Loading...
Please wait, while we are loading the content...
Similar Documents
WormHealer : Replay-based Full-System Recovery from Control-Flow Hijacking Attacks
| Content Provider | Semantic Scholar |
|---|---|
| Author | Oliveira, Daniela A. S. De Crandall, Jedidiah R. Wassermann, Gary Wu, Shyhtsun Felix Su, Zhendong Chong, Frederic T. |
| Abstract | System availability is difficult for systems to maintain in the face of Internet worms. Large systems have vulnerabilities, and if a system attempts to continue operation after an attack, it may not behave properly. Traditional mechanisms for detecting attacks disrupt service and can convert such attacks into denial-of-service. Current recovery approaches have at least one of the following limitations: they cannot recover the complete system state, they cannot recover from zero-day exploits, they undo the effects of the attack speculatively or they require the application’s source code be available. This paper presents WormHealer, a replay-based, architecture-level post-attack recovery framework using VM technology. After a control-flow hijacking attack has been detected, we replay the checkpointed run using symbolic execution to discover the source of the malicious attack. We then replay the run a second time but ignore inputs from the malicious source. We evaluated WormHealer on five exploits for Linux and Windows. In all cases, it recovered the full system state and resumed execution. It also recovered all TCP connections with non-malicious clients and the communication that had been taken place during the attack, except for some limited cases. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://web.cs.ucdavis.edu/~wu/ecs236/papers/hw5_Daniela_WormHealer.pdf |
| Alternate Webpage(s) | http://www.cs.ucdavis.edu/~wu/ecs236/papers/hw5_Daniela_WormHealer.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
