Campus Event Calendar
Event Entry
What and Who
Self-defending software: Automatically patching security vulnerabilities
Michael Ernst
MPI-SWS, MIT, and U. of Washington
SWS Distinguished Lecture Series - Winter
AG 1, AG 2, AG 3, AG 4, AG 5, SWS, RG1, MMCI
Expert Audience
English
Note: We use this to send email in the morning.
Date, Time and Location
Tuesday, 25 November 2008
14:00
90 Minutes
E1 5
Room 019
Saarbrücken
Abstract
This talk presents ClearView, a system that automatically creates patches
for zero-day exploits: previously unknown security vulnerabilities in COTS
software. The patched program survives otherwise fatal attacks, and it
provides uninterrupted service both during and after attacks.
ClearView first observes normal executions to learn the program's intended
behavior. ClearView correlates violations of this behavior with attacks,
by using an attack detector and run-time checking of the inferred behavior.
ClearView converts the behavior differences into patches that may repair
the behavior violation and eliminate the exploited vulnerability. Finally,
ClearView dynamically evaluates each patch, distributing the most
successful one.
The ClearView implementation protects Windows x86 binaries. DARPA hired an
external Red Team to evaluate ClearView by attacking a protected system.
The Red Team had access to our design and implementation, and spent several
months devising attacks that cause the Firefox browser to execute arbitrary
code. ClearView prevented all of the attacks from executing malicious
code. In 70% of cases, ClearView generated a patch that rendered the
attack harmless while preserving application functionality.
for zero-day exploits: previously unknown security vulnerabilities in COTS
software. The patched program survives otherwise fatal attacks, and it
provides uninterrupted service both during and after attacks.
ClearView first observes normal executions to learn the program's intended
behavior. ClearView correlates violations of this behavior with attacks,
by using an attack detector and run-time checking of the inferred behavior.
ClearView converts the behavior differences into patches that may repair
the behavior violation and eliminate the exploited vulnerability. Finally,
ClearView dynamically evaluates each patch, distributing the most
successful one.
The ClearView implementation protects Windows x86 binaries. DARPA hired an
external Red Team to evaluate ClearView by attacking a protected system.
The Red Team had access to our design and implementation, and spent several
months devising attacks that cause the Firefox browser to execute arbitrary
code. ClearView prevented all of the attacks from executing malicious
code. In 70% of cases, ClearView generated a patch that rendered the
attack harmless while preserving application functionality.
Contact
Claudia Richter
9325 688
--email hidden
passcode not visible
logged in users only
Claudia Richter, 11/19/2008 16:17 -- Created document.