CAREER: System-Wide Intrusion Recovery Using Selective Re-execution

职业：使用选择性重新执行进行系统范围的入侵恢复

• 批准号: 1053143
• 负责人: Nickolai Zeldovich
• 金额: $ 45万
• 依托单位: Massachusetts Institute of Technology
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-04-01 至 2017-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1053143&HistoricalAwards=false
• 关键词: CAREER; System; Wide; Intrusion; Recovery

Virtually any computer system can be compromised. New software vulnerabilities are discovered and exploited daily, and even if software were bug-free, unaware users may install malware along with free screensavers or greeting cards they download online. Cleaning up after these inevitable compromises leads to days of wasted effort by users or system administrators, with no conclusive guarantee that all traces of the attack are gone, or that no legitimate changes are lost.This research project automates recovery from intrusions by developing a system-wide undo mechanism, so that an administrator can undo an attacker's break-in attempt, along with all of its side-effects, while preserving all other legitimate operations. The key idea is to log all computations, such as processes or system calls, and the dependencies between them, so that if one operation needs to be undone, the system can both undo its direct effects, and recursively track down and re-execute other operations that may have been indirectly affected. Building on this basic approach, the project explores how computer systems must change to securely and efficiently provide system-wide undo, from operating system kernels, to programming languages, to applications and user interfaces.If successful, this project will provide a principled approach to recovering from intrusions in computer systems. More broadly, system-wide undo may help in many situations, such as users that realize they changed the wrong setting a week ago, students that want to learn a new system by exploring and undoing, or application developers that want to experiment with a large-scale system.

几乎所有的计算机系统都可能被破坏。 新的软件漏洞每天都会被发现和利用，即使软件没有漏洞，不知情的用户也可能会将恶意软件沿着在他们在线下载的免费屏幕保护程序或贺卡上。在这些不可避免的破坏之后进行清理会导致用户或系统管理员浪费数天的精力，无法确定是否所有攻击痕迹都消失了，或者没有合法的更改丢失。本研究项目通过开发一种系统范围的撤消机制，使管理员可以撤消攻击者的闯入尝试，沿着所有副作用，同时保留所有其他合法操作。其关键思想是记录所有计算，如进程或系统调用，以及它们之间的依赖关系，这样如果一个操作需要撤销，系统既可以撤销其直接影响，又可以递归地跟踪并重新执行可能受到间接影响的其他操作。 在这个基本方法的基础上，该项目探讨了计算机系统必须如何改变，以安全和有效地提供系统范围内的撤销，从操作系统内核，编程语言，应用程序和用户界面。如果成功，这个项目将提供一个原则性的方法来恢复计算机系统中的入侵。 更广泛地说，系统范围内的撤销在许多情况下都有帮助，例如用户意识到他们在一周前更改了错误的设置，学生希望通过探索和撤销来学习新系统，或者应用程序开发人员希望尝试大规模系统。