Helen J. Wang, Vulnerability-Driven Network Filters for Preventing Known Vulnerability Attacks

Software patching has not been an effective first-line defense preventing large-scale worm attacks, even when patches had long been available for their corresponding vulnerabilities. Generally, people have been reluctant to patch their systems immediately, because patches are perceived to be unreliable and disruptive to apply. To address this problem, we propose a first-line worm defense in the network stack, using shields -- vulnerability-specific, exploit-generic network filters installed in end systems once a vulnerability is discovered, and before the patch is applied. These filters examine the incoming or outgoing traffic of vulnerable applications, and drop or correct traffic that exploits vulnerabilities. Shields are less disruptive to install and uninstall, easier to test for bad side effects, and hence more reliable than traditional software patches. Further, shields are resilient to polymorphic or metamorphic variations of exploits In the Shield project, we're showing that this concept is feasible by implementing a prototype Shield framework that filters traffic at the transport layer. We have designed a safe and restrictive language to describe vulnerabilities as partial state machines of the vulnerable application. The expressiveness of the language has been verified by encoding the signatures of a number of known vulnerabilities. Our evaluation provides evidence of Shield's low false positive rate and impact on application throughput. An examination of a sample set of known vulnerabilities suggests that Shield could be used to prevent exploitation of a substantial fraction of the most dangerous ones. About the speaker: Helen J. Wang is a researcher in the Systems and Networking research group at Microsoft Research, Redmond, WA. Her research interests are in system/network security, networking, protocol architectures, mobile/wireless computing, and wide-area large scale distributed system design. She received her Ph.D. degree from the Computer Science department of U. C. Berkeley in December, 2001. Her Ph.D. thesis was on \"Scalable, robust wide-area control architecture for integrated communications\". Helen obtained her Bachelor of Science in Computer Science from U. T. Austin, and Master of Science in Computer Science from U. C. Berkeley.