A holistic approach to service survivability

Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems

Volumn , Issue , 2003, Pages 11-22

  Keromytis, Angelos D ^a   Parekh, Janak ^a   Gross, Philip N ^a   Kaiser, Gail ^a   Misra, Vishal ^a   Nieh, Jason ^a   Rubenstein, Dan ^a   Stolfo, Sal ^a  

^a Columbia University ^*  (United States)

Author keywords

Intrusion detection; Overlay networks; Reliability; Survivability

Indexed keywords

AUTOMATION; COMMUNICATION SYSTEMS; COMPUTER SYSTEM FIREWALLS; HTTP; HUMAN COMPUTER INTERACTION; INTERNET; PUBLIC POLICY; QUERY LANGUAGES; RELIABILITY;

INTRUSION DETECTION; OVERLAY NETWORKS; SURVIVABILITY; WEB SERVICES;

COMPUTER ARCHITECTURE;

EID: 2642522187     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1036921.1036923     Document Type: Conference Paper

References (79)

1. 2001 Economic Impact of Malicious Code Attacks. http://www. computereconomics.com/cei/press/pr92101.html.
2. DARPA OASIS (Organically Assured and Survivable Information System), http://www.tolerantsystems.org/index.html.
3. Malicious- and Accidental-Fault Tolerance for Internet Applications. RTD Research Project IST-1999-11583, IST Programme, http://maftia.org/.
4. Microsoft Security Tool Kit: Installing and Securing a New Windows 2000 System. Microsoft TechNet. http://www.microsoft.com/technet/ security/tools/tools/w2knew.asp.
5. Microsoft Windows Software Update Services. http://www.microsoft.com/ windows2000/windowsupdate/sus/.
6. OC48 Analysis - Trace Data Stratified by Applications. http://www.caida.org/analysis/workload/byappli\-cation/oc48/port\_analy%sis \_app.xml.
7. RedHat 9 Security Advisories. https://rhn.redhat.com/errata/rh9-errata- security.html.
8. The Code Security Analysis Kit (CoSAK). http: //serg.cs.drexel.edu/cosak/ index.shtml/.
9. Using Network-Based Application Recognition and Access Control Lists for Blocking the "Code Red" Worm at Network Ingress Points. Technical report, Cisco Systems, Inc.
10. Web Server Survey, http://www.securityspace. com/s_survey/data/200304/.
11. Intrusion Tolerant Server Infrastructure. http://www.tolerantsystems.org/ ProjectSummaries/Intrusion_Tolerant_Serv%er_Infrastructure.html, 2000.
12. CERT Advisory CA-2001-19: 'Code Red' Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, July 2001.
13. Cert Advisory CA-2003-04: MS-SQL Server Worm. http://www.cert.org/ advisories/ CA-2003-04.html, January 2003.
14. The Spread of the Sapphire/Slammer Worm. http://www.silicondefense.com/ research/worms/slammer.php, February 2003.
15. W. Aiello, S. M. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. D. Keromytis, and O. Reingold. Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols. In Proceedings of the ACM Computer and Communications Security (CCS) Conference, pages 48-58, November 2003.
16. F. Apap, A. Honig, S. Hershkop, E. Eskin, and S. J. Stolfo. Detecting malicious software by monitoring anomalous windows registry accesses. In Proceedings of the Fifth International Symposium on Recent Advances in Intrusion Detection (RAID-2002), Zurich, Switzerland, October 2002.
17. M. Atighetchi, P. Pal, C. Jones, P. Rubel, R. Schantz, J. Loyall, and J. Zinky. Building Auto-Adaptive Distributed Applications: The QuO-APOD Experience. In Proceedings of the 3rd International Workshop on Distributed Auto-adaptive and Reconfigurable Systems, in conjunction with the 23rd International Conference on Distributed Computing Systems, May 2003.
18. R. Balzer. Mediating connectors. In 19th IEEE International Conference on Distributed Computing Systems Workshop, 1994.
19. V. Barnett and T. Lewis. Outliers in Statistical Data. John Wiley and Sons, 1994.
20. S. M. Bellovin. Distributed Firewalls. ;login: magazine, special issue on security, pages 37-39, November 1999.
21. J. Brunner. The Shockwave Rider. Del Rey Books, Canada, 1975.
22. A. Carzaniga, D. Rosenblum, and A. Wolf. Design and evaluation of a wide-area event notification service. In ACM Transactions on Computer Systems, volume 19(3), pages 332-383, August 2001.
23. H. Chen and D. Wagner. MOPS: an Infrastructure for Examining Security Properties of Software. In Proceedings of the ACM Computer and Communications Security (CCS) Conference, pages 235-244, November 2002.
24. D. L. Cook, W. G. Morein, A. D. Keromytis, V. Misra, and D. Rubenstein. WebSOS: Protecting Web Servers From DDoS Attacks. In Proceedings of the IEEE International Conference on Networks (ICON), September/October 2003.
25. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998.
