1 / 5

The ghost of intrusions past

The ghost of intrusions past. Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004. Vulnerability Introduced. Vulnerability Discovered. Vulnerability Patched. Vulnerability Patched. Motivation. time.

ledell
Download Presentation

The ghost of intrusions past

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004

  2. Vulnerability Introduced Vulnerability Discovered Vulnerability Patched Vulnerability Patched Motivation time • Red time interval: window of vulnerability during which exploit is possible • Prompt patching makes this interval smaller, but cannot eliminate it • What to do in what’s left of window of vulnerability?

  3. Vulnerability Introduced Vulnerability Discovered Vulnerability Patched Solution • Use VM replay and VM introspection to detect the triggering of a vulnerability • As machine replays, examine its state to determine if vulnerability gets triggered time

  4. Example • Consider a race condition: • Predicate: (v does not satisfy the condition at line 4) • Who writes the predicate? 1 if (variable v does not satisfy condition) 2 return error 3 Do other stuff 4 Use variable v // condition not rechecked

  5. Vulnerability Introduced Vulnerability Discovered Patch Applied Patch Available Summary and Status • Can use same VM introspection technique during live execution, not just replay • Already can write and evaluate predicates for kernel bugs • Currently extending to work for application bugs too time

More Related