ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Vigilante: end-to-end containment of internet worms
Full text PdfPdf (329 KB)
Source ACM Symposium on Operating Systems Principles archive
Proceedings of the twentieth ACM symposium on Operating systems principles table of contents
Brighton, United Kingdom
SESSION: Containment table of contents
Pages: 133 - 147  
Year of Publication: 2005
ISBN:1-59593-079-5
Also published in ...
Authors
Manuel Costa  University of Cambridge, Cambridge, UK and Microsoft Research Ltd., Cambridge, UK
Jon Crowcroft  University of Cambridge, Cambridge, UK
Miguel Castro  Microsoft Research Ltd., Cambridge, UK
Antony Rowstron  Microsoft Research Ltd., Cambridge, UK
Lidong Zhou  Microsoft Research Silicon Valley, CA
Lintao Zhang  Microsoft Research Silicon Valley, CA
Paul Barham  Microsoft Research Ltd., Cambridge, UK
Sponsors
ACM: Association for Computing Machinery
SIGOPS: ACM Special Interest Group on Operating Systems
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 19,   Downloads (12 Months): 194,   Citation Count: 66
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1095810.1095824
What is a DOI?

ABSTRACT

Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Pax team. http://pax.grsecurity.net/.
2
Martín Abadi , Mihai Budiu , Úlfar Erlingsson , Jay Ligatti, Control-flow integrity, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102165]
 
3
Akamai. Press release: Akamai helps mcafee.com support flash crowds from iloveyou virus, May 2000.
4
Elena Gabriela Barrantes , David H. Ackley , Trek S. Palmer , Darko Stefanovic , Dino Dai Zovi, Randomized instruction set emulation to disrupt binary code injection attacks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948147]
 
5
Bruening, D., Duesterwald, E., and Amarasinghe, S. Design and implementation of a dynamic optimization framework for Windows. In ACM FDD0 (Dec. 2000).
6
Miguel Castro , Peter Druschel , Ayalvadi Ganesh , Antony Rowstron , Dan S. Wallach, Secure routing for structured peer-to-peer overlay networks, Proceedings of the 5th symposium on Operating systems design and implementation

Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading

, December 09-11, 2002, Boston, Massachusetts  [doi>10.1145/1060289.1060317]
7
Ashlesha Joshi , Samuel T. King , George W. Dunlap , Peter M. Chen, Detecting past and present intrusions through vulnerability-specific predicates, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
 
8
Chen, Z., Gao, L., and Kwiat, K. Modelling the spread of active worms. In IEEE INFOCOM (Apr. 2003).
 
9
Costa, M., Crowcroft, J., Castro, M., and Rowstron, A. Can we contain I nternet worms? In HotNets (Nov. 2004).
 
10
Cowan, C., Pu, C., Maier, D., Hinton, H., Wadpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. Stackguard: Automatic detection and prevention of buffer-overrun attacks. In USENIX Security Symposium (Jan. 1998).
 
11
Jedidiah R. Crandall , Frederic T. Chong, Minos: Control Data Attack Prevention Orthogonal to Memory Model, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.221-232, December 04-08, 2004, Portland, Oregon  [doi>10.1109/MICRO.2004.26]
 
12
John R. Douceur, The Sybil Attack, Revised Papers from the First International Workshop on Peer-to-Peer Systems, p.251-260, March 07-08, 2002
13
George W. Dunlap , Samuel T. King , Sukru Cinar , Murtaza A. Basrai , Peter M. Chen, ReVirt: enabling intrusion analysis through virtual-machine logging and replay, Proceedings of the 5th symposium on Operating systems design and implementation

Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading

, December 09-11, 2002, Boston, Massachusetts  [doi>10.1145/1060289.1060309]
14
E. N. (Mootaz) Elnozahy , Lorenzo Alvisi , Yi-Min Wang , David B. Johnson, A survey of rollback-recovery protocols in message-passing systems, ACM Computing Surveys (CSUR), v.34 n.3, p.375-408, September 2002  [doi>10.1145/568522.568525]
 
15
Fraser, K., and Chang, F. Operating System I/O Speculation: How two invocations are faster than one. In USENIX Annual Technical Conference (Jun. 2003).
 
