The taser intrusion recovery system

Proceedings of the 20th ACM Symposium on Operating Systems Principles, SOSP 2005

Volumn , Issue , 2005, Pages 163-176

  Goel, Ashvin ^a   Po, Kenneth ^a   Farhadi, Kamran ^a   Li, Zheng ^a   De Lara, Eyal ^a  

^a UNIVERSITY OF TORONTO   (Canada)

Author keywords

file systems; intrusion analysis; intrusion recovery; snapshots

Indexed keywords

AUTOMATED RESOLUTION; COMPUTING RESOURCE; FILE SYSTEMS; INTRUSION ANALYSIS; INTRUSION RECOVERY; NEXT GENERATION SYSTEMS; SNAPSHOTS; SYSTEM MANAGEMENT;

RECOVERY;

EID: 84885588230     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1095810.1095826     Document Type: Conference Paper

References (33)

1. Edward C. Bailey. Maximum RPM. Sams, August 1997.
2. Paul T. Barham, Austin Donnelly, Rebecca Isaacs, and Richard Mortier. Using magpie for request extraction and workload modelling. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation, pages 259-272, 2004.
3. Aaron B. Brown and David A. Patterson. Undo for operators: Building an undoable e-mail store. In Proceedings of the USENIX Technical Conference, pages 1-14, 2003.
4. Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. Understanding data lifetime via whole system simulation. In Proceedings of the USENIX Security Symposium, pages 321-336, August 2004.
5. G. W. Dunlap, S. T. King, S. Cinar, M. Basrai, and P. M. Chen. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation, December 2002.
6. Tal Garfinkel. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proceedings of the Network and Distributed System Security Symposium, February 2003.
7. Tal Garfinkel and Mendel Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the Network and Distributed System Security Symposium, February 2003.
8. Ashvin Goel, Wu-chang Feng, David Maier, Wu-chi Feng, and Jonathan Walpole. Forensix: A robust, high-performance reconstruction system. In Proceedings of the International Workshop on Security in Distributed Computing Systems (SDCS), June 2005. In conjunction with the International Conference on Distributed Computing Systems (ICDCS).
9. Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. A secure environment for untrusted helper applications. In Proceedings of the USENIX Security Symposium, 1996.
10. Bobbie Harder. Microsoft windows system restore. http://msdn.microsoft. com/library/en-us/dnwxp/html/windowsxpsystemrestore.asp, April 2001.
11. Gene H. Kim and Eugene H. Spafford. The design and implementation of Tripwire: A file system integrity checker. In Proceedings of the ACM Conference on Computer and Communications Security, pages 18-29, 1994.
12. Samuel T. King and Peter M. Chen. Backtracking intrusions. In Proceedings of the Symposium on Operating Systems Principles, October 2003.
13. Puneet Kumar and Mahadev Satyanarayanan. Flexible and safe resolution of file conflicts. In Proceedings of the USENIX Technical Conference, pages 95-106. USENIX, January 1995.
14. Peng Liu, Paul Ammann, and Sushil Jajodia. Rewriting histories: Recovering from malicious transactions. Distributed and Parallel Databases, 8(1):7-40, 2000.
15. Toby Miller. Analysis of the knark rootkit. http://www.ossec.net/ rootkits/studies/knark.txt, 2001. SecurityFocus.
16. Nicholas Petreley. Security report: Windows vs Linux. The Register, October 2004. http://www.theregister.co.uk/security/security-report-windows-vs- linux.
17. Dhruv Pilania and Tzi cker Chiueh. Design, implementation, and evaluation of an intrusion resilient database system. Technical Report TR-124, SUNY, Stony Brook, April 2005.
18. N. Provos. Improving host security with system call policies. In Proceedings of the USENIX Security Symposium, pages 257-272, August 2003.
19. Peter Reiher, John S. Heidemann, David Ratner, Gregory Skinner, and Gerald J. Popek. Resolving file conflicts in the Ficus file system. In USENIX Technical Conference, pages 183-195. USENIX, June 1994.
20. Martin Roesch. Snort - Lightweight intrusion detection for networks. In Proceedings of the USENIX Large Installation Systems Administration Conference, pages 229-238, November 1999.
21. A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1), January 2003.
22. Douglas S. Santry, Michael J. Feeley, Norman C. Hutchinson, Alistair C. Veitch, Ross W. Carton, and Jacob Ofir. Deciding when to forget in the Elephant file system. In Proceedings of the Symposium on Operating Systems Principles, pages 110-123, December 1999.
23. sd and devik. Linux on-the-fly kernel patching without LKM. Phrack issue 58, December 2001.
24. Secunia. Secunia vulnerability report. http://www.secunia.com.
25. Craig A. N. Soules, Garth R. Goodson, John D. Strunk, and Gregory R. Ganger. Metadata efficiency in versioning file systems. In Proceedings of the USENIX Conference on File and Storage Technologies, pages 43-58, 2003.
26. John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A. N. Soules, and Gregory R. Ganger. Self-securing storage: Protecting data in compromised systems. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation, pages 165-180, 2000.
27. G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. Secure program execution via dynamic information flow tracking. ACM SIGARCH Computer Architecture News, 32(5):85-96, 2004.
28. Weiqing Sun, Zhenkai Liang, R. Sekar, and V.N. Venkatakrishnan. One-way Isolation: An Effective Approach for Realizing Safe Execution Environments. In Proceedings of the Network and Distributed System Security Symposium, February 2005.
29. Douglas B. Terry, Marvin M. Theimer, Karin Petersen, Alan J. Demers, Mike J. Spreitzer, and Carl H. Hauser. Managing update conflicts in Bayou, a weakly connected replicated storage system. In Proceedings of the 15th Symposium on Operating Systems Principles, pages 172-183, December 1995.
30. Andy Watson and Paul Benn. Multiprotocol Data Access: NFS, CIFS, and HTTP. Technical Report TR3014, Network Appliance, Inc., 1999. http://www.netapp.com/tech-library/3014.html.
31. Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg Kroah-Hartman. Linux Security Modules: General security support for the Linux kernel. In Proceedings of the USENIX Security Symposium, pages 17-31, 2002.
32. Huagang Xie and et al. Linux intrusion detection system (LIDS) project. http://www.lids.org/.
33. Ningning Zhu and Tzi-Cker Chiueh. Design, implementation, and evaluation of repairable file service. In Proceedings of the IEEE Dependable Systems and Networks, pages 217-226, June 2003.