for exploit detection and diagnosis
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
KATCH: high-coverage testing of software patches
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
Communications of the ACM
ShadowReplica: efficient parallelization of dynamic data flow tracking
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Carat: collaborative energy diagnosis for mobile devices
Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems
On malware characterization and attack classification
AWC '13 Proceedings of the First Australasian Web Conference - Volume 144
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Sound input filter generation for integer overflow errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Software health management with Bayesian networks
Innovations in Systems and Software Engineering
Hi-index | 0.02 |
Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.