More Web Proxy on the site http://driver.im/

Article

Self-healing mechanisms for kernel system compromises

Authors:

Eric ColeAuthors Info & Claims

WOSS '04: Proceedings of the 1st ACM SIGSOFT workshop on Self-managed systems

Pages 100 - 104

https://doi.org/10.1145/1075405.1075425

Published: 31 October 2004 Publication History

Abstract

Increasing demands for reliability and dependability clash with the reality of escalating security compromises and vulnerability discoveries. Improvements in attack methodologies such as polymorphic viruses, tampering of source code repositories, and automation of distributed strikes are no match for the untimely detection and manual recovery practices used today. We present a run-time method to automate recovery from kernel level system compromises. It is capable of returning modified system call table addresses back to their original values, terminating hidden processes, removing hidden files, and blocking attacker traffic to hidden connections. Self-healing mechanisms such as this can be employed to create more reliable intrusion tolerant operating systems and applications. A working prototype has been implemented as a loadable kernel module on Linux, and can be easily enhanced for other operating systems.

References

[1]

Adore rootkit- http://www.t-teso.net/releases/adore-0.42.tgz

[2]

Avizienis, A., et al, The STAR (self testing and repairing) computer, an investigation of the theory and practice of fault tolerant computer design. IEEE Transactions on Comput., 20(11) 1971, 1312--1321.

Digital Library

[3]

Chkrootkit. Signature based rootkit detection implementation. http://www.chkrootkit.org.

[4]

{Esponda, F., Forrest, S., and Helman, P., A Formal Framework for Positive and Negative Detection Schemes. IEEE Transactions on System, Man, and Cybernetics, 34(1) 2004, 357--373.

Digital Library

[5]

Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T., A Sense of Self for Unix Processes, In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996, 120.

Digital Library

[6]

Garlan, D., Schmerl, B., Model-based Adaptation for Self-Healing Systems, In ACM SIGSOFT Workshop on Self-Managed Systems, 2002, 27--32.

Digital Library

[7]

Harrison, W., Heuston, G., Mocas, S., Morrissey, M., Richardson, J., High-tech forensics, Communications of the ACM, 47(7) 2004, 48--52.

Digital Library

[8]

Knight, J., Heimbigner, D., Wolf, A., Carzaniga, A., Hill, J., Devanbu, P., Gertz, M., The Willow Survivability Architecture, In Proceedings of the Fourth Information Survivability Workshop (ISW-2001), 2002, 18--20

[9]

Lewandowski, S., Van Hook, D., O'Leary, G., Haines, J., Rossey, L., SARA: Survivable Autonomic Response Architecture. DARPA Information Survivability Conference and Exposition, 1, 2001, 77--88

[10]

Liu, P., ITDB: An Attack Self-Healing Database System Prototype, In Proceedings of the DARPA Information Survivability Conference and Exposition, 2 2003, 131--133.

[11]

Ammann, P., Jajodia, S., Liu, Peng., Recovery from Malicious Transactions, In IEEE Transactions on Knowledge and Data Engineering, 14(5), 2002, 1167--1185.

Digital Library

[12]

Ring, S., Cole, E., Detecting and Dealing with New Rootkits. Sys Admin Magazine. September 2003.

[13]

Ring, S., Cole, E., Taking a Lesson From Stealthy Rootkits, IEEE Security & Privacy, 1(4), 2004, 38--45

Digital Library

[14]

Ring, S., Cole, E., Volatile Memory Forensics to Detect Kernel Level Compromise, to appear in ICICS 2004. Lecture Notes in Computer Science. Springer-Verlag, Berlin, Germany.

[15]

Somayaji, A., Hofmeyr, S., Forrest, S., Principles of a Computer Immune System, ACM New Security Paradigms Workshop, Charlottesville, VA, 1998, 75--82.

Digital Library

[16]

Tripwire. Change detection based rootkit identification implementation. http://www.tripwire.com.

[17]

Understanding the Immune System. http://www.niaid.nih.gov/publications/immune/the_immune_system.pdf.

[18]

Wu, T., A Passive Protected Self-Healing Mesh Network Architecture and Applications. IEEE/ACM Trans. on Networking, 2, 1 (Feb 1994), 49--52.

Digital Library

Cited By

Park JChandramohan PSuresh AGiordano JKwiat K(2013)Component survivability at runtime for mission-critical distributed systemsThe Journal of Supercomputing10.1007/s11227-012-0818-266:3(1390-1417)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/s11227-012-0818-2
Wei LYian ZChunyan MLongmei Z(2011)A Model Driven Approach for Self-Healing Computing SystemProceedings of the 2011 Seventh International Conference on Computational Intelligence and Security10.1109/CIS.2011.49(185-189)Online publication date: 3-Dec-2011
https://dl.acm.org/doi/10.1109/CIS.2011.49

Index Terms

Self-healing mechanisms for kernel system compromises

Recommendations

Application-defined scheduling in Ada
IRTAW '02: Proceedings of the 11th international workshop on Real-time Ada workshop

This paper presents an application program interface (API) that enables Ada applications to use application-defined scheduling algorithms in a way compatible with the scheduling model of the Ada 95 Real-Time Systems Annex. Several application-defined ...
Self-healing hardware systems: A review
Abstract
Self-healing is increasingly becoming a promising approach to designing reliable digital systems, and it refers to the ability of a system to detect faults or failures and fix them through healing or repairing. Digital systems with ...
Self-healing systems - survey and synthesis

As modern software-based systems and applications gain in versatility and functionality, the ability to manage inconsistent resources and service disparate user requirements becomes increasingly imperative. Furthermore, as systems increase in complexity,...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WOSS '04: Proceedings of the 1st ACM SIGSOFT workshop on Self-managed systems

October 2004

119 pages

ISBN:1581139896

DOI:10.1145/1075405

Editors:
David Garlan
Carnegie Mellon University
,
Jeff Kramer
Imperial College
,
Alexander Wolf
University of Colorado, University of Lugano

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

WOSS04

Sponsor:

SIGSOFT

WOSS04: Workshop on Self-Healing Systems [co-located with ACM SIGSOFT 2004 )

October 31 - November 1, 2004

California, Newport Beach

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
794
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)2

Reflects downloads up to 17 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Park JChandramohan PSuresh AGiordano JKwiat K(2013)Component survivability at runtime for mission-critical distributed systemsThe Journal of Supercomputing10.1007/s11227-012-0818-266:3(1390-1417)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/s11227-012-0818-2
Wei LYian ZChunyan MLongmei Z(2011)A Model Driven Approach for Self-Healing Computing SystemProceedings of the 2011 Seventh International Conference on Computational Intelligence and Security10.1109/CIS.2011.49(185-189)Online publication date: 3-Dec-2011
https://dl.acm.org/doi/10.1109/CIS.2011.49

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents