Vigilante: end-to-end containment of internet worms

Vigilante: end-to-end containment of internet worms

Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network le...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Costa, Manuel, Crowcroft, Jon, Castro, Miguel, Rowstron, Antony, Zhou, Lidong, Zhang, Lintao, Barham, Paul
Format: Tagungsbericht
Sprache:eng
Schlagworte:
General and reference > Cross-computing tools and techniques > Performance
General and reference > Cross-computing tools and techniques > Reliability
Security and privacy > Systems security > Operating systems security
Software and its engineering > Software creation and management > Designing software
Software and its engineering > Software organization and properties > Contextual software domains > Operating systems
Software and its engineering > Software organization and properties > Extra-functional properties > Software performance
Software and its engineering > Software organization and properties > Extra-functional properties > Software reliability
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 147
container_issue
container_start_page 133
container_title
container_volume
creator Costa, Manuel
Crowcroft, Jon
Castro, Miguel
Rowstron, Antony
Zhou, Lidong
Zhang, Lintao
Barham, Paul
description Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.
doi_str_mv 10.1145/1095810.1095824
format Conference Proceeding
fullrecord <record><control><sourceid>proquest_acm_b</sourceid><recordid>TN_cdi_proquest_miscellaneous_31669568</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>31669568</sourcerecordid><originalsourceid>FETCH-LOGICAL-a173t-2c081a3c7becb774fbe31806d372efd239b9002a457d2e7ad16f51277a432f3e3</originalsourceid><addsrcrecordid>eNqNj81KxDAUhQMqWMaufQNx0_He3CY3WcrgHwy4UbchaROpdqxOOu9vy_QBZnU48HE4nxDXCGvEWt0hWGXmMqesz0Rp2aCyyhKwNeeiANRUKWvgUpQ5fwEAIhkmKkTx0X12vf8Z45W4SL7PsVxyJd4fH942z9X29ellc7-tPDKNlWzAoKeGQ2wCc51CJDSgW2IZUyvJBgsgfa24lZF9izoplMy-Jpko0krcHHd_98PfIebR7brcxH46EYdDdoRaW6XNBN4eQd_sXBiG7-wQ3KzsFmW3KE_o-kTUhX0XE_0Dxo5SGQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype><pqid>31669568</pqid></control><display><type>conference_proceeding</type><title>Vigilante: end-to-end containment of internet worms</title><source>ACM Digital Library Complete</source><creator>Costa, Manuel ; Crowcroft, Jon ; Castro, Miguel ; Rowstron, Antony ; Zhou, Lidong ; Zhang, Lintao ; Barham, Paul</creator><creatorcontrib>Costa, Manuel ; Crowcroft, Jon ; Castro, Miguel ; Rowstron, Antony ; Zhou, Lidong ; Zhang, Lintao ; Barham, Paul</creatorcontrib><description>Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.</description><identifier>ISSN: 0163-5980</identifier><identifier>ISBN: 9781595930798</identifier><identifier>ISBN: 1595930795</identifier><identifier>DOI: 10.1145/1095810.1095824</identifier><language>eng</language><publisher>New York, NY, USA: ACM</publisher><subject>General and reference -- Cross-computing tools and techniques -- Performance ; General and reference -- Cross-computing tools and techniques -- Reliability ; Security and privacy -- Systems security -- Operating systems security ; Software and its engineering -- Software creation and management -- Designing software ; Software and its engineering -- Software organization and properties -- Contextual software domains -- Operating systems ; Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software performance ; Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software reliability</subject><ispartof>Operating systems review, 2005, p.133-147</ispartof><rights>2005 ACM</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>309,310,777,781,786,787,23911,23912,25121,27906</link.rule.ids></links><search><creatorcontrib>Costa, Manuel</creatorcontrib><creatorcontrib>Crowcroft, Jon</creatorcontrib><creatorcontrib>Castro, Miguel</creatorcontrib><creatorcontrib>Rowstron, Antony</creatorcontrib><creatorcontrib>Zhou, Lidong</creatorcontrib><creatorcontrib>Zhang, Lintao</creatorcontrib><creatorcontrib>Barham, Paul</creatorcontrib><title>Vigilante: end-to-end containment of internet worms</title><title>Operating systems review</title><description>Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.