Table of Contents
Building Survivable Systems: �An Integrated Approach Based on Intrusion Prevention, Detection and Response
Outline of Talk
Motivation
Protected System Model
Key Assumptions
Our Approach: Static View
Our Approach: Runtime View
Related Work
Key Benefits of Our Approach
Specification Language
Specification Language
REE Patterns
Specification Language – Reactions
Example System Call Specifications
Example Packet Specifications
Example Isolation Specification
Runtime System
Interception of System Calls
Portable Techniques for Syscall Interception
Issues in Syscall Interception: Flexibility
Issues in Syscall Interception: Performance
Performance of System call Interception
Effectiveness & Performance
Implementation Status
Effectiveness of SDE+PDE on CERT Data
Intrusion Detection Competition
Competition Organization
PDE Attack Repertoire
Evaluation Results: Summary
Effectiveness on Network-Level Attacks
PDE Performance
Factors Determining Performance
Compiling REE Matching
Approach to Fast REE Matching
EFSA Construction
EFSA Construction
Approach to Construct EFSA
Approach to Construct EFSA
EFSA Construction: Example
EFSA Construction: Example
Summary
Future Directions
Credits
|