Improving Software Security with Concurrent Monitoring, Automated Diagnosis, and Self-shielding

Qiang Zeng
Research Assistant
Penn State University
SERC 306
Tuesday, February 24, 2015 - 11:00
Bill Gates said "Microsoft products are generally bug free," while in practice operating systems and service programs by vendors like Microsoft as well as open-source communities contain numerous bugs, which lead to dangerous security vulnerabilities. Innovative ideas and apparatus for hardening software will be presented. Novel non-blocking concurrent monitoring is proposed and implemented to detect attacks with high efficiency. Upon detection, diagnosis learns the attacking behaviors automatically. Finally, the software itself (i.e., no manual effort is involved) generates and applies precise patches instantly without changing software semantics. The end-to-end solution defeats dangerous attacks including Heartbleed with low overhead (< 7%).