</description><subject>General and reference -- Cross-computing tools and techniques -- Performance</subject><subject>General and reference -- Cross-computing tools and techniques -- Reliability</subject><subject>Security and privacy -- Systems security -- Operating systems security</subject><subject>Software and its engineering -- Software creation and management -- Designing software</subject><subject>Software and its engineering -- Software organization and properties -- Contextual software domains -- Operating systems</subject><subject>Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software performance</subject><subject>Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software reliability</subject><issn>0163-5980</issn><isbn>9781595930798</isbn><isbn>1595930795</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2005</creationdate><recordtype>conference_proceeding</recordtype><recordid>eNqNj81KxDAUhQMqWMaufQNx0_He3CY3WcrgHwy4UbchaROpdqxOOu9vy_QBZnU48HE4nxDXCGvEWt0hWGXmMqesz0Rp2aCyyhKwNeeiANRUKWvgUpQ5fwEAIhkmKkTx0X12vf8Z45W4SL7PsVxyJd4fH942z9X29ellc7-tPDKNlWzAoKeGQ2wCc51CJDSgW2IZUyvJBgsgfa24lZF9izoplMy-Jpko0krcHHd_98PfIebR7brcxH46EYdDdoRaW6XNBN4eQd_sXBiG7-wQ3KzsFmW3KE_o-kTUhX0XE_0Dxo5SGQ</recordid><startdate>20051020</startdate><enddate>20051020</enddate><creator>Costa, Manuel</creator><creator>Crowcroft, Jon</creator><creator>Castro, Miguel</creator><creator>Rowstron, Antony</creator><creator>Zhou, Lidong</creator><creator>Zhang, Lintao</creator><creator>Barham, Paul</creator><general>ACM</general><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20051020</creationdate><title>Vigilante</title><author>Costa, Manuel ; Crowcroft, Jon ; Castro, Miguel ; Rowstron, Antony ; Zhou, Lidong ; Zhang, Lintao ; Barham, Paul</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a173t-2c081a3c7becb774fbe31806d372efd239b9002a457d2e7ad16f51277a432f3e3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2005</creationdate><topic>General and reference -- Cross-computing tools and techniques -- Performance</topic><topic>General and reference -- Cross-computing tools and techniques -- Reliability</topic><topic>Security and privacy -- Systems security -- Operating systems security</topic><topic>Software and its engineering -- Software creation and management -- Designing software</topic><topic>Software and its engineering -- Software organization and properties -- Contextual software domains -- Operating systems</topic><topic>Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software performance</topic><topic>Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software reliability</topic><toplevel>online_resources</toplevel><creatorcontrib>Costa, Manuel</creatorcontrib><creatorcontrib>Crowcroft, Jon</creatorcontrib><creatorcontrib>Castro, Miguel</creatorcontrib><creatorcontrib>Rowstron, Antony</creatorcontrib><creatorcontrib>Zhou, Lidong</creatorcontrib><creatorcontrib>Zhang, Lintao</creatorcontrib><creatorcontrib>Barham, Paul</creatorcontrib><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Costa, Manuel</au><au>Crowcroft, Jon</au><au>Castro, Miguel</au><au>Rowstron, Antony</au><au>Zhou, Lidong</au><au>Zhang, Lintao</au><au>Barham, Paul</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Vigilante: end-to-end containment of internet worms</atitle><btitle>Operating systems review</btitle><date>2005-10-20</date><risdate>2005</risdate><spage>133</spage><epage>147</epage><pages>133-147</pages><issn>0163-5980</issn><isbn>9781595930798</isbn><isbn>1595930795</isbn><abstract>Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new end-to-end approach to contain worms automatically that addresses these limitations. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability that can be inexpensively verified by any vulnerable host. When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software. We show that Vigilante can automatically contain fast-spreading worms that exploit unknown vulnerabilities without blocking innocuous traffic.</abstract><cop>New York, NY, USA</cop><pub>ACM</pub><doi>10.1145/1095810.1095824</doi><tpages>15</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0163-5980
ispartof Operating systems review, 2005, p.133-147
issn 0163-5980
language eng
recordid cdi_proquest_miscellaneous_31669568
source ACM Digital Library Complete
subjects General and reference -- Cross-computing tools and techniques -- Performance
General and reference -- Cross-computing tools and techniques -- Reliability
Security and privacy -- Systems security -- Operating systems security
Software and its engineering -- Software creation and management -- Designing software
Software and its engineering -- Software organization and properties -- Contextual software domains -- Operating systems
Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software performance
Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software reliability
title Vigilante: end-to-end containment of internet worms
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T00%3A00%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_acm_b&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Vigilante:%20end-to-end%20containment%20of%20internet%20worms&rft.btitle=Operating%20systems%20review&rft.au=Costa,%20Manuel&rft.date=2005-10-20&rft.spage=133&rft.epage=147&rft.pages=133-147&rft.issn=0163-5980&rft.isbn=9781595930798&rft.isbn_list=1595930795&rft_id=info:doi/10.1145/1095810.1095824&rft_dat=%3Cproquest_acm_b%3E31669568%3C/proquest_acm_b%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=31669568&rft_id=info:pmid/&rfr_iscdi=true