The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Managing update conflicts in Bayou, a weakly connected replicated storage system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Deciding when to forget in the Elephant file system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Rewriting Histories: Recovering from Malicious Transactions
Distributed and Parallel Databases - Security of data and transaction processing
Maximum RPM
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Forensix: A Robust, High-Performance Reconstruction System
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Metadata Efficiency in Versioning File Systems
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Undo for operators: building an undoable e-mail store
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Self-securing storage: protecting data in compromised system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Using magpie for request extraction and workload modelling
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Flexible and safe resolution of file conflicts
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Application-level isolation and recovery with solitude
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Reconstructing system state for intrusion analysis
ACM SIGOPS Operating Systems Review
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
ACM Transactions on Information and System Security (TISSEC)
Efficiently tracking application interactions using lightweight virtualization
Proceedings of the 1st ACM workshop on Virtual machine security
Using virtual machines to do cross-layer damage assessment
Proceedings of the 1st ACM workshop on Virtual machine security
FAST '09 Proccedings of the 7th conference on File and storage technologies
ACM Transactions on Storage (TOS)
TimeCapsule: secure recording of accesses to a protected datastore
Proceedings of the 1st ACM workshop on Virtual machine security
Availability-sensitive intrusion recovery
Proceedings of the 1st ACM workshop on Virtual machine security
Self-protection for distributed component-based applications
SSS'06 Proceedings of the 8th international conference on Stabilization, safety, and security of distributed systems
An OS security protection model for defeating attacks from network
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Layering in provenance systems
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Trail of bytes: efficient support for forensic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Intrusion recovery using selective re-execution
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Attribution of malicious behavior
ICISS'10 Proceedings of the 6th international conference on Information systems security
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Correlating multi-session attacks via replay
HotDep'06 Proceedings of the Second conference on Hot topics in system dependability
Repair from a chair: computer repair as an untrusted cloud service
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Verification of semantic commutativity conditions and inverse operations on linked data structures
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Efficient patch-based auditing for web application vulnerabilities
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
System-Level support for intrusion recovery
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
LogGC: garbage collecting audit log
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A Systematic Survey of Self-Protecting Software Systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
Hi-index | 0.00 |
Recovery from intrusions is typically a very time-consuming operation in current systems. At a time when the cost of human resources dominates the cost of computing resources, we argue that next generation systems should be built with automated intrusion recovery as a primary goal. In this paper, we describe the design of Taser, a system that helps in selectively recovering legitimate file-system data after an attack or local damage occurs. Taser reverts tainted, i.e. attack-dependent, file-system operations but preserves legitimate operations. This process is difficult for two reasons. First, the set of tainted operations is not known precisely. Second, the recovery process can cause conflicts when legitimate operations depend on tainted operations. Taser provides several analysis policies that aid in determining the set of tainted operations. To handle conflicts, Taser uses automated resolution policies that isolate the tainted operations. Our evaluation shows that Taser is effective in recovering from a wide range of intrusions as well as damage caused by system management errors.