Isolating cause-effect chains in computer systems

نویسندگان

  • Stephan Neuhaus
  • Andreas Zeller
چکیده

One of the major tasks in maintaining software systems is understanding how specific effects came to be. This is especially true for effects that cause major harm, and especially challenging for causes that actively prevent discovery. We introduce Malfor, a system that, for any reliably reproducible and observable effect, isolates the processes that cause the effect. We apply Malfor to intrusion analysis—that is, understanding how an intruder gained access to a system—and come up with cause-effect chains that describe how an attack came to be: “An attacker sent a malicious request to the Web server, which gave him a local shell, by which he gained administrator provileges via a security hole in Perl, and thus installed a new administrator account”. Malfor works by experiments. First, we record the interaction of the system being diagnosed. After the effect (the intrusion) has been detected, we replay the recorded events in slightly different configurations to isolate the processes which were relevant for the effect. While intrusion analysis is among the more spectacular uses of Malfor, the underlying techniques can easily be generalized to arbitrary system behaviors.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Electronic transport in Si and Au monoatomic chains considering strongly correlation effect, a first principle study

We have investigated structure and electronic properties of Au and Si liner chains using the firstprinciplesplane wave pseudopotential method. The transport properties and conductance of these twoliner chains are studied using Landauer approaches based on density functional theory (DFT). Weobtain density of states and band gap using Kohn-Sham and Wannier functions as well as quantumconductivity...

متن کامل

Market power influential approach using game theory in a two competing supply chains with multi-echelons under centralized/decentralized environments

This paper is considering the competition between two multi-echelon supply-chains on price and service under balance and imbalance of market power between the chains which are analyzing through Nash and Stackelberg game approach. The problem is categorized as the centralized or decentralized structure of each chain, which means a few different possible scenarios are developing based on the Nash...

متن کامل

Modeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism

In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...

متن کامل

Modeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism

In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...

متن کامل

Dynamic configuration and collaborative scheduling in supply chains based on scalable multi-agent architecture

Due to diversified and frequently changing demands from customers, technological advances and global competition, manufacturers rely on collaboration with their business partners to share costs, risks and expertise. How to take advantage of advancement of technologies to effectively support operations and create competitive advantage is critical for manufacturers to survive. To respond to these...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007