Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.

Slides:

Advertisements

Similar presentations

Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.

Advertisements

GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Token Kidnapping's Revenge Cesar Cerrudo Argeniss.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Handling Security Incidents

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Cumulative Violation For any window size  t  Communication-Efficient Tracking for Distributed Cumulative Triggers Ling Huang* Minos Garofalakis.

Collaborating Against Common Enemies Sachin Katti Balachander Krishnamurthy and Dina Katabi AT&T Labs-Research & MIT CSAIL.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.

Success status, page 1 Collaborative learning for security and repair in application communities MIT & Determina AC PI meeting July 10, 2007 Milestones.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

A Framework for Automated Web Application Security Evaluation

What is FORENSICS? Why do we need Network Forensics?

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Self-defending software: Automatically patching security vulnerabilities Michael Ernst University of Washington.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

Learning, Monitoring, and Repair in Application Communities Martin Rinard Computer Science and Artificial Intelligence Laboratory Massachusetts Institute.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

SIGITE 2008: Oct Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University.

Automated Classification and Analysis of Internet Malware M. Bailey J. Oberheide J. Andersen Z. M. Mao F. Jahanian J. Nazario RAID 2007 Presented by Mike.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Determina DARPA PI meeting Page 2Confidential © Determina, Inc. Agenda LiveShield –Product and Technology –Current Status Applications to Application.

Self-defending software: Automatically patching errors in deployed software Michael Ernst University of Washington Joint work with: Saman Amarasinghe,

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

Application Recognition Sam Larsen Determina. Process Control One method to improve computer security is through process control  Whitelist: user specifies.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

Cryptography and Network Security Sixth Edition by William Stallings.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Application Communities Phase II Technical Progress, Instrumentation, System Design, Plans March 10, 2009.

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Welcome.

EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Self-defending software: Collaborative learning for security and repair Michael Ernst MIT Computer Science & AI Lab.

Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

MIT/Determina Application Communities, page 1 Approved for Public Release, Distribution Unlimited - Case 9649 Collaborative learning for security and repair.

Michael Ernst, page 1 Application Communities: Next steps MIT & Determina October 2006.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.

Artificial Intelligence. Real Threat Prevention.

Final Project: Advanced Security Blade IPS and DLP blades.

Some Great Open Source Intrusion Detection Systems (IDSs)

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

Tool Support for Testing

Application Communities

Final Project: Advanced security blade

Chapter 7: Identifying Advanced Attacks

Enterprise Botnet Detection and Mitigation System

Active Cyber Security, OnDemand

SQL Injection Attacks Many web servers have backing databases

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Forensics Week 11.

Risk of the Internet At Home

SoK: Automated Software Diversity

Evaluating the Flexibility of the Java Sandbox

Outline System architecture Experiments

Outline System architecture Current work Experiments Next Steps

Presentation transcript:

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion

Application Community Benefits Increased accuracy –Collect and process more data (behavior variations) Amortized risk –Each member is a sentry: failures yield information –Evaluate proposed fixes (patches) in many situations –A community can afford to sacrifice a few members Shared burden –Distribute tasks: monitoring, evaluating patches, etc.

Monitor LearnCreate Analyze Monitor Enforce How the community cooperates

Two protection approaches Constraints approach –Detect code injection, crashes –Learn constraints correlated with problems –Avoid problems by avoiding bad states –Evaluate multiple fixes Genealogy (DNA) approach –Assign new executions to whitelist or blacklist –Use similarities to other executions

Attacks protected against Handles the most important attacks in practice: –Execution of Malicious Code Memory-based (constraints approach) Script-based (constraints approach) Executable-based (genealogy approach) –Denial of Service (constraints approach) Attacks not handled: –Privilege escalation –Cross-site scripting –Weak/missing permissions –Information leak (but see Stephen McCamant’s work)

Accomplishments New approach to detection –Fewer false positives than constraint violation Instrumentation of stripped Windows binaries –Variables and program points in binaries Technique for creating LiveShield patches Investigated real exploits Program genealogy approach and experiments

Future work: Constraints approach Logging: Based on detected problems, select subset of program points to examine Instrumentation: scaling, expressiveness Determine which constraints to enforce Generate multiple repairs for violated constraints Evaluate repairs, select the best one(s) Evaluate on more real exploits

Future work: Genealogy approach Release Determina infrastructure to researchers –Closed proprietary code, open ‘client’ interface –For reverse engineering, tracing, application communities More fully investigate malware family recognition –Implement the signature and trace databases –Sand-boxed execution before classification

Future work: Red Team evaluation Rules of engagement for Red Team evaluation

Evaluation goals (from proposal) At the end of the project (30 months) –Injected code attacks Detect 95% Repair 60% of those –Attacks that ‘damage the information representation’ Detect 50% Repair 30% of those Proposed 18 month goals –Meet injected code attack goal

Proposed 30 month goals Meet original injected code goals ‘Damage the information representation’ goals: –Define ‘damage the information representation’ as crashes This will miss some information representation attacks It will also catch attacks that don’t damage information representation Reasonable compromise that is clearly defined –Detect 50% and fix 30% of those (as per the proposal)