Sciweavers

NOMS
2008
IEEE

Bezoar: Automated virtual machine-based full-system recovery from control-flow hijacking attacks

14 years 6 months ago
Bezoar: Automated virtual machine-based full-system recovery from control-flow hijacking attacks
Abstract—System availability is difficult for systems to maintain in the face of Internet worms. Large systems have vulnerabilities, and if a system attempts to continue operation after an attack, it may not behave properly. Traditional mechanisms for detecting attacks disrupt service and current recovery approaches are application-based and cannot guarantee recovery in the face of exploits that corrupt the kernel, involve multiple processes or target multithreaded network services. This paper presents Bezoar, an automated full-system virtual machine-based approach to recover from zero-day control-flow hijacking attacks. Bezoar tracks down the source of network bytes in the system and after an attack, replays the checkpointed run while ignoring inputs from the malicious source. We evaluated our proof-of-concept prototype on six notorious exploits for Linux and Windows. In all cases, it recovered the full system state and resumed execution. Bezoar incurs low overhead to the virtual ...
Daniela A. S. de Oliveira, Jedidiah R. Crandall, G
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where NOMS
Authors Daniela A. S. de Oliveira, Jedidiah R. Crandall, Gary Wassermann, Shaozhi Ye, Shyhtsun Felix Wu, Zhendong Su, Frederic T. Chong
Comments (0)