Shield

Wang, Helen J.; Guo, Chuanxiong; Simón, Daniel; Zugenmaier, Alf

doi:10.1145/1015467.1015489

Cited by 147 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In general, these techniques perform analysis of the application source code to generate a vulnerability-specific input filter that will detect inputs that could reach the specified vulnerability. Some proposals detect and drop such inputs [26], [34], [53], [57], while others convert malicious inputs into benign inputs [33], [46].…”

Section: Related Workmentioning

confidence: 99%

“…In contrast, Talos works on arbitrary internal functions in an application, and thus must infer error paths and values since it does not assume they are specified. Shields [57] uses statically extracted information to generate network filters, which then drop the network packets that might potentially trigger a vulnerability. Finally, SOAP heuristically converts malicious inputs into benign inputs [33] so that an application can still return partial (though sometimes inconsistent) results.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response

Huang

D'Angelo

Miyani

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

There is often a considerable delay between the discovery of a vulnerability and the issue of a patch. One way to mitigate this window of vulnerability is to use a configuration workaround, which prevents the vulnerable code from being executed at the cost of some lost functionality -but only if one is available. Since application configurations are not specifically designed to mitigate software vulnerabilities, we find that they only cover 25.2% of vulnerabilities.To minimize patch delay vulnerabilities and address the limitations of configuration workarounds, we propose Security Workarounds for Rapid Response (SWRRs), which are designed to neutralize security vulnerabilities in a timely, secure, and unobtrusive manner. Similar to configuration workarounds, SWRRs neutralize vulnerabilities by preventing vulnerable code from being executed at the cost of some lost functionality. However, the key difference is that SWRRs use existing error-handling code within applications, which enables them to be mechanically inserted with minimal knowledge of the application and minimal developer effort. This allows SWRRs to achieve high coverage while still being fast and easy to deploy.We have designed and implemented Talos, a system that mechanically instruments SWRRs into a given application, and evaluate it on five popular Linux server applications. We run exploits against 11 real-world software vulnerabilities and show that SWRRs neutralize the vulnerabilities in all cases. Quantitative measurements on 320 SWRRs indicate that SWRRs instrumented by Talos can neutralize 75.1% of all potential vulnerabilities and incur a loss of functionality similar to configuration workarounds in 71.3% of those cases. Our overall conclusion is that automatically generated SWRRs can safely mitigate 2.1× more vulnerabilities, while only incurring a loss of functionality comparable to that of traditional configuration workarounds.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response

Huang

D'Angelo

Miyani

et al. 2016

2016 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

PWC: a proactive worm containment solution for enterprise networks

Jhi

Liu

et al. 2009

Security Comm Networks

View full text Add to dashboard Cite

We propose PWC, a proactive worm containment solution for enterprises. PWC can stop-instead of just slow down-an infected host from releasing worm scans as early as after merely four scans. Motivated by the observation that a worm uses a sustained outgoing packet rate, PWC gains infection awareness seconds before a signature or filter can be generated. To overcome denial-of-service possibly caused by such characteristic indicators of infection, PWC develops two new white detection (detecting who are uninfected) techniques: (a) the vulnerability time window lemma, and (b) the relaxation analysis. PWC does not rely on contents-based signatures thus it can defend against polymorphic worms timely in containment. PWC is also resilient to containment evading. PWC is not sensitive to worm scan rate, and not protocol specific. Due to white detection, PWC causes minimal denial-of-service. Evaluation based on real traces and worm simulations demonstrates that PWC significantly outperforms Virus Throttle in terms of number of released worm scans, number of hosts infected by local scans, and denial-of-service effects. Copyright

show abstract

Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities

Crandall

Chong

2005

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

Shield

Cited by 147 publications

References 20 publications

Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response

Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response

PWC: a proactive worm containment solution for enterprise networks

Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities

Contact Info

Product

Resources

About