Logo des Repositoriums
 

Isolating Cause-Effect Chains in Computer Systems

dc.contributor.authorNeuhaus, Stephan
dc.contributor.authorZeller, Andreas
dc.contributor.editorBleek, Wolf-Gideon
dc.contributor.editorRaasch, Jörg
dc.contributor.editorZüllighoven, Heinz
dc.date.accessioned2019-05-15T09:43:17Z
dc.date.available2019-05-15T09:43:17Z
dc.date.issued2007
dc.description.abstractOne of the major tasks in maintaining software systems is understanding how specific effects came to be. This is especially true for effects that cause major harm, and especially challenging for causes that actively prevent discovery. We introduce Malfor, a system that, for any reliably reproducible and observable effect, isolates the processes that cause the effect. We apply Malfor to intrusion analysis—that is, understanding how an intruder gained access to a system—and come up with cause-effect chains that describe how an attack came to be: “An attacker sent a malicious request to the Web server, which gave him a local shell, by which he gained administrator provileges via a security hole in Perl, and thus installed a new administrator account”. Malfor works by experiments. First, we record the interaction of the system being diagnosed. After the effect (the intrusion) has been detected, we replay the recorded events in slightly different configurations to isolate the processes which were relevant for the effect. While intrusion analysis is among the more spectacular uses of Malfor, the underlying techniques can easily be generalized to arbitrary system behaviors.en
dc.identifier.isbn978-3-88579-199-7
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/22759
dc.language.isoen
dc.publisherGesellschaft für Informatik e. V.
dc.relation.ispartofSoftware Engineering 2007 – Fachtagung des GI-Fachbereichs Softwaretechnik
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-105
dc.titleIsolating Cause-Effect Chains in Computer Systemsen
dc.typeText/Conference Paper
gi.citation.endPage180
gi.citation.publisherPlaceBonn
gi.citation.startPage169
gi.conference.date27.-30.03.2007
gi.conference.locationHamburg
gi.conference.sessiontitleRegular Research Papers

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
169.pdf
Größe:
2.64 MB
Format:
Adobe Portable Document Format