A Network Worm Vaccine Architecture

A Network Worm Vaccine Architecture (2003)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Stelios Sidiroglou , Angelos D. Keromytis

Venue:	IN PROCEEDINGS OF THE IEEE WORKSHOP ON ENTERPRISE TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES (WETICE), WORKSHOP ON ENTERPRISE SECURITY
Citations:	46 - 13 self

BibTeX

@INPROCEEDINGS{Sidiroglou03anetwork,
    author = {Stelios Sidiroglou and Angelos D. Keromytis},
    title = {A Network Worm Vaccine Architecture},
    booktitle = {IN PROCEEDINGS OF THE IEEE WORKSHOP ON ENTERPRISE TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES (WETICE), WORKSHOP ON ENTERPRISE SECURITY},
    year = {2003},
    pages = {220--225},
    publisher = {}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

The ability of worms to spread at rates that effectively preclude human-directed reaction has elevated them to a first-class security threat to distributed systems. We present the first reaction mechanism that seeks to automatically patch vulnerable software. Our system employs a collection of sensors that detect and capture potential worm infection vectors. We automatically test the effects of these vectors on appropriately-instrumented sandboxed instances of the targeted application, trying to identify the exploited software weakness. Our heuristics allow us to automatically generate patches that can protect against certain classes of attack, and test the resistance of the patched application against the infection vector. We describe our system architecture, discuss the various components, and propose directions for future research.

Citations

425	How to 0wn the internet in your spare time - Staniford, Paxson, et al. - 2002
407	Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks - Cowan, Pu, et al.
340	A Secure Environment for Untrusted Helper Applications - Goldberg, Wagner, et al. - 1996
277	ReVirt: Enabling intrusion analysis through virtual-machine logging and replay - Dunlap, King, et al. - 2002
250	Internet quarantine: Requirements for containing self-propagating code - Moore, Shannon, et al. - 2003
222	Code-Red: a case study on the spread and victims of an internet worm - Moore, Shannon, et al. - 2002
217	Improving host security with system call policies - Provos - 2003
215	Secure Execution via Program Shepherding - KIRIANSKY, BRUENING, et al.
198	A virtual machine introspection based architecture for intrusion detection - Garfinkel, Rosenblum - 2003
196	Scale and performance in the Denali isolation kernel - Whitaker, Shaw, et al. - 2002
180	SOS: secure overlay services - Keromytis, Misra, et al.
180	Code Red Worm Propagation Modeling and Analysis - Zou, Gong, et al. - 2002
170	Throttling viruses: Restricting propagation to defeat malicious mobile code - Williamson - 2002
156	Transparent run-time defense against stack-smashing attacks - Baratloo, Singh, et al. - 2000
143	Using the SimOS Machine Simulator to Study Complex Computer Systems - Rosenblum, Bugnion, et al. - 1997
142	Smashing the stack for fun and profit - One - 1996
140	Building diverse computer systems - Forrest, Somayaji, et al. - 1997
129	The internet worm program: an analysis - Spafford - 1989
120	Stratego: A language for program transformation based on rewriting strategies - Visser - 2001
96	A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention - Wilander, Kamkar - 2003
86	Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools - Garfinkel - 2003
82	The “worm” programs - Early experience with a distributed computation - Shoch, Hupp - 1982
74	GCC extension for protecting applications from stack-smashing attacks. http://www.trl.ibm.com/ projects/security/ssp - ETOH - 2005
65	Bypassing StackGuard and StackShield - BULBA, KIL3R - 2000
41	On computer viral infection and the effect of immunization - Wang, Knight, et al. - 2000
38	Type-assisted dynamic buffer overflow detection - Lee, Chapin - 2000
33	Connection-history Based Anomaly Detection - Toth, Kruegel - 2002
23	The design and implementation of an intrusion tolerant system - Reynolds, Just, et al.
22	A snapshot of global internet worm activity - Song, Malan, et al. - 2001
21	Welcome to My Tarpit: The Tactical and Strategic Use of LaBrea. Dshield.org White paper - Liston - 2001
15	and w00w00 Security Team: w00w00 on heap overflows. http://www.w00w00.org/files/articles/heaptut.txt - Conover - 1999
14	The Denotational Semantics of a Functional Tree-Manipulation Language - Malton - 1993
9	A new model for availability in the face of selfpropagating attacks - Lin, Ricciardi, et al. - 1998
6	The Shockwave Rider. Del Rey - Brunner - 1975
5	Computer virus coevolution - Nachenberg - 1997