侵入の検知を契機にサーバを安全な状態に回復する機構  [in Japanese] Server Recovery at the Intrusion Detection  [in Japanese]

Access this Article

Search this Article

Author(s)

Abstract

プロセスがバッファオーバフロー攻撃を受けた場合、プロセスを強制終了させるのが通常の判断であるが、可用性に不満が残る。そこで、攻撃の検知を契機に、サーバを安全な状態に迅速に回復するOS機能「空蝉」を提案する。「空蝉」は、攻撃の検知のためにシステムコールアドレスを監視し、安全な状態の退避・回復にはforkの機構を利用する。実装、適用、および性能について報告する。Utsusemi (cicada's cell), a recovery-based countermeasure for the buffer overflow attacks is proposed. It does not only detect the attacks but also immediately recovers the attacked process to a safe state saved before the attack. The fork mechanism is used for saving the status of the process, and the detection is done by monitoring the attributes of the location where the system was called. Implementation, application and performance evaluation are reported.

"Utsusemi (cicada's cell)," a recovery-based countermeasure for the buffer overflow attacks is proposed. It does not only detect the attacks but also immediately recovers the attacked process to a safe state saved before the attack. The fork mechanism is used for saving the status of the process, and the detection is done by monitoring the attributes of the location where the system was called. Implementation, application and performance evaluation are reported.

Journal

  • IPSJ SIG Notes

    IPSJ SIG Notes 2006(15(2006-OS-101)), 55-62, 2006-02-17

    Information Processing Society of Japan (IPSJ)

References:  15

Cited by:  1

Codes

  • NII Article ID (NAID)
    110004713722
  • NII NACSIS-CAT ID (NCID)
    AN10444176
  • Text Lang
    JPN
  • Article Type
    Journal Article
  • ISSN
    09196072
  • NDL Article ID
    7841360
  • NDL Source Classification
    ZM13(科学技術--科学技術一般--データ処理・計算機)
  • NDL Call No.
    Z14-1121
  • Data Source
    CJP  CJPref  NDL  NII-ELS  IPSJ 
Page Top