Overview
Explore a rapid response approach to neutralizing software vulnerabilities through Security Workarounds for Rapid Response (SWRRs) in this 20-minute IEEE conference talk. Learn how SWRRs leverage existing error-handling code to mitigate security risks during the window between vulnerability discovery and patch release. Discover the Talos system, which automatically instruments SWRRs into applications, and examine its effectiveness across five popular Linux server applications. Analyze the potential of SWRRs to safely mitigate 75.1% of vulnerabilities while maintaining functionality comparable to traditional configuration workarounds. Gain insights into static code analysis, deployment modes, and the challenges and advantages of this innovative security approach.
Syllabus
Intro
Prepatch Window
Bug Reports
Workarounds
Configuration workarounds
Objectives
Deployment modes
Challenges
Advantages
Static Code Analysis
Security
Courage
Average Talos
Conclusion
Interview
Taught by
IEEE Symposium on Security and Privacy