Title: Process recovery by rollback and input modification
Authors: Yoshihiro Oyama; Takaaki Tomiyama
Addresses: Department of Informatics, The University of Electro-Communications, Chofu, Tokyo, Japan ' Department of Informatics, The University of Electro-Communications, Chofu, Tokyo, Japan
Abstract: An effective countermeasure against software vulnerability attacks is a security system that executes a process in a confined or monitored environment. This type of security system isolates compromised software from other software and thus minimises the influence of attacks. However, several problems occur when a security system, without taking any other action, terminates a process that violates a security policy or encounters a fault. In this paper, we propose ProcHealer, a security system that does not terminate the offending process, but instead rolls it back to the pre-violation or pre-fault state where the process can be restarted and remediated. Security policy violations and faults are often caused by anomalous external inputs. In the restarted execution, ProcHealer therefore provides the process with a modified version of the external input.
Keywords: operating systems; sandbox; checkpointing; rollback; self-healing; process-level virtualisation; ptrace; system call interception; security policy; process recovery; input modification; software vulnerability attacks.
DOI: 10.1504/IJCNDS.2015.070288
International Journal of Communication Networks and Distributed Systems, 2015 Vol.15 No.1, pp.61 - 83
Received: 06 Feb 2014
Accepted: 28 Feb 2015
Published online: 01 Jul 2015 *