Towards Self-Protecting Enterprise Applications

Lorenzoli, Davide; Mariani, Leonardo; Pezzè, Mauro

doi:10.1109/issre.2007.21

Cited by 17 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FFTV (From Failures to Vaccine) [28] infers invariants that model normal behavior. At run time, violations of a programmer-written specification cause FFTV to record a "failure context", consisting of violated invariants and the stack backtrace.…”

Section: Invariant Inference and Immunitymentioning

confidence: 99%

Automatically patching errors in deployed software

Perkins

Kim

Larsen

et al. 2009

Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles

315

274

View full text Add to dashboard Cite

We present ClearView, a system for automatically patching errors in deployed software. ClearView works on stripped Windows x86 binaries without any need for source code, debugging information, or other external information, and without human intervention.ClearView (1) observes normal executions to learn invariants that characterize the application's normal behavior, (2) uses error detectors to monitor the execution to detect failures, (3) identifies violations of learned invariants that occur during failed executions, (4) generates candidate repair patches that enforce selected invariants by changing the state or the flow of control to make the invariant true, and (5) observes the continued execution of patched applications to select the most successful patch.ClearView is designed to correct errors in software with high availability requirements. Aspects of ClearView that make it particularly appropriate for this context include its ability to generate patches without human intervention, to apply and remove patches in running applications without requiring restarts or otherwise perturbing the execution, and to identify and discard ineffective or damaging patches by evaluating the continued behavior of patched applications.In a Red Team exercise, ClearView survived attacks that exploit security vulnerabilities. A hostile external Red Team developed ten code-injection exploits and used these exploits to repeatedly attack an application protected by ClearView. ClearView detected and blocked all of the attacks. For seven of the ten exploits, ClearView automatically generated patches that corrected the error, enabling the application to survive the attacks and successfully process subsequent inputs. The Red Team also attempted to make ClearView apply an undesirable patch, but ClearView's patch evaluation mechanism enabled ClearView to identify and discard both ineffective patches and damaging patches.

show abstract

Section: Invariant Inference and Immunitymentioning

confidence: 99%

Automatically patching errors in deployed software

Perkins

Kim

Larsen

et al. 2009

Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles

315

274

View full text Add to dashboard Cite

show abstract

“…Common techniques include check-pointing and rollback, roll-forward and reboot. Checkpointing and rollback mechanisms [Elnozahy et al 2002;Pradhan and Vaidya 1994] partially rollback the system to a consistent state, and retry the failed operation either as is or after some changes to increase the probability of success [Qin et al 2005;Lorenzoli et al 2007]. Roll-forward mechanisms react to failures by continuing the execution from the "closest" known consistent state in the future [Pradhan and Vaidya 1994].…”

Section: Error-recovery Strategiesmentioning

confidence: 99%

Exception handlers for healing component-based systems

Chang

Mariani

Pezzè

2013

ACM Trans. Softw. Eng. Methodol.

Self Cite

View full text Add to dashboard Cite

To design effective exception handlers, developers must predict at design time the exceptional events that may occur at runtime, and must implement the corresponding handlers on the basis of their predictions. Designing exception handlers for component-based software systems is particularly difficult because the information required to build handlers is distributed between component and application developers. Component developers know the internal details of the components but ignore the applications, while application developers own the applications but cannot access the details required to implement handlers in components.This article addresses the problem of automatically healing the infield failures that are caused by faulty integration of OTS components. In the article, we propose a technique and a methodology to decouple the tasks of component and application developers, who will be able to share information asynchronously and independently, and communicate implicitly by developing and deploying what we call healing connectors. Component developers implement healing connectors on the basis of information about the integration problems frequently experienced by application developers. Application developers easily and safely install healing connectors in their applications without knowing the internal details of the connectors. Healing connectors heal failures activated by exceptions raised in the OTS components actually deployed in the system.The article defines healing connectors, introduces a methodology to develop and deploy healing connectors, and presents several case studies that indicate that healing connectors are effective, reusable and efficient.

show abstract

“…Although this resembles our technique, in the aspect of monitoring execution events, its dependence on examining application code and manually devising the signature pattern restrict its usability. Another comparable approach is given in [19], where attacks/failures are prevented by looking for failure-inducing execution contexts. Basically, conditions over program variables are identified and are expected to hold during application run-time.…”

Section: Related Workmentioning

confidence: 99%

Intrusion detection using signatures extracted from execution profiles

El-Ghali

Masri

2009

2009 ICSE Workshop on Software Engineering for Secure Systems

View full text Add to dashboard Cite

An application based intrusion detection system is a security mechanism designed to detect malicious behavior that could compromise the security of a software application. Our aim is to develop such a system that operates on signatures extracted from execution profiles. These signatures are not descriptions of exploits, but instead are descriptions of the program conditions that lead to the exploitation of software vulnerabilities, i.e., they depend on the structure of the vulnerabilities themselves.A program vulnerability is generally induced by the execution of a combination of program statements. In this work we first analyze the execution profiles of a subject application in order to identify such suspicious combinations and consequently extract and define their corresponding signatures. Then, we insert probes in select locations in the application to enable online signature matching.To evaluate our technique, we implemented it for Java programs and applied it on Tomcat 3.0 in order to detect well-known attacks. Our results were promising, as no false negatives and a maximum of 4.5% false positives were observed, and the runtime overhead was less than 5%.

show abstract

Towards Self-Protecting Enterprise Applications

Cited by 17 publications

References 25 publications

Automatically patching errors in deployed software

Automatically patching errors in deployed software

Exception handlers for healing component-based systems

Intrusion detection using signatures extracted from execution profiles

Contact Info

Product

Resources

About