Đang chuẩn bị liên kết để tải về tài liệu:
Vigilante: End-to-End Containment of Internet Worms

Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ

Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-toend approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate. | Vigilante End-to-End Containment of Internet Worms Manuel Costa1 2 Jon Crowcroft1 Miguel Castro2 Antony Rowstron2 Lidong Zhou3 Lintao Zhang3 and Paul Barham2 University of Cambridge Computer Laboratory Cambridge UK 2Microsoft Research Cambridge UK 3Microsoft Research Silicon Valley CA USA Manuel.Costa Jon.Crowcroft @cl.cam.ac.uk manuelc mcastro antr lidongz lintaoz pbar @microsoft.com ABSTRACT Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts SCAs upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic. Categories and Subject Descriptors D.4.6 Operating Systems Security and Protection D.4.5 Operating Systems Reliability D.4.8 Operating Systems Performance D.4.7 Operating Systems Organization and Design General Terms Security Reliability Performance Algorithms Design Measurement Keywords Worm containment Data flow analysis Control flow analysis Self-certifying alerts Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies .

TÀI LIỆU LIÊN QUAN