16
Garfinkel, T., and Rosenblum, M. A virtual machine introspection based architecture for intrusion detection. In NDSS (Feb. 2003).
 
17
Georgatos, F., Gruber, F., Karrenberg, D., Santcroos, M., Uijterwaal, H., and Wilhelm, R. Providing A ctive M easurements as a R egular S ervice for ISP s. In PAM2001 (Apr. 2001). http://www.ripe.net/ttm.
 
18
Heberlein, L. T., Dias, G., K, L., Wood, B. M. J., and Wolber, D. A network security monitor. In Proceedings of the IEEE Symposium on Research in Privacy (1990).
 
19
Herbert W. Hethcote, The Mathematics of Infectious Diseases, SIAM Review, v.42 n.4, p.599-653, Dec. 2000  [doi>10.1137/S0036144500371907]
 
20
Hunt, G., and Brubacher, D. Detours: Binary interception of W in32 functions. In USENIX Windows NT Symposium (July 1999).
21
Gaurav S. Kc , Angelos D. Keromytis , Vassilis Prevelakis, Countering code-injection attacks with instruction-set randomization, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948146]
 
22
Kim, H., and Karp, B. Autograph: Toward automated, distributed worm signature detection. In USENIX Security Symposium (Aug. 2004).
 
23
Vladimir Kiriansky , Derek Bruening , Saman P. Amarasinghe, Secure Execution via Program Shepherding, Proceedings of the 11th USENIX Security Symposium, p.191-206, August 05-09, 2002
 
24
Kreibich, C., and Crowcroft, J. Honeycomb - creating intrusion detection signatures using honeypots. In HotNets (Nov. 2003).
 
25
Microsoft. Nirvana. http://www.microsoft.com/windows/cse/bit.mspx.
 
26
David Moore , Vern Paxson , Stefan Savage , Colleen Shannon , Stuart Staniford , Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, v.1 n.4, p.33-39, July 2003  [doi>10.1109/MSECP.2003.1219056]
 
27
Moore, D., Shannon, C., Voelker, G., and Savage, S. Internet quarantine: Requirements for containing self-propagating code. In IEEE INFOCOM (Apr. 2003).
28
George C. Necula , Scott McPeak , Westley Weimer, CCured: type-safe retrofitting of legacy code, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.128-139, January 16-18, 2002, Portland, Oregon
 
29
James Newsome , Brad Karp , Dawn Song, Polygraph: Automatically Generating Signatures for Polymorphic Worms, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.226-241, May 08-11, 2005  [doi>10.1109/SP.2005.15]
 
30
Newsome, J., and Song, D. Dynamic taint analysis: Automatic detection and generation of software exploit attacks. In NDSS (Feb. 2005).
 
31
Vern Paxson, Bro: a system for detecting network intruders in real-time, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.23-24, p.2435-2463, Dec. 1999  [doi>10.1016/S1389-1286(99)00112-7]
 
32
Ptacek, T. H., and Newsham, T. N. Insertion, evasion, and denial of service: Eluding network intrusion detection. Tech. rep., Secure Networks, Inc, Jan. 1998.
33
Thomas Reps , Genevieve Rosay, Precise interprocedural chopping, Proceedings of the 3rd ACM SIGSOFT symposium on Foundations of software engineering, p.41-52, October 12-15, 1995, Washington, D.C., United States
 
34
Rinard, M., Cadar, C., Dumitran, D., Roy, D. M., Leu, T., and Jr., W. S. B. Enhancing server availability and security through failure-oblivious computing. In OSDI (Dec. 2004).
 
35
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks, Proceedings of the 13th USENIX conference on System administration, November 07-12, 1999, Seattle, Washington
 
36
Stelios Sidiroglou , Angelos D. Keromytis, Countering Network Worms Through Automatic Patch Generation, IEEE Security and Privacy, v.3 n.6, p.41-49, November 2005  [doi>08AEE859-E2A6-45B4-90A7-B480D9D7E2B2]
 
37
Sidiroglou, S., Locasto, M. E., Boyd, S. W., and Keromytis, A. D. Building a reactive immune system for software services. In Usenix Technical Conference (Apr. 2005).
 