26. D. E. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, SE-13:222-232, 1987.
27. T. Dierks and C. Allen. The TLS protocol version 1.0. RFC 2246, January 1999.
28. E. Eskin. Anomaly detection over noisy data using learned probability distributions. In Proceedings of the Seventeenth International Conference on Machine Learning (ICML-2000), 2000.
29. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. pages 120-128. IEEE Computer Society, 1996.
30. Fyodor. The art of port scanning. Phrack 51, 7, September 1997. http://www.phrack.com/phrack/51/P51-11.
31. A. K. Ghosh and J. M. Voas. Inoculating software for survivability. Communications of the ACM, 42(7):38-44, 1999.
32. S. Hershkop, R. Ferster, L. H. Bui, K. Wang, and S. J. Stolfo. Host-based anomaly detection by wrapping file system accesses. Technical report, Columbia University Department of Computer Science, April 2003.
33. S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detect using sequences of system calls. Journal of Computer Security, 6:151-180, 1998.
34. S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith. Implementing a Distributed Firewall. In Proceedings of Computer and Communications Security (CCS), pages 190-199, November 2000.
35. R. Janakiraman, M. Waldvogel, and Q. Zhang. Indra: A peer-topeer approach to network intrusion detection and prevention. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, June 2003.
36. H. S. Javitz and A. Valdes. The nides statistical component: Description and justification. Technical report, SRI International, 1993.
37. J. E. Just, L. A. Clough, M. Danforth, K. N. Levitt, R. Maglich, J. C. Reynolds, and J. Rowe. Learning Unknown Attacks - A Start. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID), October 2002.
38. G. Kaiser, J. Parekh, P. Gross, and G. Valetto. Kinesthetics extreme: An external infrastructure for monitoring distributed legacy systems. In Proceedings of the Autonomic Computing Workshop, Fifth Annual Workshop on Active Middleware Services, 2003.
39. S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. RFC 2401, Nov. 1998.
40. A. D. Keromytis, V. Misra, and D. Rubenstein. SOS: Secure Overlay Services. In Proceedings of ACM SIGCOMM, pages 61-72, August 2002.
41. A. D. Keromytis, V. Misra, and D. Rubenstein. SOS: An Architecture For Mitigating DDoS Attacks. IEEE Journal on Selected Areas of Communications (JSAC), 2003. (to appear).
42. C. Ko, G. Fink, and K. Levitt. Automated detection of vulnerabilities in privileged programs by execution monitoring. In 10th Annual Computer Security Applications Conference, pages 134-144, December 1994.
43. O. Kreidl and T. Frazier. Feedback control applied to survivability: a host-based autonomic defense system. IEEE Transactions on Reliability, Vol. 52, No. 3, September 2003.
44. D. Larochelle and D. Evans. Statically Detecting Likely Buffer Overflow Vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, pages 177-190, August 2001.
45. W. Lee, S. Stolfo, and K. Mok. A data mining framework for building intrusion detection models. 1999.
46. W. Lee, S. J. Stolfo, and P. K. Chan. Learning patterns from unix processes execution traces for intrusion detection, pages 50-56. AAAI Press, 1997.
47. W. Lee, S. J. Stolfo, and K. Mok. Data mining in work flow environments: Experiences in intrusion detection. In Proceedings of the 1999 Conference on Knowledge Discovery and Data Mining (KDD-99), 1999.
48. M. Mahoney and P. Chan. Detecting novel attacks by identifying anomalous network packet headers. Technical Report CS-2001-2, Florida Institute of Technology, Melbourne, FL, 2001.
49. M. V. Mahoney and P. K. Chan. Learning nonstationary models of normal network traffic for detecting novel attacks. In Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 376-385. ACM Press, 2002.
50. D. Milojicic, F. Douglis, and R. Wheeler. Mobility: Pro-cesses, Computers, and Agents. Addison Wesley Longman, February 1999.
51. D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. In Proceedings of the IEEE Infocom Conference, April 2003.
52. D. Moore, G. M. Voelker, and S. Savage. Inferring internet Denial-of-Service activity. In Proceedings of the 10th Usenix Security Symposium, pages 9-22, 2001.
53. D. Newman, J. Snyder, and R. Thayer. Crying wolf: False alarms hide attacks. Network World, June 2002. http://www.nwfusion.com/techinsider/ 2002/0624security1.html.
54. D. Nojiri, J. Rowe, and K. Levitt. Cooperative Response Strategies for Large Scale Attack Mitigation. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX), pages 293-302, April 2003.
