[Nets-seminars] Seminar today : Vigilante: End-to-End Containment
of Internet Worms
Adam Greenhalgh
a.greenhalgh at cs.ucl.ac.uk
Wed Dec 7 09:46:56 GMT 2005
This will take place in room 6.12 from 4-5 pm today.
-- Adam
---------------------------------------------------------------------
Speaker: Manuel Costa - Microsoft Research, Cambridge
Title: Vigilante: End-to-End Containment of Internet Worms
Abstract: Worm containment must be automatic because worms can spread
too fast for humans to respond. Recent work has proposed network-level
techniques to automate worm containment; these techniques have
limitations because there is no information about the vulnerabilities
exploited by worms at the network level. We propose Vigilante, a new
end-to-end approach to contain worms automatically that addresses
these limitations. Vigilante relies on collaborative worm detection at
end hosts, but does not require hosts to trust each other. Hosts run
instrumented software to detect worms and broadcast self-certifying
alerts (SCAs) upon worm detection. SCAs are proofs of vulnerability
that can be inexpensively verified by any vulnerable host. When hosts
receive an SCA, they generate filters that block infection by
analysing the SCA-guided execution of the vulnerable software. We show
that Vigilante can automatically contain fast-spreading worms that
exploit unknown vulnerabilities without blocking innocuous traffic.
_______________________________________________
More information about the Nets-seminars
mailing list