ABSTRACT

In this talk we will present two subprojects of Coral. The first is called Sapo, which is a network-level approach that detects self-propagating agents. Sapo uses a multi-primitive approach that combines primitive detection filters. We show that filters can be combined in a fashion that greatly reduces false positives without visibly increasing false negatives. We also show an adaptive algorithm in a stream processing setting that allows Sapo to adapt to overload situations.

In the second part of the talk, we present a new tool for automatic intrusion detection and recovery against attacks that subvert program control. Our approach uses a virtual machine execution engine, called Strata, to perform dynamic transformations at runtime. We enforce a call sequence security policy that detects incorrect control flow change. To recover from attacks, the program state is restored and execution rolled back to the start of the function that returned incorrectly. In the second round of execution, write operations are monitored so that an out-of-bounds write is transformed into an NOP operation. This is a type of failure oblivious computing, which allows programs to continue executing after errors without memory corruption. Our initial experiments show that buffer overflow attacks can be successfully detected and recovered without affecting the results of normal program execution.

BIOGRAPHY

Dr. Chenxi Wang is Associate Research Professor at Carnegie Mellon University. Her research interests are in network security, and in particular, the aspects of security that have to do with large scale systems. She is the advisor of 5 Ph.D. students and the author of over 20 publications in security and dependability. Starting May 2006, Dr. Wang will serve as the Principal Scientist of KSR. Inc, while on leave from CMU.