The Time Machine: Smart operation-resilience in presence of attacks and failures

Logic bomb are hidden code lines intentionally added to the source code to enable input-triggered activation of a wide list of malicious features. Bombs have been used for decades and considered as the most dangerous kind of attacks. Detecting such bombs in large software modules is a very complicat...

Full description

Saved in:
Bibliographic Details
Main Authors: Sayed, Muhammad Magdy, Azab, Mohamed
Format: Conference Proceeding
Language:English
Subjects:
Cloud computing
Container security
Containers
Hidden Markov models
Inductors
Intrusion detection
Linux container
Logic bomb detection
Monitoring
Real-time systems
System call monitoring
Weapons
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Logic bomb are hidden code lines intentionally added to the source code to enable input-triggered activation of a wide list of malicious features. Bombs have been used for decades and considered as the most dangerous kind of attacks. Detecting such bombs in large software modules is a very complicated if not an impossible task. In this paper, we present the Time Machine (TM). TM is a software management framework built to protect containerized software modules from such bombs. TM enables cloned containers to act in a time-delayed controlled environment to detect and circumvent activation events from triggering such bombs. TM relies on a smart "Bag of System Calls" monitoring module to detect even slight changes in the targeted software module behavior as an indication of bomb activation. In response, TM blocks the triggering event from reaching the clones, quarantine the bomb-activated module, use the clone as a replacement, and alert the system admin. Results showed that TM managed to protect such modules from undetectable bombs, with negligible impact on the module performance.
ISSN:2644-3163
DOI:10.1109/IEMCON.2019.8936284