Undo computing

The goal of the undo computing project is to help users and administrators restore system integrity after an intrusion, by retroactively undoing changes made by an adversary during the attack, along with any side effects, while preserving legitimate user actions.

The key problem in undoing the attack is to undo only the attacker's changes, and to preserve all legitimate user changes, with minimal user involvement. Our approach is to record a system-wide dependency graph that tracks dependencies between computations in the system over time, such as processes and system calls, during normal operation. When an intrusion is detected, the administrator uses the dependency graph to track down the attack to its source, such as the attacker's initial network connection. Then, given the source, we first undo the attack's direct effects, and then use the dependency graph to recursively re-execute legitimate computations, such as processes or system calls, that might have been affected by the attack, in order to undo the attack's indirect effects while preserving legitimate changes.



Other articles


Coming soon.