ABSTRACT
In this talk we will present two subprojects of Coral. The first is called
Sapo, which is a network-level approach that detects self-propagating agents.
Sapo uses a multi-primitive approach that combines primitive detection filters.
We show that filters can be combined in a fashion that greatly reduces false
positives without visibly increasing false negatives. We also show an adaptive
algorithm in a stream processing setting that allows Sapo to adapt to overload
situations.
In the second part of the talk, we present a new tool for automatic
intrusion detection and recovery against attacks that subvert program control.
Our approach uses a virtual machine execution engine, called Strata, to perform
dynamic transformations at runtime. We enforce a call sequence security policy
that detects incorrect control flow change. To recover from attacks, the
program state is restored and execution rolled back to the start of the
function that returned incorrectly. In the second round of execution, write
operations are monitored so that an out-of-bounds write is transformed into an
NOP operation. This is a type of failure oblivious computing, which allows
programs to continue executing after errors without memory corruption. Our
initial experiments show that buffer overflow attacks can be successfully
detected and recovered without affecting the results of normal program
execution.
BIOGRAPHY
Dr. Chenxi Wang is Associate Research Professor at Carnegie Mellon
University. Her research interests are in network security, and in particular,
the aspects of security that have to do with large scale systems. She is the
advisor of 5 Ph.D. students and the author of over 20 publications in security
and dependability. Starting May 2006, Dr. Wang will serve as the Principal
Scientist of KSR. Inc, while on leave from CMU.