38
Singh, S., Estan, C., Varghese, G., and Savage, S. Automated worm fingerprinting. In OSDI (Dec. 2004).
 
39
Smirnov, A., and cker Chiueh, T. DIRA: Automatic detection, identification, and repair of control-hijacking attacks. In NDSS (Feb. 2005).
 
40
SPEC. Specweb99 benchmark. http://www.spec.org/osg/web99.
41
Stuart Staniford , David Moore , Vern Paxson , Nicholas Weaver, The top speed of flash worms, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029618.1029624]
 
42
Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
43
G. Edward Suh , Jae W. Lee , David Zhang , Srinivas Devadas, Secure program execution via dynamic information flow tracking, Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, October 07-13, 2004, Boston, MA, USA
 
44
TPC. Tpc-c online transaction processing benchmark. http://www.tpc.org/tpcc/default.asp.
45
Helen J. Wang , Chuanxiong Guo , Daniel R. Simon , Alf Zugenmaier, Shield: vulnerability-driven network filters for preventing known vulnerability exploits, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
 
46
Weaver, N., Staniford, S., and Paxson, V. Very fast containment of scanning worms. In USENIX Security Symposium (Aug. 2004).
 
47
Wilander, J., and Kamkar, M. A comparison of publicly available tools for dynamic buffer overflow prevention. In NDSS (Feb. 2003).
 
48
Matthew M. Williamson, Throttling Viruses: Restricting propagation to defeat malicious mobile code, Proceedings of the 18th Annual Computer Security Applications Conference, p.61, December 09-13, 2002
 
49
Zegura, E., Calvert, K., and Bhattacharjee, S. How to model an internetwork. In IEEE INFOCOM (Mar. 1996).
50
Cliff Changchun Zou , Lixin Gao , Weibo Gong , Don Towsley, Monitoring and early warning for internet worms, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948136]

