A3: An Environment for Self-Adaptive Diagnosis and Immunization of Novel Attacks
Proceedings of the 6th IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW) 2012.
© Copyright 2012 IEEE.
This paper describes an ongoing research effort aiming to use adaptation to defend individual applications against novel attacks. Application focused adaptive security spans adaptive use of security mechanisms in both the host and the network. The work presented in this paper is developing key infrastructure capabilities and supporting services including mandatory mediation of application I/O, record and replay of channel interaction, and VMI-based monitoring and analysis of execution that will facilitate replay-based diagnosis and patch derivation for attacks that succeed and go unnoticed until a known undesired condition manifests. After describing the basics, we present the results from our initial evaluation and outline the next steps.