|Title||Architectural Support for Automated Software Attack Detection, Recovery, and Prevention|
|Publication Type||Conference Papers|
|Authors||J. Sathre, A. Baumgarten and J. Zambreno|
|Conference Name||Proceedings of the International Conference on Embedded and Ubiquitous Computing (EUC)|
Attacks on software systems are an increasingly serious problem from an economic and security standpoint. Many techniques have been proposed ranging from simple compiler modiﬁcations to full-scale re-engineering of computer systems architecture aimed at attack detection. Traditional techniques ignore the arguably more important problem of graceful recovery. Without recovery, even a successful attack detection can become an effective Denial-of-Service. We propose an architectural approach to attack detection and recovery called rollback and huddle that monitors a program’s execution with a lightweight attack-detection module while continuously checkpointing the system state. In the case of an attack, the program state is rolled back to a time before the attack occurred and an additional module is loaded to identify the source of the attack, repair the original vulnerability, and prevent future attacks. The simple hardware modules work alongside a standard computer architecture and aid in attack detection, checkpoint creation, and attack recovery. Experimental results show minimal runtime overhead and resource utilization.