CITED BY  66
Jedidiah R. Crandall , Zhendong Su , S. Felix Wu , Frederic T. Chong, On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
Michael Vrable , Justin Ma , Jay Chen , David Moore , Erik Vandekieft , Alex C. Snoeren , Geoffrey M. Voelker , Stefan Savage, Scalability, fidelity, and containment in the potemkin virtual honeyfarm, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
Ashlesha Joshi , Samuel T. King , George W. Dunlap , Peter M. Chen, Detecting past and present intrusions through vulnerability-specific predicates, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
Zhenkai Liang , R. Sekar, Fast and automated generation of attack signatures: a basis for building self-protecting servers, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
Milan VojnoviĆ , Ayalvadi Ganesh, On the effectiveness of automatic patching, Proceedings of the 2005 ACM workshop on Rapid malcode, November 11-11, 2005, Fairfax, VA, USA
Christof Fetzer , Martin Süßkraut, Switchblade: enforcing dynamic personalized system call models, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
Michael E. Locasto , Angelos Stavrou , Gabriela F. Cretu , Angelos D. Keromytis, From STEM to SEAD: speculative execution for automated defense, 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, p.1-14, June 17-22, 2007, Santa Clara, CA
Manuel Egele , Christopher Kruegel , Engin Kirda , Heng Yin , Dawn Song, Dynamic spyware analysis, 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, p.1-14, June 17-22, 2007, Santa Clara, CA
Jedidiah R. Crandall , S. Felix Wu , Frederic T. Chong, Minos: Architectural support for protecting control data, ACM Transactions on Architecture and Code Optimization (TACO), v.3 n.4, p.359-389, December 2006
Justin Ma , John Dunagan , Helen J. Wang , Stefan Savage , Geoffrey M. Voelker, Finding diversity in remote code injection exploits, Proceedings of the 6th ACM SIGCOMM on Internet measurement, October 25-27, 2006, Rio de Janeriro, Brazil
Niels Provos , Joe McClain , Ke Wang, Search worms, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA
Xuxian Jiang , Dongyan Xu, Profiling self-propagating worms via behavioral footprinting, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA
Prem Gopalan , Kyle Jamieson , Panayiotis Mavrommatis , Massimiliano Poletto, Signature metrics for accurate and automated worm detection, Proceedings of the 4th ACM workshop on Recurring malcode, November 03-03, 2006, Alexandria, Virginia, USA
Srinivas Shakkottai , R. Srikant, Peer to peer networks for defense against internet worms, Proceedings from the 2006 workshop on Interdisciplinary systems approach in performance evaluation and design of computer & communications sytems, October 14-14, 2006, Pisa, Italy
Janak J. Parekh , Ke Wang , Salvatore J. Stolfo, Privacy-preserving payload-based correlation for accurate malicious traffic detection, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.99-106, September 11-15, 2006, Pisa, Italy
Songqing Chen , Xinyuan Wang , Lei Liu , Xinwen Zhang, WormTerminator: an effective containment of unknown and polymorphic fast spreading worms, Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, December 03-05, 2006, San Jose, California, USA
Jingfei Kong , Cliff C. Zou , Huiyang Zhou, Improving software security via runtime instruction-level taint checking, Proceedings of the 1st workshop on Architectural and system support for improving software dependability, p.18-24, October 21-21, 2006, San Jose, California
Sanjay Bhansali , Wen-Ke Chen , Stuart de Jong , Andrew Edwards , Ron Murray , Milenko Drinić , Darek Mihočka , Joe Chau, Framework for instruction-level tracing and analysis of program executions, Proceedings of the second international conference on Virtual execution environments, June 14-16, 2006, Ottawa, Ontario, Canada
Alberto Avritzer , Robert G. Cole , Elaine J. Weyuker, Using performance signatures and software rejuvenation for worm mitigation in tactical MANETs, Proceedings of the 6th international workshop on Software and performance, February 05-08, 2007, Buenes Aires, Argentina
Alex Ho , Michael Fetterman , Christopher Clark , Andrew Warfield , Steven Hand, Practical taint-based protection using demand emulation, ACM SIGOPS Operating Systems Review, v.40 n.4, October 2006
Georgios Portokalidis , Asia Slowinska , Herbert Bos, Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation, ACM SIGOPS Operating Systems Review, v.40 n.4, October 2006
Moez Draief , Ayalvadi Ganesh , Laurent Massoulié, Thresholds for virus spread on networks, Proceedings of the 1st international conference on Performance evaluation methodolgies and tools, October 11-13, 2006, Pisa, Italy
