中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Subject: Computer Science ; Engineering
Title:
peda: comprehensive damage assessment for production environment server systems
Author: Zhang Shengzhi ; Jia Xiaoqi ; Liu Peng ; Jing Jiwu
Keyword: Computer simulation
Source: IEEE Transactions on Information Forensics and Security
Issued Date: 2011
Volume: 6, Issue:4, Pages:1323-1334
Indexed Type: EI ; SCI
Department: (1) Department of Computer Science and Engineering Pennsylvania State University University Park PA 16802 United States; (2) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China; (3) College of Information Sciences and Technology Pennsylvania State University University Park PA 16802 United States; (4) State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing 100049 China
Sponsorship: AFOSRFA9550-07-1-0527; AROW911NF-09-1-0525; NSFCNS-0905131; AFRLFA8750-08-C-0137; NSFC61073179
Abstract: Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE.
English Abstract: Analyzing the intrusion to production servers is an onerous and error-prone work for system security technicians. Existing tools or techniques are quite limited. For instance, system events tracking lacks completeness of intrusion propagation, while dynamic taint tracking is not feasible to be deployed due to significant runtime overhead. Thus, we propose production environment damage assessment (PEDA), a systematic approach to do postmortem intrusion analysis for production workload servers. PEDA replays the has-been-infected execution with high fidelity on a separate analyzing instrumentation platform to conduct the heavy workload analysis. Though the replayed execution runs atop the instrumentation platform (i.e., binary-translation-based virtual machine), PEDA allows the first-run execution to run atop the hardware-assisted virtual machine to ensure minimum runtime overhead. Our evaluation demonstrates the efficiency of the PEDA system with a runtime overhead as low as 5%. The real-life intrusion studies show the advantage of PEDA intrusion analysis over existing techniques. © 2006 IEEE.
Language: 英语
WOS ID: WOS:000297344200012
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16067
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Zhang Shengzhi,Jia Xiaoqi,Liu Peng,et al. peda: comprehensive damage assessment for production environment server systems[J]. IEEE Transactions on Information Forensics and Security,2011-01-01,6(4):1323-1334.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Zhang Shengzhi]'s Articles
[Jia Xiaoqi]'s Articles
[Liu Peng]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Zhang Shengzhi]‘s Articles
[Jia Xiaoqi]‘s Articles
[Liu Peng]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace