Vulnerability patch management remains one of the most complex issues facing modern enterprises; companies struggle to test and deploy new patches across their networks, often leaving myriad attack vectors vulnerable to exploits. This problem is exacerbated by enterprise server applications, which expose tremendous amounts of information about their security postures, greatly expediting attackers' reconnaissance incursions (e.g., knowledge gathering attacks). Unfortunately, current patching processes offer no insights into attacker activities, and prompt attack remediation is hindered by patch compatibility considerations and deployment cycles.
To reverse this asymmetry, a patch management model is proposed to facilitate the rapid injection of software patches into live, commodity applications without disruption of production workflows, and the transparent sandboxing of suspicious processes for counterreconnaissance and threat information gathering. Our techniques improve workload visibility and vulnerability management, and overcome perennial shortcomings of traditional patching methodologies, such as proneness to attacker fingerprinting, and the high cost of deployment. The approach enables a large variety of novel defense scenarios, including rapid security patch testing with prompt recovery from defective patches and the placement of exploit sensors inlined into production workloads. An implementation for six enterprise-grade server programs demonstrates that our approach is practical and incurs minimal runtime overheads. Moreover, four use cases are discussed, including a practical deployment on two public cloud environments.
Conference DayTue 10 NovDisplayed time zone: (UTC) Coordinated Universal Time change
08:30 - 09:00
|An Evaluation of Methods to Port Legacy Code to SGX Enclaves|
Kripa ShankerIndian Institute of Science, Bangalore, Arun JosephIndian Institute of Science, India, Vinod GanapathyIndian Institute of Science, IndiaDOI Pre-print File Attached
|How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach|
|Improving Cybersecurity Hygiene through JIT Patching|
|Search-Based Adversarial Testing and Improvement of Constrained Credit Scoring Systems|
Salah GhamiziUniversity of Luxembourg, Luxembourg, Maxime CordyUniversity of Luxembourg, Luxembourg, Martin GubriUniversity of Luxembourg, Luxembourg, Mike PapadakisUniversity of Luxembourg, Luxembourg, Andrey BoystovUniversity of Luxembourg, Luxembourg, Yves Le TraonUniversity of Luxembourg, Luxembourg, Anne GoujonBGL BNP Paribas, LuxembourgDOI Pre-print
|SinkFinder: Harvesting Hundreds of Unknown Interesting Function Pairs with Just One Seed|
Pan BianRenmin University of China, China, Bin LiangRenmin University of China, China, Jianjun HuangRenmin University of China, China, Wenchang ShiRenmin University of China, China, Xidong WangRenmin University of China, China, Jian ZhangInstitute of Software at Chinese Academy of Sciences, ChinaDOI
|Taking the Middle Path: Learning About Security Through Online Social Interaction|
|Conversations on Security|
Frederico AraujoIBM T.J. Watson Research Center, New York, USA, Kripa ShankerIndian Institute of Science, Bangalore, Pan BianRenmin University of China, China, Salah GhamiziSntT - University of Luxembourg, Tamara LopezThe Open University, Chaima AbidUniversity of Michigan, M: Ben HermannTechnical University Dortmund