Approach Overview
damage can happen only due to
- system calls made by attacked process
- network packets delivered to target host
damage occurs when (attacked) systems deviate from their intended behavior
damage can be prevented/isolated as follows
- model behaviors in terms of observable events
- intercept events at runtime and compare against specification of intended behavior
- initiate appropriate responses
-