Download
1 / 5
50 likes | 78 Views
This study by Ashlesha Joshi and Peter M. Chen from the University of Michigan on December 7, 2004, explores detecting and addressing vulnerabilities using VM replay and introspection techniques. Learn how to detect triggers of vulnerabilities and effectively patch systems. Find out how to reduce the window of vulnerability during which exploits are possible using prompt techniques. Discover the importance of examining system states to identify vulnerabilities and apply patches effectively.
E N D
The ghost of intrusions past Ashlesha Joshi Peter M. Chen University of Michigan 7 December 2004
Vulnerability Introduced Vulnerability Discovered Vulnerability Patched Vulnerability Patched Motivation time • Red time interval: window of vulnerability during which exploit is possible • Prompt patching makes this interval smaller, but cannot eliminate it • What to do in what’s left of window of vulnerability?
Vulnerability Introduced Vulnerability Discovered Vulnerability Patched Solution • Use VM replay and VM introspection to detect the triggering of a vulnerability • As machine replays, examine its state to determine if vulnerability gets triggered time
Example • Consider a race condition: • Predicate: (v does not satisfy the condition at line 4) • Who writes the predicate? 1 if (variable v does not satisfy condition) 2 return error 3 Do other stuff 4 Use variable v // condition not rechecked
Vulnerability Introduced Vulnerability Discovered Patch Applied Patch Available Summary and Status • Can use same VM introspection technique during live execution, not just replay • Already can write and evaluate predicates for kernel bugs • Currently extending to work for application bugs too time
