Presentation is loading. Please wait.

Presentation is loading. Please wait.

The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004."— Presentation transcript:

1 The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004

2 Motivation Red time interval: window of vulnerability during which exploit is possible Prompt patching makes this interval smaller, but cannot eliminate it What to do in what’s left of window of vulnerability? Vulnerability Introduced Vulnerability Discovered time Vulnerability Patched

3 Solution Use VM replay and VM introspection to detect the triggering of a vulnerability As machine replays, examine its state to determine if vulnerability gets triggered Vulnerability Introduced Vulnerability Discovered time Vulnerability Patched

4 Example Consider a race condition: Predicate: (v does not satisfy the condition at line 4) Who writes the predicate? 1 if (variable v does not satisfy condition) 2 return error 3 Do other stuff 4 Use variable v // condition not rechecked

5 Summary and Status Can use same VM introspection technique during live execution, not just replay Already can write and evaluate predicates for kernel bugs Currently extending to work for application bugs too Patch Available time Patch Applied Vulnerability Introduced Vulnerability Discovered

Download ppt "The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004."

Similar presentations

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.

Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Why care about debugging? How many of you have written a program that worked perfectly the first time? No one (including me!) writes a program that works.

Why care about debugging? How many of you have written a program that worked perfectly the first time? No one (including me!) writes a program that works.
SubDomain: Parsimonious Server Security Presenter: Alptekin Küpçü.

SubDomain: Parsimonious Server Security Presenter: Alptekin Küpçü.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Dilma M. da Silva IBM TJ Watson Research Center, NY What is going on in Operating Systems Research: The OSDI & SOSP Perspective.

Dilma M. da Silva IBM TJ Watson Research Center, NY What is going on in Operating Systems Research: The OSDI & SOSP Perspective.
Detecting past and present intrusions through vulnerability- specific predicates Ashlesha Joshi, Sam King, George Dunlap, and Peter Chen University of.

Detecting past and present intrusions through vulnerability- specific predicates Ashlesha Joshi, Sam King, George Dunlap, and Peter Chen University of.
DoublePlay: Parallelizing Sequential Logging and Replay Kaushik Veeraraghavan Dongyoon Lee, Benjamin Wester, Jessica Ouyang, Peter M. Chen, Jason Flinn,

DoublePlay: Parallelizing Sequential Logging and Replay Kaushik Veeraraghavan Dongyoon Lee, Benjamin Wester, Jessica Ouyang, Peter M. Chen, Jason Flinn,
Operating system Structure and Operation

Operating system Structure and Operation
1 ExtraVirt: Detecting and recovering from transient processor faults Dominic Lucchetti, Steve Reinhardt, Peter Chen University of Michigan.

1 ExtraVirt: Detecting and recovering from transient processor faults Dominic Lucchetti, Steve Reinhardt, Peter Chen University of Michigan.
SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.

SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
Solving Linear Equations – Part 2 A Linear Equation in One Variable is any equation that can be written in the form It is assumed that you have already.

Solving Linear Equations – Part 2 A Linear Equation in One Variable is any equation that can be written in the form It is assumed that you have already.
Learning From Mistakes—A Comprehensive Study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou Appeared.

Learning From Mistakes—A Comprehensive Study on Real World Concurrency Bug Characteristics Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou Appeared.
1 AutoBash: Improving Configuration Management with Operating System Causality Analysis Ya-Yunn Su, Mona Attariyan, and Jason Flinn University of Michigan.

1 AutoBash: Improving Configuration Management with Operating System Causality Analysis Ya-Yunn Su, Mona Attariyan, and Jason Flinn University of Michigan.
CHAPTER 5: CONTROL STRUCTURES II INSTRUCTOR: MOHAMMAD MOJADDAM.

CHAPTER 5: CONTROL STRUCTURES II INSTRUCTOR: MOHAMMAD MOJADDAM.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.

Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.
Computer Security and Penetration Testing

Computer Security and Penetration Testing

Similar presentations

Ads by Google