Locating Zero-Day Exploits with Coarse-Grained Forensics

ABSTRACT

This paper describes a novel coarse-grained forensics capability for locating zero-day exploits by recording and correlating on-host actions with network packets, with no discernible impact on user experience. The technology builds upon the Bear micro-kernel, a clean-slate custom OS specifically designed with modern Intel security features and Multics style protections. The capability provides an alternative to fine-grained techniques, such as memory taint tracking, that are intractable approaches for high-volume Internet facing servers. Two associated network attack scenarios, modelled from typical website designs, are described in order to illustrate how the technique can be used, and the associated results are presented.


AUTHORS

Dartmouth College, Hanover, NH
USA

Stephen Kuhn is a Research Scientist at Dartmouth College. A recent graduate of the PhD program in 2014 with a thesis focused on virtualization and forensics, Dr. Kuhn completed his Master’s at Syracuse University in 2008 investigating large-scale Internet packet processing and attribution.

Photo of Stephen Taylor

Dartmouth College
Hanover, NH, USA

Stephen Taylor is a Professor of Computer Engineering at Dartmouth College and a nationally recognized leader in cybersecurity. Among other awards, he has received Secretary of Defense and USAF Medals for Public Service and the DARPA Directors Award for Outstanding Portfolio of Technical Programs.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com