Talk by R Sekar

Vulnerability Mitigation, Malware Defense and AttackReconstruction Using Information Flow and Policy Enforcement

The DNC hack of 2015/16 is just the latest in a string ofcyber attacks of increasing sophistication and impact. Most such attacksexploit software vulnerabilities and social engineering (e.g., spear phishing)to implant malware, which underpins an attack campaign involving data theft,infection of additional users/sites, and installation of even more stealthymalware. Despite substantial investment in software security, attackersroutinely sneak past existing defenses. This is because the defenses are eitherreactive in nature, or, they depend on isolating bad actors from the system.Reactive techniques, such as patching and signature-based scanning, areineffective against new vulnerabilities/attacks used in sophisticatedcampaigns. Isolation, on the other hand, can only be partial, since users needto interact with untrusted actors (web sites, emails, or data) at times. Wetherefore pursue a more flexible approach, one that relies on enhanced scrutinyrather than total isolation of untrusted elements. Specifically, we useprovenance-tracking to assess the degree of control exerted by untrusted actorson security-critical operations.

We then use policies to define the safe bounds for theseoperations. While provenance indicates whether attackers have the means tocarry out an attack, policies help assess their motives, i.e., whether theactions contribute towards typical attacker objectives. This talk will describeour provenance policy based approach, and its successful application to (a) themitigation of a wide range of software vulnerabilities, (b) principled malwaredefense across diverse OSes, including Linux, BSD, and Windows XP throughWindows 10, and (c) attack scenario reconstruction, where our techniqueaddresses the "needle-in-a-haystack" problem by achieving almost amillion-fold data reduction.