Towards Self-Explaining Networks
作者: Andreas Haeberlen , Micah Sherr , Boon Thau Loo , Qiong Fei , Wenchao Zhou
DOI:
关键词:
摘要: In this paper, we argue that networks should be able to explain their operators why they are in a certain state, even if – and particularly have been compromised by an attacker. Such capability would useful forensic investigations, where operator observes unexpected state must decide whether it is benign or indication the system has compromised. Using very pessimistic threat model which malicious adversary can completely compromise arbitrary subset of nodes network, cannot expect get complete correct explanation all possible cases. However, also show that, based on recent advances systems database communities, seems slightly weaker guarantee: for any change directly indirectly affects node, either obtain eventually identify at least one node. We discuss challenges involved building provide property, report initial results from early prototype.
georgetown.edu参考文章(21)
Dominic G. Lucchetti, Peter M. Chen, Zhuoqing Morley Mao, Samuel T. King, Enriching Intrusion Alerts Through Multi-Host Causality. network and distributed system security symposium. ,(2005)
Christopher Olston, Anish Das Sarma, Ibis: A Provenance Manager for Multi-Layer Systems. conference on innovative data systems research. pp. 152- 159 ,(2011)
Rafal Wojtczuk, Subverting the Xen hypervisor ,(2008)
Gerome Miklau, Dan Suciu, Controlling access to published data using cryptography very large data bases. pp. 898- 909 ,(2003) , 10.1016/B978-012722442-8/50084-7
Peter Buneman, Sanjeev Khanna, Tan Wang-Chiew, Why and Where: A Characterization of Data Provenance international conference on database theory. pp. 316- 330 ,(2001) , 10.1007/3-540-44503-X_20
Kiran-Kumar Muniswamy-Reddy, David A. Holland, Uri Braun, Margo Seltzer, Provenance-aware storage systems usenix annual technical conference. pp. 4- 4 ,(2006)
Bernhard Kauer, OSLO: improving the security of trusted computing usenix security symposium. pp. 16- ,(2007)
Andreas Haeberlen, Petr Kuznetsov, The Fault Detection Problem international conference on principles of distributed systems. pp. 99- 114 ,(2009) , 10.1007/978-3-642-10877-8_10
Boon Thau Loo, Tyson Condie, Joseph M. Hellerstein, Petros Maniatis, Timothy Roscoe, Ion Stoica, Implementing declarative overlays symposium on operating systems principles. ,vol. 39, pp. 75- 90 ,(2005) , 10.1145/1095809.1095818
David Moore, Colleen Shannon, k claffy, Code-Red: a case study on the spread and victims of an internet worm acm special interest group on data communication. pp. 273- 284 ,(2002) , 10.1145/637201.637244