55. S. Northcutt. Network Intrusion Detection: An Analyst's Handbook, pages 122-139. New Riders, Indianapolis, 1999.
56. S. Osman, D. Subhraveti, G. Su, and J. Nieh. The design and implementation of Zap: A system for migrating computing environments. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation (OSDI 2002), pages 361-376, Boston, MA, December 2002.
57. P. PAl, M. Atighetchi, F. Webber, R. Schantz, and C. Jones. Adaptive Use of Netwokr-Centric Mechanisms in Cyber-Defense. In Proceedings of the 6th IEEE International Symposium on Object-oriented Real-time Distributed Computing, May 2003.
58. P. Pal, M. Atighetchi, F. Webber, R. Schantz, and C. Jones. Reflections on Evaluating Survivability: The APOD Experiments. In Proceedings of the 2nd IEEE International Symposium on Network Computing and Applications, April 2003.
59. L. Perrochon. Using context-based correlation in network operations management. Technical report, Stanford University Department of Computer Science, 1999. http://pavg.stanford.edu/cep/cidf.ps.gz.
60. M. Prasad and T. Chiueh. A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks. In Proceedings of the USENIX Annual Technical Conference, June 2003.
61. J. C. Reynolds, J. Just, L. Clough, and R. Maglich. On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization. In Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS), January 2003.
62. J. C. Reynolds, J. Just, E. Lawson, L. Clough, and R. Maglich. The Design and Implementation of an Intrusion Tolerant System. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), June 2002.
63. S. Robertson, E. V. Siegel, M. Miller, and S. J. Stolfo. Surveillance detection in high bandwidth environments. In Proceedings of the 2003 DARPA DISCEX III Conference, April 2003.
64. B. Segall, D. Arnold, J. Boot, et al. Content-based routing with Elvin4. In Proceedings of AUUG2K, June 2000.
65. J. F. Shoch and J. A. Hupp. The "worm" programs - early experiments with a distributed computation. Communications of the ACM, 22(3):172-180, March 1982.
66. S. Sidiroglou and A. D. Keromytis. A Network Worm Vaccine Architecture. In Proceedings of the IEEE Workshop on Enterprise Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, June 2003.
67. S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. In Proceedings of the Seventh ACM Conference on Computer and Communications Security, Athens, Greece, 2000.
68. S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, pages 149-167, August 2002.
69. R. Sterritt and D. Bustard. Autonomic computing-a means of achieving dependability? In Proceedings of IEEE International Conference on the Engineering of Computer Based Systems (ECBS'03), pages 247-251, April 2003.
70. J. D. Strunk, G. R. Goodson, A. G. Pennington, C. A. Soules, and G. R. Ganger. Intrusion detection, diagnosis, and recovery with self-securing storage. Technical report, Carnegie Mellon University, 2002.
71. P. Thompson. Web services - beyond http tunneling. In W3C Workshop on Web Services, April 2001.
72. G. Valetto and G. Kaiser. Using process technology to control and coordinate software adaptation. In Proceedings of International Conference on Software Engineering, May 2003.
73. F. Wang, F. Gong, C. Sargor, K. Goseva-Popstojanova, K. Trivedi, and F. Jou. Sitar: A scalable intrusion tolerance architecture for distributed servers. In Proceedings of the IEEE 2nd SMC Information Assurance Workshop, 2001.
74. F. Wang and R. Uppalli. SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services. In Volume II of the Proceedings of DISCEX III, pages 153-155, April 2003.
75. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: alternative data models. pages 133-145. IEEE Computer Society, 1999.
76. A. Wolf, D. Heimbigner, A.Carzaniga, J. Knight, P. Devenbu, and M. Gertz. Bend, don't break: Using reconfiguration to achieve survivability. In Proceedings of the Third Information Survivability Workshop (ISW2000), pages 187-190, October 2000.
77. A. Wolf, D. Heimbigner, A. Carzaniga, J. Knight, P. Devenbu, and M. Gertz. Bend, Don't Break: Using Reconfiguration to Achieve Survivability. In Proceedings of the 3rd Information Survivability Workshop, pages 187-190, October 2000.
78. E. Zadok and I. Badulescu. A stackable file system interface for Linux. In LinuxExpo 99, May 1999.
79. C. C. Zou, W. Gong, and D. Towsley. Code Red Worm Propagation Modeling and Analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 138-147, November 2002.