Håvard Johansen , André Allavena , Robbert van Renesse, Fireflies: scalable support for intrusion-tolerant network overlays, ACM SIGOPS Operating Systems Review, v.40 n.4, October 2006
Georgios Portokalidis , Herbert Bos, SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.5, p.1256-1274, April, 2007
Joseph Tucek , James Newsome , Shan Lu , Chengdu Huang , Spiros Xanthos , David Brumley , Yuanyuan Zhou , Dawn Song, Sweeper: a lightweight end-to-end system for defending against fast worms, ACM SIGOPS Operating Systems Review, v.41 n.3, June 2007
Qiang Wei , Matei Ripeanu , Konstantin Beznosov, Cooperative secondary authorization recycling, Proceedings of the 16th international symposium on High performance distributed computing, June 25-29, 2007, Monterey, California, USA
James Newsome , Stephen McCamant , Dawn Song, Measuring channel capacity to distinguish undue influence, Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, June 15-21, 2009, Dublin, Ireland
Costin Raiciu , Mark Handley , David S. Rosenblum, Exploit hijacking: side effects of smart defenses, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.123-130, September 11-15, 2006, Pisa, Italy
Senthilkumar G. Cheetancheri , John Mark Agosta , Denver H. Dash , Karl N. Levitt , Jeff Rowe , Eve M. Schooler, A distributed host-based worm detection system, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.107-113, September 11-15, 2006, Pisa, Italy
Michael Dalton , Hari Kannan , Christos Kozyrakis, Raksha: a flexible information flow architecture for software security, ACM SIGARCH Computer Architecture News, v.35 n.2, May 2007
Michael E. Locasto , Angelos Stavrou , Angelos D. Keromytis, Dark application communities, Proceedings of the 2006 workshop on New security paradigms, September 19-22, 2006, Germany
Zhiqiang Lin , Xuxian Jiang , Dongyan Xu , Bing Mao , Li Xie, AutoPaG: towards automated software patch generation with source code root cause identification and repair, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
Feng Qin , Cheng Wang , Zhenmin Li , Ho-seop Kim , Yuanyuan Zhou , Youfeng Wu, LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks, Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, p.135-148, December 09-13, 2006
Prateek Saxena , R Sekar , Varun Puranik, Efficient fine-grained binary instrumentationwith applications to taint-tracking, Proceedings of the sixth annual IEEE/ACM international symposium on Code generation and optimization, April 05-09, 2008, Boston, MA, USA
Shvetank Jain , Fareha Shafique , Vladan Djeric , Ashvin Goel, Application-level isolation and recovery with solitude, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
Miguel Castro , Manuel Costa , Jean-Philippe Martin, Better bug reporting with better privacy, ACM SIGPLAN Notices, v.43 n.3, March 2008
Joseph Tucek , Shan Lu , Chengdu Huang , Spiros Xanthos , Yuanyuan Zhou, Triage: diagnosing production run failures at the user's site, ACM SIGOPS Operating Systems Review, v.41 n.6, December 2007
Charles Reis , John Dunagan , Helen J. Wang , Opher Dubrovsky , Saher Esmeir, BrowserShield: Vulnerability-driven filtering of dynamic HTML, ACM Transactions on the Web (TWEB), v.1 n.3, p.11-es, September 2007
Manuel Costa , Miguel Castro , Lidong Zhou , Lintao Zhang , Marcus Peinado, Bouncer: securing software by blocking bad input, ACM SIGOPS Operating Systems Review, v.41 n.6, December 2007
Juan Caballero , Heng Yin , Zhenkai Liang , Dawn Song, Polyglot: automatic extraction of protocol message format using dynamic binary analysis, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Olatunji Ruwase , Phillip B. Gibbons , Todd C. Mowry , Vijaya Ramachandran , Shimin Chen , Michael Kozuch , Michael Ryan, Parallelizing dynamic information flow tracking, Proceedings of the twentieth annual symposium on Parallelism in algorithms and architectures, June 14-16, 2008, Munich, Germany
Rui Wang , XiaoFeng Wang , Zhuowei Li, Panalyst: privacy-aware remote error analysis on commodity software, Proceedings of the 17th conference on Security symposium, p.291-306, July 28-August 01, 2008, San Jose, CA
Spiros Antonatos , Kostas Anagnostakis , Evangelos Markatos, Honey@home: a new approach to large-scale threat monitoring, Proceedings of the 2007 ACM workshop on Recurring malcode, November 02-02, 2007, Alexandria, Virginia, USA
Charles Reis , John Dunagan , Helen J. Wang , Opher Dubrovsky , Saher Esmeir, BrowserShield: vulnerability-driven filtering of dynamic HTML, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
Georgios Portokalidis , Herbert Bos, Eudaemon: involuntary and on-demand emulation against zero-day exploits, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
