Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Welcome.

Slides:

Advertisements

Similar presentations

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Advertisements

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Project Management Shuffle Directions: take the definitions from the following cards and write a song using the tune from “Cupid Shuffle”

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

SSP Re-hosting System Development: CLBM Overview and Module Recognition SSP Team Department of ECE Stevens Institute of Technology Presented by Hongbing.

Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael Ernst, Jake Cockrell, William Griswold, David Notkin Presented by.

Cumulative Violation For any window size  t  Communication-Efficient Tracking for Distributed Cumulative Triggers Ling Huang* Minos Garofalakis.

Michael Ernst, page 1 Improving Test Suites via Operational Abstraction Michael Ernst MIT Lab for Computer Science Joint.

Code Generation from CHARON Rajeev Alur, Yerang Hur, Franjo Ivancic, Jesung Kim, Insup Lee, and Oleg Sokolsky University of Pennsylvania.

Task Scheduler Pro Managing scheduled tasks across the enterprise Joe Vachon Sales Engineer.

LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Success status, page 1 Collaborative learning for security and repair in application communities MIT & Determina AC PI meeting July 10, 2007 Milestones.

A NASSCOM ® Initiative DSCI-KPMG Survey 2010 State Of Data Security and Privacy in the Indian Banking Industry Vinayak Godse Director- Data Protection,

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

Created by the Community for the Community BizTalk & Build.

Microsoft Windows Vista “Longhorn” Client Operating System

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.

Pushing the Security Boundaries of Ubiquitous Computing ACSF 2006 —————— 13 th July 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

Investigating Trust Factors in Computer Mediated Group Collaboration Xusen Cheng Manchester Business School The University of Manchester, UK.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Self-defending software: Automatically patching security vulnerabilities Michael Ernst University of Washington.

™ ™ © 2006, KDM Analytics Software Assurance Ecosystem and its Applications Djenana Campara Chief Executive Officer, KDM Analytics Board Director, Object.

Learning, Monitoring, and Repair in Application Communities Martin Rinard Computer Science and Artificial Intelligence Laboratory Massachusetts Institute.

The NEIGHBORHOODS NETWORK TASK FORCES Do the nitty-gritty work specified by the neighborhood 2.Responsible only to the neighborhood 3.Given a “charter,”

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Roberto Paleari,Università degli Studi di Milano Lorenzo Martignoni,Università degli Studi di Udine Emanuele Passerini,Università degli Studi di Milano.

Determina DARPA PI meeting Page 2Confidential © Determina, Inc. Agenda LiveShield –Product and Technology –Current Status Applications to Application.

Self-defending software: Automatically patching errors in deployed software Michael Ernst University of Washington Joint work with: Saman Amarasinghe,

1 Application Communities Kick-off Meeting Arlington, Virginia July 7, 2006.

High-integrity Sensor Networks Mani Srivastava UCLA.

Application Recognition Sam Larsen Determina. Process Control One method to improve computer security is through process control  Whitelist: user specifies.

Meeting Minutes and TODOs TG has no distributed monitoring. During incident response, use a manual twiki page to distribute information TG monitors the.

1 Lee Badger Information Processing Technology Office Defense Advanced Research Projects Agency Self-Regenerative Systems PM Welcome Dec. 14, 2005.

INFSO-RI Enabling Grids for E-sciencE ARDA Experiment Dashboard Ricardo Rocha (ARDA – CERN) on behalf of the Dashboard Team.

Application Communities Phase II Technical Progress, Instrumentation, System Design, Plans March 10, 2009.

WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

Shakeel Rutgers University Vinod Rutgers University Michael M. University of Wisconsin-Madison Chih-Cheng Rutgers University.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Self-defending software: Collaborative learning for security and repair Michael Ernst MIT Computer Science & AI Lab.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29-May 1, 2013 Detecting Code Reuse Attacks Using Dyninst Components Emily Jacobson, Drew.

Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

Human Factors Progress IDS Project Nicholas Ward Jason Laberge Mick Rakauskas HumanFIRST Program.

MIT/Determina Application Communities, page 1 Approved for Public Release, Distribution Unlimited - Case 9649 Collaborative learning for security and repair.

Best detection scheme achieves 100% hit detection with

Michael Ernst, page 1 Application Communities: Next steps MIT & Determina October 2006.

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.

1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.

Managing Microsoft SQL 2000 with MOM MOM Overview Why Monitor SMS 2003 with MOM 2005 The SMS 2003 Management Pack Inside The Management Pack Best.

DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

A statistical anomaly-based algorithm for on-line fault detection in complex software critical systems A. Bovenzi – F. Brancati Università degli Studi.

Joshua Garcia Institute for Software Research

Application Communities

A Virtual Tour of SophosLabs Building next-generation protection

Configuration Fuzzing for Software Vulnerability Detection

Overview Firefox exploit Instrumentation: Finding values

SoK: Automated Software Diversity

CSC-682 Advanced Computer Security

Outline System architecture Current work Experiments Next Steps

Detecting Attacks Against Robotic Vehicles:

Presentation transcript:

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Welcome

Why use a community? Increased accuracy: richer learning Amortized risk: learn from failure Shared burden: distribute tasks

Community approach 1. Monitor behavior for learning 2. Detect attacks (not just constraint violations) 3. Correlate violations to attacks 4. Enforce the properties via patches (fixes) 5. Evaluate fixes in community, deploy best ones Two instantiations of community approach Constraints approach (repair violations) Genealogy approach (semantic whitelists)

Scope of our solution The most important attacks in practice: 1.Execution of malicious code Memory-based (constraints approach) Script-based (constraints approach) Executable-based (genealogy approach) 2.Denial of service (constraints approach)

Accomplishments New approach to detection –Fewer false positives than constraint violation Instrumentation of stripped Windows binaries –Variables and program points in binaries Technique for creating LiveShield patches Investigated real exploits Program genealogy approach and experiments

Schedule 11:30 - Welcome (Michael Ernst) 11:45 - Overview (Saman Amarasinghe) 12:15 - Lunch, discussion of approach 01:15 - Constraints Approach –Constraint framework (Jeff Perkins) –Instrumentation (Sung Kim) –Constraint and patch generation (Yoav Zibin) –Exploits and demo (Sung Kim and Yoav Zibin) 02:30 - Break 02:45 - Program Genealogy (DNA) Approach (Sam Larsen) 03:15 - Conclusion (Michael Ernst) 04:00 - Break (Lee Badger departs) 04:15 - Discussion of Red Team evaluation with IET 05:00 - IET departs