Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NOMS
2008
IEEE
2008
IEEE
Bezoar: Automated virtual machine-based full-system recovery from control-flow hijacking attacks
Abstract—System availability is difficult for systems to maintain in the face of Internet worms. Large systems have vulnerabilities, and if a system attempts to continue operation after an attack, it may not behave properly. Traditional mechanisms for detecting attacks disrupt service and current recovery approaches are application-based and cannot guarantee recovery in the face of exploits that corrupt the kernel, involve multiple processes or target multithreaded network services. This paper presents Bezoar, an automated full-system virtual machine-based approach to recover from zero-day control-flow hijacking attacks. Bezoar tracks down the source of network bytes in the system and after an attack, replays the checkpointed run while ignoring inputs from the malicious source. We evaluated our proof-of-concept prototype on six notorious exploits for Linux and Windows. In all cases, it recovered the full system state and resumed execution. Bezoar incurs low overhead to the virtual ...
Real-time TrafficAttacks Disrupt Service | Communications | NOMS 2008 | Virtual Machine-based Approach | Zero-day Control-flow Hijacking |
| Added | 01 Jun 2010 |
| Updated | 01 Jun 2010 |
| Type | Conference |
| Year | 2008 |
| Where | NOMS |
| Authors | Daniela A. S. de Oliveira, Jedidiah R. Crandall, Gary Wassermann, Shaozhi Ye, Shyhtsun Felix Wu, Zhendong Su, Frederic T. Chong |
Comments (0)
Researcher Info
|
