[Nets-seminars] Nets-seminar: Vigilante: End-to-End Containment of Internet Worms (TOMORROW)

Felipe Huici f.huici at cs.ucl.ac.uk
Tue Dec 6 14:27:57 GMT 2005


This will take place in room 6.12 from 4-5 pm on Wednesday, December 7th
*
*-- Felipe

*---------------------------------------------------------------------
*
*
Speaker*: Manuel Costa - Microsoft Research, Cambridge
*Title*: Vigilante: End-to-End Containment of Internet Worms
*Abstract*: Worm containment must be automatic because worms can spread too
fast for humans to respond. Recent work has proposed network-level
techniques to automate worm containment; these techniques have limitations
because there is no information about the vulnerabilities exploited by worms
at the network level. We propose Vigilante, a new end-to-end approach to
contain worms automatically that addresses these limitations. Vigilante
relies on collaborative worm detection at end hosts, but does not require
hosts to trust each other. Hosts run instrumented software to detect worms
and broadcast self-certifying alerts (SCAs) upon worm detection. SCAs are
proofs of vulnerability that can be inexpensively verified by any vulnerable
host. When hosts receive an SCA, they generate filters that block infection
by analysing the SCA-guided execution of the vulnerable software. We show
that Vigilante can automatically contain fast-spreading worms that exploit
unknown vulnerabilities without blocking innocuous traffic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oakham.cs.ucl.ac.uk/pipermail/nets-seminars/attachments/20051206/9e3c6982/attachment.html


More information about the Nets-seminars mailing list