Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Helen J. Wang - Microsoft Research

"Vulnerability-Driven Network Filters for Preventing Known Vulnerability Attacks"

Mar 30, 2005

Download: Video Icon MP4 Video Size: 214.5MB  
Watch on Youtube Watch on YouTube


Software patching has not been an effective first-line defense
preventing large-scale worm attacks, even when patches had long been
available for their corresponding vulnerabilities. Generally, people
have been reluctant to patch their systems immediately, because patches
are perceived to be unreliable and disruptive to apply. To address this
problem, we propose a first-line worm defense in the network stack,
using shields -- vulnerability-specific, exploit-generic network filters
installed in end systems once a vulnerability is discovered, and before
the patch is applied. These filters examine the incoming or outgoing
traffic of vulnerable applications, and drop or correct traffic that
exploits vulnerabilities. Shields are less disruptive to install and
uninstall, easier to test for bad side effects, and hence more reliable
than traditional software patches. Further, shields are resilient to
polymorphic or metamorphic variations of exploits

In the Shield project, we're showing that this concept is feasible by
implementing a prototype Shield framework that filters traffic at the
transport layer. We have designed a safe and restrictive language to
describe vulnerabilities as partial state machines of the vulnerable
application. The expressiveness of the language has been verified by
encoding the signatures of a number of known vulnerabilities. Our
evaluation provides evidence of Shield's low false positive rate and
impact on application throughput. An examination of a sample set of
known vulnerabilities suggests that Shield could be used to prevent
exploitation of a substantial fraction of the most dangerous ones.

About the Speaker

Helen J. Wang is a researcher in the Systems and Networking research
group at Microsoft Research, Redmond, WA. Her research interests are in
system/network security, networking, protocol architectures,
mobile/wireless computing, and wide-area large scale distributed system
design. She received her Ph.D. degree from the Computer Science
department of U. C. Berkeley in December, 2001. Her Ph.D. thesis was on
\"Scalable, robust wide-area control architecture for integrated
communications\". Helen obtained her Bachelor of Science in Computer
Science from U. T. Austin, and Master of Science in Computer Science
from U. C. Berkeley.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!