Isolation of Malicious External Inputs in a Security Focused Adaptive Execution Environment
Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES) 2013.
DOI: 10.1109/ARES.2013.15
© Copyright 2013 IEEE.
View BibTeX.
areas
Security,
Virtualization
abstract
Reliable isolation of malicious application inputs is necessary for preventing the future success of an observed novel attack after the initial incident. In this paper we describe, measure and analyze, Input-Reduction, a technique that can quickly isolate malicious external inputs that embody unforeseen and potentially novel attacks, from other benign application inputs. The Input-Reduction technique is integrated into an advanced, security-focused adaptive execution environment that automates diagnosis and repair. In experiments we show that Input-Reduction is both highly accurate and efficient in isolating attack inputs and determining casual relations between inputs. We also measure and show that the cost incurred by key services that support reliable reproduction and fast attack isolation is reasonable in the adaptive execution environment.