The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004.

Slides:

Advertisements

Similar presentations

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

Advertisements

Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Why care about debugging? How many of you have written a program that worked perfectly the first time? No one (including me!) writes a program that works.

SubDomain: Parsimonious Server Security Presenter: Alptekin Küpçü.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Dilma M. da Silva IBM TJ Watson Research Center, NY What is going on in Operating Systems Research: The OSDI & SOSP Perspective.

Detecting past and present intrusions through vulnerability- specific predicates Ashlesha Joshi, Sam King, George Dunlap, and Peter Chen University of.

DoublePlay: Parallelizing Sequential Logging and Replay Kaushik Veeraraghavan Dongyoon Lee, Benjamin Wester, Jessica Ouyang, Peter M. Chen, Jason Flinn,

Operating system Structure and Operation

1 ExtraVirt: Detecting and recovering from transient processor faults Dominic Lucchetti, Steve Reinhardt, Peter Chen University of Michigan.

SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Solving Linear Equations – Part 2 A Linear Equation in One Variable is any equation that can be written in the form It is assumed that you have already.

Learning From Mistakes—A Comprehensive Study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou Appeared.

1 AutoBash: Improving Configuration Management with Operating System Causality Analysis Ya-Yunn Su, Mona Attariyan, and Jason Flinn University of Michigan.

CHAPTER 5: CONTROL STRUCTURES II INSTRUCTOR: MOHAMMAD MOJADDAM.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.

Computer Security and Penetration Testing

Detection and Prevention of Buffer Overflow Exploit Cai Jun Anti-Virus Section Manager R&D Department Beijing Rising Tech. Corp. LTD.

Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan.

USCISIUSCISI Procedural Programming Outline of talk: Deductive Kb with Multiple Paradigms Production rules Methods Lisp-to-Loom Interface Interpretations.

Our work on virtualization Chen Haogang, Wang Xiaolin {hchen, Institute of Network and Information Systems School of Electrical Engineering.

Pallavi Joshi* Mayur Naik † Koushik Sen* David Gay ‡ *UC Berkeley † Intel Labs Berkeley ‡ Google Inc.

Predicated Static Single Assignment (PSSA) Presented by AbdulAziz Al-Shammari

Problem of the Day  Why are manhole covers round?

Retroactive Auditing Xi Wang Nickolai Zeldovich Frans Kaashoek MIT CSAIL.

Chapter 5 Control Structure (Repetition). Objectives In this chapter, you will: Learn about repetition (looping) control structures Explore how to construct.

Chapter 5: Control Structures II (Repetition). Objectives In this chapter, you will: – Learn about repetition (looping) control structures – Learn how.

Definition of Terms Software/Programs Programs that directs the operation of a computer system Set of instructions Codes Programming Process of planning,

Motivation 2 Static Acquisition Live Acquisition Static AcquisitionLive Acquisition In-Disk Evidence In-Memory Evidence 24/7 Availability Servers.

Glenn Ammons Ras Bodík Jim Larus Univ. of Wisconsin Univ. of Wisconsin Microsoft Research Mining Specifications (lots of) code  specifications.

ABSOLUTE VALUE EQUALITIES and INEQUALITIES Candace Moraczewski and Greg Fisher © April, 2004.

Highly Scalable Distributed Dataflow Analysis Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan Chelsea LeBlancTodd.

Seminar of “Virtual Machines” Course Mohammad Mahdizadeh SM. University of Science and Technology Mazandaran-Babol January 2010.

Chapter Integration of substitution and integration by parts of the definite integral.

Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Welcome.

LOGIN PAGE Login Page Support CRM:

Software Security CSE 545 – Software Security Spring 2016 Adam Doupé Arizona State University

7-3: Solving Systems of Equations using Elimination

Chapter 7 What’s Wrong with It? (Syntax and Logic Errors) Clearly Visual Basic: Programming with Visual Basic nd Edition.

Detecting past and present intrusions through vulnerability- specific predicates Ashlesha Joshi, Sam King, George Dunlap, and Peter Chen.

C++ Programming: From Problem Analysis to Program Design, Fifth Edition Chapter 5: Control Structures II (Repetition)

Alison Buben Jay Pataky COSC 316.  Main purpose: Penetration Testing ◦ Evaluating the security of a computer by simulating an attack ◦ Showing where.

Debuggers. Errors in Computer Code Errors in computer programs are commonly known as bugs. Three types of errors in computer programs –Syntax errors –Runtime.

Adaptive Android Kernel Live Patching

Exploiting Sharing for Data Center Consolidation

Effective Data-Race Detection for the Kernel

MobiSys 2017 Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation Qiang Zeng joint work with Lannan.

Trig Identities A B C c a b.

Java Programming: Guided Learning with Early Objects

Compass Navigation Support for Back-in-Time Debugging

VMPCS-OGC Virtual Machine Protection and Checking System using Out-of-Guest Control ferify.

Using local variable without initialization is an error.

Design Process 6 steps (Non- linear )

Roland Kwitt & Tobias Strohmeier

Soft Error Detection for Iterative Applications Using Offline Training

Exception Handling Oo28.

Warm-up: Solve the inequality and graph the solution set. x3 + 2x2 – 9x  18 HW: pg (4, 5, 7, 9, 11, 30, 34, 46, 52, 68, 80, 81, 82, 84, 86, 88)

Control Structure Testing

Ашық сабақ 7 сынып Файлдар мен қапшықтар Сабақтың тақырыбы:

Windows басқару элементтері

Self-organizing Tuple Reconstruction in Column-stores

Metasploit assignment – Arkadiy Kantor – Mis-5212

Қош келдіңіздер!.

Информатика пән мұғалімі : Аитова Карима.

Presentation transcript:

The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004

Motivation Red time interval: window of vulnerability during which exploit is possible Prompt patching makes this interval smaller, but cannot eliminate it What to do in what’s left of window of vulnerability? Vulnerability Introduced Vulnerability Discovered time Vulnerability Patched

Solution Use VM replay and VM introspection to detect the triggering of a vulnerability As machine replays, examine its state to determine if vulnerability gets triggered Vulnerability Introduced Vulnerability Discovered time Vulnerability Patched

Example Consider a race condition: Predicate: (v does not satisfy the condition at line 4) Who writes the predicate? 1 if (variable v does not satisfy condition) 2 return error 3 Do other stuff 4 Use variable v // condition not rechecked

Summary and Status Can use same VM introspection technique during live execution, not just replay Already can write and evaluate predicates for kernel bugs Currently extending to work for application bugs too Patch Available time Patch Applied Vulnerability Introduced Vulnerability Discovered