Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems - Archive ouverte HAL Access content directly
Conference Papers Year : 2019

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

(1, 2) , (1) , (1) , (2)
1
2
David Plaquin
  • Function : Author
  • PersonId : 1022771
Chris Dalton
  • Function : Author
  • PersonId : 1054187

Abstract

Despite the deployment of preventive security mechanisms to protect the assets and computing platforms of users, intrusions eventually occur. We propose a novel intrusion survivability approach to withstand ongoing intrusions. Our approach relies on an orchestration of fine-grained recovery and per-service responses (e.g., privileges removal). Such an approach may put the system into a degraded mode. This degraded mode prevents attackers to reinfect the system or to achieve their goals if they managed to reinfect it. It maintains the availability of core functions while waiting for patches to be deployed. We devised a cost-sensitive response selection process to ensure that while the service is in a degraded mode, its core functions are still operating. We built a Linux-based prototype and evaluated the effectiveness of our approach against different types of intrusions. The results show that our solution removes the effects of the intrusions, that it can select appropriate responses, and that it allows services to survive when reinfected. In terms of performance overhead, in most cases, we observed a small overhead, except in the rare case of services that write many small files asynchronously in a burst, where we observed a higher but acceptable overhead.
Fichier principal
Vignette du fichier
survivor-fine-grained-intrusion-response-and-recovery-approach-for-commodity-os-acsac-chevalier-2019.pdf (803.73 Ko) Télécharger le fichier
Vignette du fichier
slides.pdf (918.68 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Format : Presentation
Loading...

Dates and versions

hal-02289315 , version 1 (23-09-2019)
hal-02289315 , version 2 (26-09-2019)

Identifiers

Cite

Ronny Chevalier, David Plaquin, Chris Dalton, Guillaume Hiet. Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems. ACSAC 2019 - 35th Annual Computer Security Applications Conference, Dec 2019, San Juan, Puerto Rico. ⟨10.1145/3359789.3359792⟩. ⟨hal-02289315v2⟩
194 View
241 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More