Hörsaal -101, Informatik-Hauptgebäude (Geb. 50.34)
Am Fasanengarten 5, 76131 Karlsruhe
Campusplan | Google-Maps

This talk presents ClearView, a system that automatically creates patches for previously unknown security vulnerabilities in commercial off-the-shelf software. The patched program survives otherwise fatal attacks, and it provides uninterrupted service both during and after attacks.
ClearView first observes normal executions to learn the program's intended behavior.

ClearView correlates violations of this behavior with attacks, by using an
attack detector and run-time checking of the behavior. ClearView converts the
behavior differences into patches that may repair the behavior violation and
eliminate the exploited vulnerability. Finally, ClearView dynamically evaluates
each patch, distributing the most successful one.

ClearView was evaluated by being attacked by a hostile external Red Team. The result indicates that ClearView can successfully and automatically eliminate otherwise exploitable vulnerabilities in stripped Windows binaries.