Provenance-aware tracing of worm break-in and contaminations: A process coloring approach

Proceedings - International Conference on Distributed Computing Systems

Volumn 2006, Issue , 2006, Pages 38-45

  Jiang, Xuxian ^a   Walters, A Aron ^a   Buchholz, Florian ^b   Xu, Dongyan ^a   Wang, Yi Min ^c   Spafford, Eugene H ^a  

^a Purdue University   (United States)

^b JAMES MADISON UNIVERSITY   (United States)

^c MICROSOFT RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL METHODS; DATA TRANSFER; ELECTRONIC CRIME COUNTERMEASURES; INTERNET; SERVERS;

REAL WORLD WORMS; VIRTUAL MACHINE;

COMPUTER WORMS;

EID: 33947629208     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICDCS.2006.69     Document Type: Conference Paper

References (27)

1. SANS Institute: Lion worm. http://www.sans.com/y2k/lion.htm.
2. SARS Worms, http://www.xfocus.net/tools/200306/413.html, June 2003.
3. P. Ammann, S. Jajodia, and P. Liu. Recovery from Malicious Transactions. IEEE TKDE, Volume 14, Issue. 5, 2002.
4. F. Buchholz. Pervasive Binding of Labels to System Processes. Ph.D. Thesis, CERIAS TR 2005-54, Purdue University, 2005.
5. J. Butler. Direct Kernel Object Manipulation (DKOM). http://www. blackhat.com/presentations/win-usa-04/bh-win-04-butler.pdf, 2004.
6. J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. USENIX Security Symp., Aug. 2004.
7. J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. USENIX Security Symp., Aug. 2005.
8. D. E. Denning. A Lattice Model of Secure Information Flow. Commun. ACM 19, 5 (May), 236-243, 1976.
9. M. Dornseif, T. Holz, and C. Klein. NoSEBrEaK - Attacking Honeynets. Proceedings of the 5th Annual IEEE Information Assurance Workshop, Westpoint, June 2004.
10. B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, I. Pratt, A. Warfield, P. Barham, and R. Neugebauer. Xen and the Art of Virtualization. ACM SOSP 2003, Oct. 2003.
11. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay. USENIX OSDI, Dec. 2002.
12. E. N. Elnozahy, L. Alvisi, Y.-M. Wang, and D. B. Johnson. A Survey of Rollback-Recovery Protocols in Message Passing Systems. ACM Computing Survey, 34(3), 2002.
13. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection NDSS 2003, Feb. 2003.
14. X. Jiang, A. Walters, F. Buchholz, D. Xu, Y. Wang, and E. Spafford. Provenance-Aware Tracing of Worm Break-in and Contaminations: A Process Coloring Approach. CERIAS Technical Report 2005-81, Purdue University, 2005.
15. X. Jiang, D. Xu, H. J. Wang, and E. H. Spafford. Virtual Playgrounds for Worm Behavior Investigation. RAID 2005, Sept. 2005.
16. S. T. King and P. M. Chen. Backtracking Intrusions. ACM SOSP 2003, Oct. 2003.
17. S. T. King, G. W. Dunlap, and P. M. Chen. Debugging Operating Systems with Time-Traveling Virtual Machines. USENIX Technical Conference, Apr. 2005.
18. S. T. King, Z. M. Mao, D. G. Lucchetti, and P. M. Chen. Enriching Intrusion Alerts Through Multi-Host Causality. NDSS 2005, Feb. 2005.
19. J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. NDSS 2005, Feb. 2005.
20. F. Perriot and P. Szor. An Analysis of the Slapper Worm Exploit. Symantec White Paper.
21. N. L. Petroni, T. Fraser, J. Molina, and W. A. Arbaugh. Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. USENIX Security Symp., Aug. 2004.
22. N. Provos. Improving Host Security with System Call Policies. USENIX Security Symp., Aug. 2003.
23. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doom, and P. Khosla. Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms. ACM SOSP 2005, Oct. 2005.
24. A. Stavrou, A. D. Keromytis, J. Nieh, V. Misra, and D. Rubenstein. MOVE: An End-to-End Solution To Network Denial of Service. NDSS 2005, Feb. 2005.
25. D. Wagner and P. Soto. Mimicry Attacks on Host-Based Intrusion Detection Systems. ACM CCS 2002, Nov. 2002.
26. A. Whitaker, R. S. Cox, and S. D. Gribble. Configuration Debugging as Search: Finding the Needle in the Haystack. USENIX OSDI 2004, Dec. 2004.
27. N. Zhu and T. Chiueh. Design, Implementation and Evaluation of Repairable File Service. IEEE DSN 2003, June 2003.