A network worm vaccine architecture

Proceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE

Volumn 2003-January, Issue , 2003, Pages 220-225

  Sidiroglou, S ^a   Keromytis, A D ^a  

^a Och Spine at New York Presbyterian Hospitals   (United States)

Author keywords

Application software; Automatic testing; Computer architecture; Humans; Immune system; Network servers; Protection; Remote sensing; Sensor phenomena and characterization; Vaccines

Indexed keywords

APPLICATION PROGRAMS; AUTOMATIC TESTING; COMPUTER TESTING; IMMUNE SYSTEM; NETWORK ARCHITECTURE; NETWORK SECURITY; REACTION RATES; REMOTE SENSING; SOFTWARE TESTING; VACCINES;

AUTOMATICALLY TEST; DISTRIBUTED SYSTEMS; HUMANS; NETWORK SERVER; PROTECTION; REACTION MECHANISM; SECURITY THREATS; SYSTEM ARCHITECTURES;

COMPUTER ARCHITECTURE;

EID: 84944412883     PISSN: 15244547     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ENABL.2003.1231411     Document Type: Conference Paper

References (41)

1. 2001 Economic Impact of Malicious Code Attacks. http://www.computereconomics.com/cei/press/pr92101.html.
2. Using Network-Based Application Recognition and Access Control Lists for Blocking the "Code Red" Worm at Network Ingress Points. Technical report, Cisco Systems, Inc.
3. VMWare Emulator. http://www.vmware.com/.
4. CERT Advisory CA-2001-19: 'Code Red' Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, July 2001.
5. Cert Advisory CA-2003-04: MS-SQL Server Worm. http://www.cert.org/advisories/CA-2003-04.html, January 2003.
6. The Spread of the Sapphire/Slammer Worm. http://www.silicondefense.com/research/worms/slammer.php, February 2003.
7. Aleph One. Smashing the stack for fun and profit. Phrack, 7(49), 1996.
8. A. Baratloo, N. Singh, and T. Tsai. Transparent Run-Time Defense Against Stack Smashing Attacks. In Proceedings of the USENIX Annual Technical Conference, June 2000.
9. J. Brunner. The Shockwave Rider. Del Rey Books, Canada, 1975.
10. Bulba and Kil3r. Bypassing StackGuard and StackShield. Phrack, 5(56), May 2000.
11. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998.
12. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI), December 2002.
13. J. Etoh. GCC extension for protecting applications from stack-smashing attacks. http://www.trl.ibm.com/projects/security/ssp/, June 2000.
14. S. Forrest, A. Somayaji, and D. Ackley. Building Diverse Computer Systems. In Proceedings of the 6th HotOS Workshop, 1997.
15. T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163-176, February 2003.
16. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 191-206, February 2003.
17. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications. In Procedings of the 1996 USENIX Annual Technical Conference, 1996.
18. A. Keromytis, V. Misra, and D. Rubenstein. SOS: Secure Overlay Services. In Proceedings of ACM SIGCOMM, pages 61-72, August 2002.
19. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure Execution Via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, pages 191-205, August 2002.
20. K. Lhee and S. J. Chapin. Type-Assisted Dynamic Buffer Overflow Detection. In Proceedings of the 11th USENIX Security Symposium, pages 81-90, August 2002.
21. M.-J. Lin, A. Ricciardi, and K. Marzullo. A New Model for Availability in the Face of Self-Propagating Attacks. In Proceedings of the New Security Paradigms Workshop, November 1998.
22. T. Liston. Welcome To My Tarpit: The Tactical and Strategic Use of LaBrea. Technical report, 2001.
23. M. Conover and w00w00 Security Team. w00w00 on heap overflows. http://www.w00w00.org/files/articles/heaptut.txt, January 1999.
24. A. J. Malton. The Denotational Semantics of a Functional Tree-Manipulation Language. Computer Languages, 19(3):157-168, 1993.
25. D. Moore, C. Shanning, and K. Claffy. Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd Internet Measurement Workshop (IMW), pages 273-284, November 2002.
26. D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. In Proceedings of the IEEE Infocom Conference, April 2003.
27. C. Nachenberg. Computer Virus - Coevolution. Communications of the ACM, 50(1):46-51, 1997.
28. N. Provos. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium, August 2003.
29. J. Reynolds, J. Just, E. Lawson, L. Clough, and R. Maglich. The Design and Implementation of an Intrusion Tolerant System. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), June 2002.
30. M. Rosenblum, E. Bugnion, S. Devine, and S. A. Herrod. Using the SimOS Machine Simulator to Study Complex Computer Systems. Modeling and Computer Simulation, 7(1):78-103, 1997.
31. J. Shoch and J. Hupp. The "worm" programs - early experiments with a distributed computation. Communications of the ACM, 22(3):172-180, March 1982.
32. D. Song, R. Malan, and R. Stone. A Snapshot of Global Internet Worm Activity. Technical report, Arbor Networks, November 2001.
33. E. H. Spafford. The Internet Worm Program: An Analysis. Technical Report CSD-TR-823, Purdue University, 1988.
34. S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, pages 149-167, August 2002.
35. T. Toth and C. Kruegel. Connection-history Based Anomaly Detection. In Proceedings of the IEEE Workshop on Information Assurance and Security, June 2002.
36. E. Visser. Stratego: A Language for Program Transformation Based on Rewriting Strategies. Lecture Notes in Computer Science, 2051, 2001.
37. C. Wang, J. C. Knight, and M. C. Elder. On Computer Viral Infection and the Effect of Immunization. In Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC), pages 246-256, 2000.
38. A. Whitaker, M. Shaw, and S. D. Gribble. Scale and Performance in the Denali Isolation Kernel. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation (OSDI), December 2002.
39. J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Intrusion Prevention. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 123-130, February 2003.
40. M. Williamson. Throttling Viruses: Restricting Propagation to Defeat Malicious Mobile Code. Technical Report HPL-2002-172, HP Laboratories Bristol, 2002.
41. C. C. Zou, W. Gong, and D. Towsley. Code Red Worm Propagation Modeling and Analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 138-147, November 2002.