Helen J. Wang - Microsoft Research
Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.
Vulnerability-Driven Network Filters for Preventing Known Vulnerability Attacks
Mar 30, 2005
Download:

Abstract
Software patching has not been an effective first-line defensepreventing large-scale worm attacks, even when patches had long been
available for their corresponding vulnerabilities. Generally, people
have been reluctant to patch their systems immediately, because patches
are perceived to be unreliable and disruptive to apply. To address this
problem, we propose a first-line worm defense in the network stack,
using shields -- vulnerability-specific, exploit-generic network filters
installed in end systems once a vulnerability is discovered, and before
the patch is applied. These filters examine the incoming or outgoing
traffic of vulnerable applications, and drop or correct traffic that
exploits vulnerabilities. Shields are less disruptive to install and
uninstall, easier to test for bad side effects, and hence more reliable
than traditional software patches. Further, shields are resilient to
polymorphic or metamorphic variations of exploits
In the Shield project, we're showing that this concept is feasible by
implementing a prototype Shield framework that filters traffic at the
transport layer. We have designed a safe and restrictive language to
describe vulnerabilities as partial state machines of the vulnerable
application. The expressiveness of the language has been verified by
encoding the signatures of a number of known vulnerabilities. Our
evaluation provides evidence of Shield's low false positive rate and
impact on application throughput. An examination of a sample set of
known vulnerabilities suggests that Shield could be used to prevent
exploitation of a substantial fraction of the most dangerous ones.
About the Speaker
Helen J. Wang is a researcher in the Systems and Networking research
group at Microsoft Research, Redmond, WA. Her research interests are in
system/network security, networking, protocol architectures,
mobile/wireless computing, and wide-area large scale distributed system
design. She received her Ph.D. degree from the Computer Science
department of U. C. Berkeley in December, 2001. Her Ph.D. thesis was on
\"Scalable, robust wide-area control architecture for integrated
communications\". Helen obtained her Bachelor of Science in Computer
Science from U. T. Austin, and Master of Science in Computer Science
from U. C. Berkeley.
group at Microsoft Research, Redmond, WA. Her research interests are in
system/network security, networking, protocol architectures,
mobile/wireless computing, and wide-area large scale distributed system
design. She received her Ph.D. degree from the Computer Science
department of U. C. Berkeley in December, 2001. Her Ph.D. thesis was on
\"Scalable, robust wide-area control architecture for integrated
communications\". Helen obtained her Bachelor of Science in Computer
Science from U. T. Austin, and Master of Science in Computer Science
from U. C. Berkeley.
Ways to Watch