Oliver Sharma , Mark Girolami , Joseph Sventek, Detecting worm variants using machine learning, Proceedings of the 2007 ACM CoNEXT conference, December 10-13, 2007, New York, New York
Miguel Castro , Manuel Costa , Tim Harris, Securing software by enforcing data-flow integrity, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
Yingbo Song , Michael E. Locasto , Angelos Stavrou , Angelos D. Keromytis , Salvatore J. Stolfo, On the infeasibility of modeling polymorphic shellcode, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Edmund B. Nightingale , Daniel Peek , Peter M. Chen , Jason Flinn, Parallelizing security checks on commodity hardware, ACM SIGPLAN Notices, v.43 n.3, March 2008
Heng Yin , Dawn Song , Manuel Egele , Christopher Kruegel , Engin Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Shashidhar Mysore , Bita Mazloom , Banit Agrawal , Timothy Sherwood, Understanding and visualizing full systems with data flow tomography, ACM SIGARCH Computer Architecture News, v.36 n.1, March 2008
Qijun Gu , Rizwan Noorani, Towards self-propagate mal-packets in sensor networks, Proceedings of the first ACM conference on Wireless network security, March 31-April 02, 2008, Alexandria, VA, USA
Weidong Cui , Marcus Peinado , Karl Chen , Helen J. Wang , Luis Irun-Briz, Tupni: automatic reverse engineering of input formats, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Haibo Chen , Xi Wu , Liwei Yuan , Binyu Zang , Pen-chung Yew , Frederic T. Chong, From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware, ACM SIGARCH Computer Architecture News, v.36 n.3, p.401-412, June 2008
Min Cai , Kai Hwang , Jianping Pan , Christos Papadopoulos, WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation, IEEE Transactions on Dependable and Secure Computing, v.4 n.2, p.88-104, April 2007
Walter Chang , Brandon Streiff , Calvin Lin, Efficient and extensible security enforcement using dynamic data flow analysis, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Milan Vojnovic , Ayalvadi J. Ganesh, On the race of worms, alerts, and patches, IEEE/ACM Transactions on Networking (TON), v.16 n.5, p.1066-1079, October 2008
Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: End-to-end containment of Internet worm epidemics, ACM Transactions on Computer Systems (TOCS), v.26 n.4, p.1-68, December 2008
Xiaofeng Wang , Zhuowei Li , Jong Youl Choi , Jun Xu , Michael K. Reiter , Chongkyung Kil, Fast and Black-box Exploit Detection and Signature Generation for Commodity Software, ACM Transactions on Information and System Security (TISSEC), v.12 n.2, p.1-35, December 2008
Prateek Saxena , Pongsin Poosankam , Stephen McCamant , Dawn Song, Loop-extended symbolic execution on binary programs, Proceedings of the eighteenth international symposium on Software testing and analysis, July 19-23, 2009, Chicago, IL, USA
Mohit Tiwari , Hassan M.G. Wassel , Bita Mazloom , Shashidhar Mysore , Frederic T. Chong , Timothy Sherwood, Complete information flow tracking from the gates up, ACM SIGPLAN Notices, v.44 n.3, March 2009
Stelios Sidiroglou , Oren Laadan , Carlos Perez , Nicolas Viennot , Jason Nieh , Angelos D. Keromytis, ASSURE: automatic software self-healing using rescue points, ACM SIGPLAN Notices, v.44 n.3, March 2009
Christopher Ferguson , Qijun Gu , Hongchi Shi, Self-healing control flow protection in sensor applications, Proceedings of the second ACM conference on Wireless network security, March 16-19, 2009, Zurich, Switzerland
Frank Akujobi , Ioannis Lambadaris , Evangelos Kranakis, An integrated approach to detection of fast and slow scanning worms, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Asia Slowinska , Herbert Bos, Pointless tainting?: evaluating the practicality of pointer tainting, Proceedings of the fourth ACM european conference on Computer systems, April 01-03, 2009, Nuremberg, Germany
Maysam Yabandeh , Nikola Knezevic , Dejan Kostic , Viktor Kuncak, CrystalBall: predicting and preventing inconsistencies in deployed distributed systems, Proceedings of the 6th USENIX symposium on Networked systems design and implementation, p.229-244, April 22-24, 2009, Boston, Massachusetts

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.5 Reliability
      D.4.7 Organization and Design
      D.4.8 Performance


General Terms:
Algorithms, Design, Measurement, Performance, Reliability, Security


Keywords:
control flow analysis, data flow analysis, self-certifying alerts, worm containment

Collaborative Colleagues:
Manuel Costa: colleagues
Jon Crowcroft: colleagues
Miguel Castro: colleagues
Antony Rowstron: colleagues
Lidong Zhou: colleagues
Lintao Zhang: colleagues
Paul Barham: colleagues
This Article has also been published in:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player