research-article

Retroactive auditing

Authors:

Xi Wang,

Nickolai Zeldovich,

M. Frans KaashoekAuthors Info & Claims

APSys '11: Proceedings of the Second Asia-Pacific Workshop on Systems

Article No.: 9, Pages 1 - 5

https://doi.org/10.1145/2103799.2103810

Published: 11 July 2011 Publication History

Get Access

Abstract

Retroactive auditing is a new approach for detecting past intrusions and vulnerability exploits based on security patches. It works by spawning two copies of the code that was patched, one with and one without the patch, and running both of them on the same inputs observed during the system's original execution. If the resulting outputs differ, an alarm is raised, since the input may have triggered the patched vulnerability. Unlike prior tools, retroactive auditing does not require developers to write predicates for each vulnerability.

References

[1]

Apache httpd 2.2 vulnerabilities. http://httpd.apache.org/security/vulnerabilities_22.html.

Google Scholar

[2]

B. Chelf and A. Chou. Controlling software complexity. http://www.coverity.com/library/pdf/ControllingSoftwareComplexity.pdf, 2008.

Google Scholar

[3]

D. Gao, M. K. Reiter, and D. Song. BinHunt: Automatically finding semantic differences in binary programs. In Proceedings of the 10th International Conference on Information and Communications Security, Birmingham, UK, October 2008.

Digital Library

Google Scholar

[4]

E. R. Harold. Tip: Configure SAX parsers for secure processing. http://www.ibm.com/developerworks/xml/library/x-tipcfsx.html, 2005.

Google Scholar

[5]

A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen. Detecting past and present intrusions through vulnerability-specific predicates. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, Brighton, UK, October 2005.

Digital Library

Google Scholar

[6]

G. H. Kim and E. H. Spafford. The design and implementation of Tripwire: A file system integrity checker. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994.

Digital Library

Google Scholar

[7]

T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. Intrusion recovery using selective re-execution. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation, Vancouver, Canada, October 2010.

Digital Library

Google Scholar

[8]

C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, Chicago, IL, June 2005.

Digital Library

Google Scholar

[9]

D. Swan. comp.os.linux.security FAQ. http://www.linuxsecurity.com/docs/colsfaq.html, 2002.

Google Scholar

[10]

L. Torvalds. Re: {RANT} Linux-IrDA status. http://lkml.org/lkml/2000/11/8/1, 2000.

Google Scholar

[11]

J. Tucek, W. Xiong, and Y. Zhou. Efficient online validation with delta execution. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, Washington, DC, March 2009.

Digital Library

Google Scholar

Cited By

View all

Chen HKim TWang XZeldovich NKaashoek MFlinn JLevy H(2014)Identifying information disclosure in web applications with retroactive auditingProceedings of the 11th USENIX conference on Operating Systems Design and Implementation10.5555/2685048.2685092(555-569)Online publication date: 6-Oct-2014
https://dl.acm.org/doi/10.5555/2685048.2685092
Kim TChandra RZeldovich NVahdat AThekkath C(2012)Efficient patch-based auditing for web application vulnerabilitiesProceedings of the 10th USENIX conference on Operating Systems Design and Implementation10.5555/2387880.2387899(193-206)Online publication date: 8-Oct-2012
https://dl.acm.org/doi/10.5555/2387880.2387899
Kim TChandra RZeldovich NMoon S(2012)Recovering from intrusions in distributed systems with DAREProceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems10.5555/2387841.2387851(10-10)Online publication date: 23-Jul-2012
https://dl.acm.org/doi/10.5555/2387841.2387851
Show More Cited By

Index Terms

Retroactive auditing
1. General and reference
  1. Cross-computing tools and techniques
    1. Reliability
2. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
  2. Software organization and properties
    1. Extra-functional properties
      1. Software reliability

Recommendations

Wireless Security Auditing

Wireless security is concise on protecting the resources connected to the wireless network from unauthorized access. Wi-Fi Protected Access II (WPA2) is a predominant variety of cryptography based wireless security protocol, which is crafted to be ...
Nessus Network Auditing
JoanAudit: a tool for auditing common injection vulnerabilities
ESEC/FSE 2017: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

APSys '11: Proceedings of the Second Asia-Pacific Workshop on Systems

July 2011

97 pages

ISBN:9781450311793

DOI:10.1145/2103799

General Chairs:
Haibo Chen
Fudan University, China
,
Zheng Zhang
Microsoft Research Asia, China
,
Program Chairs:
Sue Moon
KAIST, Korea
,
Yuanyuan Zhou
University of California, San Diego, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 July 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Conference

APSys '11

Sponsor:

USENIX Assoc

APSys '11: Asia Pacific Workshop on Systems

July 11 - 12, 2011

Shanghai, China

Acceptance Rates

Overall Acceptance Rate 169 of 430 submissions, 39%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
94
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chen HKim TWang XZeldovich NKaashoek MFlinn JLevy H(2014)Identifying information disclosure in web applications with retroactive auditingProceedings of the 11th USENIX conference on Operating Systems Design and Implementation10.5555/2685048.2685092(555-569)Online publication date: 6-Oct-2014
https://dl.acm.org/doi/10.5555/2685048.2685092
Kim TChandra RZeldovich NVahdat AThekkath C(2012)Efficient patch-based auditing for web application vulnerabilitiesProceedings of the 10th USENIX conference on Operating Systems Design and Implementation10.5555/2387880.2387899(193-206)Online publication date: 8-Oct-2012
https://dl.acm.org/doi/10.5555/2387880.2387899
Kim TChandra RZeldovich NMoon S(2012)Recovering from intrusions in distributed systems with DAREProceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems10.5555/2387841.2387851(10-10)Online publication date: 23-Jul-2012
https://dl.acm.org/doi/10.5555/2387841.2387851
Kim TChandra RZeldovich N(2012)Recovering from intrusions in distributed systems with DAREProceedings of the Asia-Pacific Workshop on Systems10.1145/2349896.2349906(1-7)Online publication date: 23-Jul-2012
https://dl.acm.org/doi/10.1145/2349896.2349906

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Wireless Security Auditing

Nessus Network Auditing

JoanAudit: a tool for auditing common injection vulnerabilities