Authors:
Florian Rhinow
1
and
Michael Clear
2
Affiliations:
1
Trinity College Dublin and SAP Business Intelligence R&D, Ireland
;
2
Trinity College Dublin, Ireland
Keyword(s):
Dynamic Taint Analysis, Self-certifying Alerts, Vulnerability Distribution, Zero Day Attacks.
Related
Ontology
Subjects/Areas/Topics:
Critical Infrastructure Protection
;
Information and Systems Security
;
Intrusion Detection & Prevention
;
Network Security
;
Security in Distributed Systems
;
Wireless Network Security
Abstract:
Recent work has suggested automated approaches to vulnerability distribution, but their usage has been limited
to local networks and memory corruption detection techniques and has precluded custom vulnerability
response processes. We present Scargos, a novel approach to automate the distribution and verification of
vulnerabilities across the internet, while allowing for automatic, custom countermeasures without the need
to trust a central authority. By leveraging collaborative detection, vulnerability reports can be contributed by
anybody and are announced to an open network by using packet-based self-certifying alerts (SCA), which
are a proof of the existence of a vulnerability by capturing the original, unmodified attack. We show that our
approach allows for detection of previously unknown attacks, while an entire life cycle including distribution
and verification is achieved on average in under 2 seconds.