{"title":"内核系统妥协的自修复机制","authors":"S. Ring, D. Esler, E. Cole","doi":"10.1145/1075405.1075425","DOIUrl":null,"url":null,"abstract":"Increasing demands for reliability and dependability clash with the reality of escalating security compromises and vulnerability discoveries. Improvements in attack methodologies such as polymorphic viruses, tampering of source code repositories, and automation of distributed strikes are no match for the untimely detection and manual recovery practices used today. We present a run-time method to automate recovery from kernel level system compromises. It is capable of returning modified system call table addresses back to their original values, terminating hidden processes, removing hidden files, and blocking attacker traffic to hidden connections. Self-healing mechanisms such as this can be employed to create more reliable intrusion tolerant operating systems and applications. A working prototype has been implemented as a loadable kernel module on Linux, and can be easily enhanced for other operating systems.","PeriodicalId":326554,"journal":{"name":"Workshop on Self-Healing Systems","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Self-healing mechanisms for kernel system compromises\",\"authors\":\"S. Ring, D. Esler, E. Cole\",\"doi\":\"10.1145/1075405.1075425\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Increasing demands for reliability and dependability clash with the reality of escalating security compromises and vulnerability discoveries. Improvements in attack methodologies such as polymorphic viruses, tampering of source code repositories, and automation of distributed strikes are no match for the untimely detection and manual recovery practices used today. We present a run-time method to automate recovery from kernel level system compromises. It is capable of returning modified system call table addresses back to their original values, terminating hidden processes, removing hidden files, and blocking attacker traffic to hidden connections. Self-healing mechanisms such as this can be employed to create more reliable intrusion tolerant operating systems and applications. A working prototype has been implemented as a loadable kernel module on Linux, and can be easily enhanced for other operating systems.\",\"PeriodicalId\":326554,\"journal\":{\"name\":\"Workshop on Self-Healing Systems\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Workshop on Self-Healing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1075405.1075425\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Self-Healing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1075405.1075425","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Self-healing mechanisms for kernel system compromises
Increasing demands for reliability and dependability clash with the reality of escalating security compromises and vulnerability discoveries. Improvements in attack methodologies such as polymorphic viruses, tampering of source code repositories, and automation of distributed strikes are no match for the untimely detection and manual recovery practices used today. We present a run-time method to automate recovery from kernel level system compromises. It is capable of returning modified system call table addresses back to their original values, terminating hidden processes, removing hidden files, and blocking attacker traffic to hidden connections. Self-healing mechanisms such as this can be employed to create more reliable intrusion tolerant operating systems and applications. A working prototype has been implemented as a loadable kernel module on Linux, and can be easily enhanced for other operating systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
