Locating Zero-Day Exploits with Coarse-Grained Forensics
ABSTRACT
This paper describes a novel coarse-grained forensics capability for locating zero-day exploits by recording and correlating on-host actions with network packets, with no discernible impact on user experience. The technology builds upon the Bear micro-kernel, a clean-slate custom OS specifically designed with modern Intel security features and Multics style protections. The capability provides an alternative to fine-grained techniques, such as memory taint tracking, that are intractable approaches for high-volume Internet facing servers. Two associated network attack scenarios, modelled from typical website designs, are described in order to illustrate how the technique can be used, and the associated results are presented.
AUTHORS
Dartmouth College, Hanover, NH
USA
Stephen Kuhn is a Research Scientist at Dartmouth College. A recent graduate of the PhD program in 2014 with a thesis focused on virtualization and forensics, Dr. Kuhn completed his Master’s at Syracuse University in 2008 investigating large-scale Internet packet processing and attribution.
Dartmouth College
Hanover, NH, USA
Stephen Taylor is a Professor of Computer Engineering at Dartmouth College and a nationally recognized leader in cybersecurity. Among other awards, he has received Secretary of Defense and USAF Medals for Public Service and the DARPA Directors Award for Outstanding Portfolio of Technical Programs.
Published In
Keywords
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
