| cross-layer comprehensive intrusion harm analysis for production workload server systems | |
| Zhang Shengzhi; Jia Xiaoqi; Liu Peng; Jing Jiwu | |
| 2010 | |
| 会议名称 | 26th Annual Computer Security Applications Conference, ACSAC 2010 |
| 会议录名称 | Proceedings - Annual Computer Security Applications Conference, ACSAC |
| 页码 | 297-306 |
| 会议日期 | 40883 |
| 会议地点 | Austin, TX, United states |
| 收录类别 | ei |
| 出版地 | United States |
| ISSN | 10639527 |
| ISBN | 9781450000000 |
| 部门归属 | (1) Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, United States; (2) State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, China; (3) College of Information Sciences and Technology, Pennsylvania State University, University Park, PA, United States; (4) State Key Laboratory of Information Security, Graduate University, Chinese Academy of Sciences, China |
| 摘要 | Analyzing the (harm of) intrusion to enterprise servers is an onerous and error-prone work. Though dynamic taint tracking enables automatic fine-grained intrusion harm analysis for enterprise servers, the significant runtime overhead introduced is generally intolerable in the production workload environment. Thus, we propose PEDA (Production Environment Damage Analysis) system, which decouples the onerous analysis work from the online execution of the production servers. Once compromised, the "has-been-infected" execution is analyzed during high fidelity replay on a separate instrumentation platform. The replay is implemented based on the heterogeneous virtual machine migration. The servers' online execution runs atop fast hardware-assisted virtual machines (such as Xen for near native speed), while the infected execution is replayed atop binary instrumentation virtual machines (such as Qemu for the implementation of taint analysis). From identified intrusion symptoms, PEDA is capable of locating the fine-grained taint seed by integrating the backward system call dependency tracking and one-step-forward taint information flow auditing. Started with the fine-grained taint seed, PEDA applies dynamic taint analysis during the replayed execution. Evaluation demonstrates the efficiency of PEDA system with runtime overhead as low as 5%. The real-life intrusion studies successfully show the comprehensiveness and the precision of PEDA's intrusion harm analysis. © 2010 ACM. |
| 关键词 | Computer Simulation Instruments Security Systems Servers |
| 主办者 | Applied Computer Security Associates (ACSA) |
| 语种 | 英语 |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/8712 |
| 专题 | 2010软件所会议论文 |
| 推荐引用方式 GB/T 7714 | Zhang Shengzhi,Jia Xiaoqi,Liu Peng,et al. cross-layer comprehensive intrusion harm analysis for production workload server systems[C]. United States,2010:297-306. |
| 条目包含的文件 | ||||||
| 文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
| p297-zhang.pdf(1069KB) | 限制开放 | -- | 请求全文 | |||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论