Countering network worms through automatic patch generation

To counter zero-day worms that exploit software flaws such as buffer overflows, this end-point architecture uses source code transformations to automatically create and test software patches for vulnerable segments of targeted applications.

[1]  John Brunner,et al.  Shockwave Rider , 1975 .

[2]  Eleazar Eskin,et al.  MET: an experimental system for Malicious Email Tracking , 2002, NSPW '02.

[3]  Christopher Kruegel,et al.  Connection-History Based Anomaly Detection , 2002 .

[4]  Steve Chien,et al.  A First Look at Peer-to-Peer Worms: Threats and Defenses , 2005, IPTPS.

[5]  Jonathan D. Pincus,et al.  Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.

[6]  Navjot Singh,et al.  Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[7]  George Varghese,et al.  Automated Worm Fingerprinting , 2004, OSDI.

[8]  Angelos D. Keromytis,et al.  A Dynamic Mechanism for Recovering from Buffer Overflow Attacks , 2005, ISC.

[9]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[10]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[11]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[12]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[13]  Scott Devine,et al.  Using the SimOS machine simulator to study complex computer systems , 1997, TOMC.

[14]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[15]  Crispin Cowan,et al.  FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.

[16]  Diomidis Spinellis,et al.  Reliable identification of bounded-length viruses is NP-complete , 2003, IEEE Trans. Inf. Theory.

[17]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[18]  Douglas Kilpatrick,et al.  Privman: A Library for Partitioning Applications , 2003, USENIX Annual Technical Conference, FREENIX Track.

[19]  Karl N. Levitt,et al.  The design and implementation of an intrusion tolerant system , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  Donald F. Towsley,et al.  Monitoring and early warning for internet worms , 2003, CCS '03.

[21]  Helen J. Wang,et al.  Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM 2004.

[22]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[23]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[24]  Eric Rescorla Security Holes . . . Who Cares? , 2003, USENIX Security Symposium.

[25]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[26]  John F. Shoch,et al.  The “worm” programs—early experience with a distributed computation , 1982, CACM.

[27]  Karl N. Levitt,et al.  Buttercup: on network-based detection of polymorphic buffer overflow vulnerabilities , 2004, 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507).

[28]  Steve J. Chapin,et al.  Type-Assisted Dynamic Buffer Overflow Detection , 2002, USENIX Security Symposium.

[29]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[30]  Karl N. Levitt,et al.  A hybrid quarantine defense , 2004, WORM '04.

[31]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[32]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[33]  Beng-Hong Lim,et al.  Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor , 2001, USENIX Annual Technical Conference, General Track.

[34]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[35]  Stefan Savage,et al.  The Spread of the Sapphire/Slammer Worm , 2003 .

[36]  Karl N. Levitt,et al.  The design and implementation of an intrusion tolerant system , 2002, Proceedings International Conference on Dependable Systems and Networks.

[37]  Brian Chess,et al.  Improving computer security using extended static checking , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[38]  James C. Reynolds,et al.  On-line intrusion detection and attack prevention using diversity, generate-and-test, and generalization , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[39]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[40]  Matthew C. Elder,et al.  On computer viral infection and the effect of immunization , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[41]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[42]  John Wilander,et al.  A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention , 2003, NDSS.

[43]  Diomidis Spinellis,et al.  Sandboxing Applications , 2001, USENIX Annual Technical Conference, FREENIX Track.

[44]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[45]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[46]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[47]  Keith Marzullo,et al.  A new model for availability in the face of self-propagating attacks , 1998, NSPW '98.

[48]  Vern Paxson,et al.  The top speed of flash worms , 2004, WORM '04.

[49]  Marianne Shaw,et al.  Scale and performance in the Denali isolation kernel , 2002, OSDI '02.

[50]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[51]  Vern Paxson,et al.  Proceedings of the 13th USENIX Security Symposium , 2022 .

[52]  Matthew M. Williamson,et al.  Implementing and Testing a Virus Throttle , 2003, USENIX Security Symposium.

[53]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[54]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[55]  Jonathan M. McCune,et al.  A study of mass-mailing worms , 2004, WORM '04.

[56]  Tal Garfinkel,et al.  Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools , 2003, NDSS.

[57]  Christopher Krügel,et al.  Static Disassembly of Obfuscated Binaries , 2004, USENIX Security Symposium.

[58]  Matt Bishop,et al.  A Flexible Containment Mechanism for Executing Untrusted Code , 2002, USENIX Security Symposium.

[59]  Neal Leavitt,et al.  Mobile phones: the next frontier for hackers? , 2005, Computer.

[60]  Jun Li,et al.  Resilient self-organizing overlay networks for security update delivery , 2004, IEEE Journal on Selected Areas in Communications.

[61]  Michael Shuey,et al.  StackGhost: Hardware Facilitated Stack Protection , 2001, USENIX Security Symposium.

[62]  Sanjay Goel,et al.  Biological Models of Security for Virus Propagation in Computer Networks , 2004, login Usenix Mag..

[63]  Todd M. Austin,et al.  High Coverage Detection of Input-Related Security Faults , 2003, USENIX Security Symposium.

[64]  Daniel R. Ellis,et al.  A behavioral approach to worm detection , 2004, WORM '04.

[65]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[66]  Elias Levy Crossover: Online Pests Plaguing the Offline World , 2003, IEEE Secur. Priv..

[67]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[68]  Jiang Wu,et al.  An Effective Architecture and Algorithm for Detecting Worms with Various Scan , 2004, NDSS.

[69]  James E. Just,et al.  Review and analysis of synthetic diversity for breaking monocultures , 2004, WORM '04.

[70]  David Brumley,et al.  Privtrans: Automatically Partitioning Programs for Privilege Separation , 2004, USENIX Security Symposium.

[71]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[72]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[73]  Sotiris Ioannidis,et al.  Sub-operating systems: a new approach to application security , 2002, EW 10.

[74]  James C. Reynolds,et al.  On-line Intrusion Protection by Detecting Attacks with Diversity , 2002, DBSec.

[75]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[76]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[77]  Andrew Schultz,et al.  OPUS: Online Patches and Updates for Security , 2005, USENIX Security Symposium.

[78]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[79]  Guofei Gu,et al.  HoneyStat: Local Worm Detection Using Honeypots , 2004, RAID.

[80]  Giovanni Vigna,et al.  Testing network-based intrusion detection signatures using mutant exploits , 2004, CCS '04.

[81]  S. Bellovin Distributed Firewalls , 1994 .

[82]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[83]  Robert Stone,et al.  A Snapshot of Global Internet Worm Activity , 2001 .

[84]  Todd C. Miller,et al.  strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation , 1999, USENIX Annual Technical Conference, FREENIX Track.

[85]  Hiroshi Toyoizumi,et al.  Predators: good will mobile codes combat against computer viruses , 2002, NSPW '02.

[86]  David A. Wagner,et al.  Model Checking One Million Lines of C Code , 2004, NDSS.

[87]  Murali S. Kodialam,et al.  Detecting network intrusions via sampling: a game theoretic approach , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[88]  Karl N. Levitt,et al.  Learning Unknown Attacks - A Start , 2002, RAID.

[89]  Niels Provos,et al.  Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[90]  Jintao Xiong,et al.  ACT: attachment chain tracing scheme for email virus detection and control , 2004, WORM '04.

[91]  Matthew M. Williamson,et al.  Throttling viruses: restricting propagation to defeat malicious mobile code , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[92]  Tal Garfinkel,et al.  Ostia: A Delegating Architecture for Secure System Call Interposition , 2004, NDSS.

[93]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[94]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[95]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[96]  Jun Xu,et al.  WORM vs. WORM: preliminary study of an active counter-attack mechanism , 2004, WORM '04.

[97]  David A. Wagner,et al.  Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.

[98]  Stuart E. Schechter,et al.  Fast Detection of Scanning Worm Infections , 2004, RAID.

[99]  Angelos D. Keromytis,et al.  Building a Reactive Immune System for Software Services , 2005, USENIX Annual Technical Conference, General Track.

[100]  Peter Szor,et al.  HUNTING FOR METAMORPHIC , 2001 .

[101]  Andrew J. Malton,et al.  The Denotational Semantics of a Functional Tree-Manipulation Language , 1993, Comput. Lang..

[102]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[103]  Tzi-cker Chiueh,et al.  A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.

[104]  John Wilander,et al.  A Comparison of Publicly Available Tools for Static Intrusion Prevention , 2002 .

[105]  Daniel C. DuVarney,et al.  Model-carrying code: a practical approach for safe execution of untrusted applications , 2003, SOSP '03.

[106]  Karl N. Levitt,et al.  Cooperative response strategies for large scale attack mitigation , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[107]  Paul H. J. Kelly,et al.  Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.