Computer Security Applications Conference, Annual (2005)
Dec. 5, 2005 to Dec. 9, 2005
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.18
Meng Yu , Monmouth University
Wanyu Zang , Monmouth University
Peng Liu , Pennsylvania State University
It is a well known problem that the attack recovery of a self-healing system rolls back not only malicious transactions, but also legitimate transactions that are dependent on the malicious transactions. Rolling back and re-executing damaged transactions increase the response time of the system and may cause a significant processing delay. In such situations, the availability of the system is compromised and the system suffers the vulnerability of Denial of Service (DoS). In this paper, we propose a defensive executing technique and analyze its effectiveness. Our technique concurrently executes multiple paths of a transactional processes based on the prediction generated by a Discrete Time Markov Chain. The defensive execution can reduce the delay caused by recovery. We also propose a branch cutting technique to reduce the extra cost introduced by defensive execution. Our analytical results show that our technique is practical against transactional level attacks.
M. Yu, P. Liu and W. Zang, "Defensive Execution of Transactional Processes against Attacks," Computer Security Applications Conference, Annual(ACSAC), Tucson, Arizona, 2005, pp. 515-526.