Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SE
2007
2007
Isolating cause-effect chains in computer systems
: One of the major tasks in maintaining software systems is understanding how specific effects came to be. This is especially true for effects that cause major harm, and especially challenging for causes that actively prevent discovery. We introduce Malfor, a system that, for any reliably reproducible and observable effect, isolates the processes that cause the effect. We apply Malfor to intrusion analysis—that is, understanding how an intruder gained access to a system—and come up with cause-effect chains that describe how an attack came to be: “An attacker sent a malicious request to the Web server, which gave him a local shell, by which he gained administrator provileges via a security hole in Perl, and thus installed a new administrator account”. Malfor works by experiments. First, we record the interaction of the system being diagnosed. After the effect (the intrusion) has been detected, we replay the recorded events in slightly different configurations to isolate the pr...
Real-time Traffic| Added | 30 Oct 2010 |
| Updated | 30 Oct 2010 |
| Type | Conference |
| Year | 2007 |
| Where | SE |
| Authors | Stephan Neuhaus, Andreas Zeller |
Comments (0)
Researcher Info
|
