It's a difficult mental exercise to simultaneously envision how a system could be forced to fail while you're busy designing how it's meant to work. At George Mason University, instructors give their students practice at this skill by requiring them ...

Keywords: Education, security, privacy, attack scripts, coding

Automated intrusion prevention and self-healing software are active areas of security systems research. A major hurdle for the widespread deployment of these systems is that many system administrators lack confidence in the quality of the generated fixes. ...

Keywords: automatic repair validation, software self-healing

Current embryonic attempts at software self---healing produce mechanisms that are often oblivious to the semantics of the code they supervise. We believe that, in order to help inform runtime repair strategies, such systems require a more detailed analysis ...

Keywords: anonamly detection, behavior profiling, self-healing

We question current trends that attempt to leverage virtualization techniques to achieve security goals. We suggest that the security role of a virtual machine centers on being a policy interpreter rather than a resource provider. These two roles (security ...

Keywords: debugging, security policy, traps, virtualization

The efficacy of Anomaly Detection (AD) sensors depends heavily on the quality of the data used to train them. Artificial or contrived training data may not provide a realistic view of the deployment environment. Most realistic data sets are dirty; that ...

Network protection can be difficult even for experienced IT staff and security researchers. In this installment of Secure Systems, the authors focus on two areas of network defense that are particularly troublesome to manage: network intrusion recovery ...

Keywords: network defense, network intrusion recovery, network monitoring, Secure Systems

Software currently lacks the capability to respond intelligently and automatically to attacks in a way that preserves both its availability and its integrity. This problem is exacerbated by the occurrence of attacks that exploit previously unknown vulnerabilities ...

Polymorphic malcode remains a troubling threat. The ability formal code to automatically transform into semantically equivalent variants frustrates attempts to rapidly construct a single, simple, easily verifiable representation. We present a quantitative ...

Keywords: polymorphism, shellcode, signature generation, statistical models

Most computer defense systems crash the process that they protect as part of their response to an attack. Although recent research explores the feasibility of self-healing to automatically recover from an attack, self-healing faces some obstacles before ...

In this paper, we present ShieldGen, a system for automatically generating a data patch or a vulnerability signature for an unknown vulnerability, given a zero-day attack instance. The key novelty in our work is that we leverage knowledge of the data ...