Isolating cause-effect chains in computer systems
نویسندگان
چکیده
One of the major tasks in maintaining software systems is understanding how specific effects came to be. This is especially true for effects that cause major harm, and especially challenging for causes that actively prevent discovery. We introduce Malfor, a system that, for any reliably reproducible and observable effect, isolates the processes that cause the effect. We apply Malfor to intrusion analysis—that is, understanding how an intruder gained access to a system—and come up with cause-effect chains that describe how an attack came to be: “An attacker sent a malicious request to the Web server, which gave him a local shell, by which he gained administrator provileges via a security hole in Perl, and thus installed a new administrator account”. Malfor works by experiments. First, we record the interaction of the system being diagnosed. After the effect (the intrusion) has been detected, we replay the recorded events in slightly different configurations to isolate the processes which were relevant for the effect. While intrusion analysis is among the more spectacular uses of Malfor, the underlying techniques can easily be generalized to arbitrary system behaviors.
منابع مشابه
Electronic transport in Si and Au monoatomic chains considering strongly correlation effect, a first principle study
We have investigated structure and electronic properties of Au and Si liner chains using the firstprinciplesplane wave pseudopotential method. The transport properties and conductance of these twoliner chains are studied using Landauer approaches based on density functional theory (DFT). Weobtain density of states and band gap using Kohn-Sham and Wannier functions as well as quantumconductivity...
متن کاملMarket power influential approach using game theory in a two competing supply chains with multi-echelons under centralized/decentralized environments
This paper is considering the competition between two multi-echelon supply-chains on price and service under balance and imbalance of market power between the chains which are analyzing through Nash and Stackelberg game approach. The problem is categorized as the centralized or decentralized structure of each chain, which means a few different possible scenarios are developing based on the Nash...
متن کاملModeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism
In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...
متن کاملModeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism
In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...
متن کاملDynamic configuration and collaborative scheduling in supply chains based on scalable multi-agent architecture
Due to diversified and frequently changing demands from customers, technological advances and global competition, manufacturers rely on collaboration with their business partners to share costs, risks and expertise. How to take advantage of advancement of technologies to effectively support operations and create competitive advantage is critical for manufacturers to survive. To respond to these...
متن کامل