Thesis Defense: Automated intrusion recovery for web applications

SHARE:

Event Speaker: 

Ramesh Chandra

Event Location: 

32-G882

Event Date/Time: 

Wednesday, May 29, 2013 - 11:00am

 

Automated intrusion recovery for web applications

 

Web applications play a critical role in users' lives today, making them

an attractive target for attackers. New vulnerabilities are routinely

found in web application software, and even if the software is bug-free,

administrators may make security mistakes such as misconfiguring

permissions; these bugs and mistakes virtually guarantee that every

application will eventually be compromised. To clean up after a

compromise, system administrators need to find the attack's entry point,

track down the attack's effects, and undo the attack's corruptions while

preserving legitimate changes; this results in days of wasted effort

with no guarantee that all traces of the attack have been found or that

no legitimate changes were lost.

 

To address this problem, this dissertation posits that automated

intrusion recovery should be an integral part of the web application

system software. This work develops three techniques -- patch-based

auditing, dependency tracking, and retroactive patching -- that together

recover from past attacks exploiting a bug, given nothing more than a

patch fixing the bug. Using these techniques, an administrator can

easily recover from past attacks once a patch is released, with no

manual effort on his part to find the attack or track its effects. The

same techniques can also recover from attacks that exploit past

configuration mistakes -- the administrator only has to point out the

past request that resulted in the mistake.

 

We demonstrate recovery from challenging attacks in real applications

with little or no changes to application source code. Recovery takes a

fraction of the time taken for original execution for attacks with a few

affected requests, while incurring modest runtime overhead during the

application's normal operation.

 

 

Thesis Supervisor: Nickolai Zeldovich