Adaptive A3 Antivirus independently detected and fixed ShellShock vulnerability in 4 minutes
IT specialists from the University of Utah have created a software package that not only detects and removes previously unknown viruses, but also corrects the consequences of their work. The project, called A3 (Advanced Adaptive Applications, and in our opinion, Advanced Adaptive Programs, P3) works with virtual machines running on servers.
Unlike the usual antivirus, which has a catalog of viruses, by which it tries to find and neutralize malware, A3 tracks the work of the virtual machine and notes when something goes wrong (recognizes suspicious and unusual behavior of the system). One of the project's programs records the state of the virtual machine and, if necessary, can unwind the record for analysis and correction.
In “demonstrations”, the A3 recognized the Shellshock attack (the infamous bash bug ) and fixed the consequences on a running server in just 4 minutes.
The program performance report provides details on how to work with this vulnerability. After attempting to use the vulnerability on the test server
')
A3 protection system worked (an attempt to gain access to the forbidden directory). A3 scanned the work of the virtual machine in 2 minutes, found a forbidden call, and it took him another 1.5 minutes to find the problem in the Bash source code. After that, A3 patched bash, disabling the functionality leading to the problem, and the virtual machine continued to work in normal mode.
Erik Eide, a representative of the institute, said in an interview on the institute's website : “It's great that the program can quickly and without human participation find an acceptable solution and fix a serious and very common problem in security. It's cool that you can choose the “vulnerability of the week” and the program copes with it. ”
While the project is in the “proof of concept” stage, and the developers are considering the possibility of using it on real cloud services. It is potentially possible to use such software on cloud hosting like Amazon: if the virus stops or breaks the virtual performance, the program can fix it and start it again automatically. The project is not yet considered as software for home use, although in principle this is not excluded.
The A3 project is part of an extensive program from DARPA called CRASH (an abbreviation for “developing reliable, adaptive, secure servers from scratch”), within which they are trying to come up with a more secure global network option.
The project has open source code - anyone can read the details on the project page .
Unlike the usual antivirus, which has a catalog of viruses, by which it tries to find and neutralize malware, A3 tracks the work of the virtual machine and notes when something goes wrong (recognizes suspicious and unusual behavior of the system). One of the project's programs records the state of the virtual machine and, if necessary, can unwind the record for analysis and correction.
In “demonstrations”, the A3 recognized the Shellshock attack (the infamous bash bug ) and fixed the consequences on a running server in just 4 minutes.
The program performance report provides details on how to work with this vulnerability. After attempting to use the vulnerability on the test server
')
GET /appstore/index.php HTTP/1.1 User-Agent: () { :;}; /bin/cat /home/mitll/passwd > /tmp/hello.txt Host: 155.98.38.76:7701 Accept: */* A3 protection system worked (an attempt to gain access to the forbidden directory). A3 scanned the work of the virtual machine in 2 minutes, found a forbidden call, and it took him another 1.5 minutes to find the problem in the Bash source code. After that, A3 patched bash, disabling the functionality leading to the problem, and the virtual machine continued to work in normal mode.
Erik Eide, a representative of the institute, said in an interview on the institute's website : “It's great that the program can quickly and without human participation find an acceptable solution and fix a serious and very common problem in security. It's cool that you can choose the “vulnerability of the week” and the program copes with it. ”
While the project is in the “proof of concept” stage, and the developers are considering the possibility of using it on real cloud services. It is potentially possible to use such software on cloud hosting like Amazon: if the virus stops or breaks the virtual performance, the program can fix it and start it again automatically. The project is not yet considered as software for home use, although in principle this is not excluded.
The A3 project is part of an extensive program from DARPA called CRASH (an abbreviation for “developing reliable, adaptive, secure servers from scratch”), within which they are trying to come up with a more secure global network option.
The project has open source code - anyone can read the details on the project page .
Source: https://habr.com/ru/post/356568/
All Articles