中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 2010软件所会议论文
题名:
cross-layer comprehensive intrusion harm analysis for production workload server systems
作者: Zhang Shengzhi ; Jia Xiaoqi ; Liu Peng ; Jing Jiwu
会议文集: Proceedings - Annual Computer Security Applications Conference, ACSAC
会议名称: 26th Annual Computer Security Applications Conference, ACSAC 2010
会议日期: 40883
出版日期: 2010
会议地点: Austin, TX, United states
关键词: Computer simulation ; Instruments ; Security systems ; Servers
出版地: United States
收录类别: ei
ISSN: 10639527
ISBN: 9781450000000
部门归属: (1) Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, United States; (2) State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, China; (3) College of Information Sciences and Technology, Pennsylvania State University, University Park, PA, United States; (4) State Key Laboratory of Information Security, Graduate University, Chinese Academy of Sciences, China
主办者: Applied Computer Security Associates (ACSA)
英文摘要: Analyzing the (harm of) intrusion to enterprise servers is an onerous and error-prone work. Though dynamic taint tracking enables automatic fine-grained intrusion harm analysis for enterprise servers, the significant runtime overhead introduced is generally intolerable in the production workload environment. Thus, we propose PEDA (Production Environment Damage Analysis) system, which decouples the onerous analysis work from the online execution of the production servers. Once compromised, the "has-been-infected" execution is analyzed during high fidelity replay on a separate instrumentation platform. The replay is implemented based on the heterogeneous virtual machine migration. The servers' online execution runs atop fast hardware-assisted virtual machines (such as Xen for near native speed), while the infected execution is replayed atop binary instrumentation virtual machines (such as Qemu for the implementation of taint analysis). From identified intrusion symptoms, PEDA is capable of locating the fine-grained taint seed by integrating the backward system call dependency tracking and one-step-forward taint information flow auditing. Started with the fine-grained taint seed, PEDA applies dynamic taint analysis during the replayed execution. Evaluation demonstrates the efficiency of PEDA system with runtime overhead as low as 5%. The real-life intrusion studies successfully show the comprehensiveness and the precision of PEDA's intrusion harm analysis. © 2010 ACM.
语种: 英语
内容类型: 会议论文
URI标识: http://ir.iscas.ac.cn/handle/311060/8712
Appears in Collections:中科院软件所图书馆_2010软件所会议论文

Files in This Item:
File Name/ File Size Content Type Version Access License
p297-zhang.pdf(1069KB)----限制开放-- 联系获取全文

Recommended Citation:
Zhang Shengzhi,Jia Xiaoqi,Liu Peng,et al. cross-layer comprehensive intrusion harm analysis for production workload server systems[C]. 见:26th Annual Computer Security Applications Conference, ACSAC 2010. Austin, TX, United states. 40883.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Zhang Shengzhi]'s Articles
[Jia Xiaoqi]'s Articles
[Liu Peng]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Zhang Shengzhi]‘s Articles
[Jia Xiaoqi]‘s Articles
[Liu Peng]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace