Workshop on Recent Advances on Intrusiton-Tolerant Systems 

About: Workshop on Recent Advances on Intrusiton-Tolerant Systems is an academic conference. The conference publishes majorly in the area(s): Intrusion tolerance & Hypervisor. Over the lifetime, 5 publications have been published by the conference receiving 186 citations.

Bouncer: securing software by blocking bad input

Abstract: Attackers exploit software vulnerabilities to control or crash programs. Bouncer uses existing software instrumentation techniques to detect attacks and it generates filters automatically to block exploits of the target vulnerabilities. The filters are deployed automatically by instrumenting system calls to drop exploit messages. These filters introduce low overhead and they allow programs to keep running correctly under attack. Previous work computes filters using symbolic execution along the path taken by a sample exploit, but attackers can bypass these filters by generating exploits that follow a different execution path. Bouncer introduces three techniques to generalize filters so that they are harder to bypass: a new form of program slicing that uses a combination of static and dynamic analysis to remove unnecessary conditions from the filter; symbolic summaries for common library functions that characterize their behavior succinctly as a set of conditions on the input; and generation of alternative exploits guided by symbolic execution. Bouncer filters have low overhead, they do not have false positives by design, and our results show that Bouncer can generate filters that block all exploits of some real-world vulnerabilities.

Efficient state transfer for hypervisor-based proactive recovery

Abstract: Proactive recovery of replicated services is a novel approach that allows tolerating a potentially unlimited number of malicious faults during system lifetime by periodically restarting replicas from a correct state. Recovering a stateful replica requires a time-consuming transfer and verification of the state. During this time, the replica usually is unable to handle client requests. Our VM-FIT architecture harnesses virtualization to significantly reduce this service unavailability. Our approach allows recovery in parallel with service execution, and uses copy-on-write techniques and provides efficient state transfer support between virtual replicas on a host.

The FOREVER service for fault/intrusion removal

Abstract: This paper introduces FOREVER, a novel service that can be used to enhance the resilience of replicated systems, namely those exposed to malicious attacks. The main objective of FOREVER is to remove faults and intrusions that may happen during system execution, and such removal is done by combining both evolution and recovery techniques. The paper presents (i.) the challenges that systems exposed to malicious attacks need to address, and (ii.) how FOREVER can be used to tackle these challenges.

Turtles all the way down: research challenges in user-based attestation

Abstract: Current trusted computing technologies allow computing devices to verify each other using attestation, but in a networked world, there is no reason to trust one computing device any more than another. Treating these devices as turtles, the user who seeks a trustworthy system from which to verify others quickly realizes that it's "turtles all the way down" because of the endless loop of trust dependencies. We need to provide the user with one initial turtle (the iTurtle) which is axiomatically trustworthy, thereby breaking the dependency loop. Further, the size of the software trusted computing base on today's computing devices is overwhelming. We argue that a mechanism for reducing the size is essential for extracting meaning from attestations and enabling an iTurtle to do its job. This talk will present some of the research challenges involved in designing and using an iTurtle, and in architecting systems to provide meaningful attestations to an iTurtle.

Automating cyber-defense management

Abstract: Last year, we reported [1] our success in setting a new high-water mark for intrusion tolerance. That success can largely be attributed to our use of a "survivability architecture", which refers to the organization of a set of concrete defense mechanisms for preventing intrusion, and for detecting and responding to intrusions that cannot be prevented. The system defense-enabled with the DPASA survivability architecture [2] showed a high level of resistance to sustained attacks by sophisticated adversaries, but needed expert operators to perform the role of an "intelligent control loop"---interpreting the events reported by the survivable system as well as deciding in some cases which defense mechanisms to actuate. We took the position that the survivability architecture must be extended to include part, if not all, of the functionality of the intelligent control loop. This paper is a work in progress report of our current research attempting to introduce a cognitive control loop into survivability architectures.