Daniela Oliveira
Assistant Professor of Computer Science
| Phone | 798-4220 |
| Title | Assistant Professor |
| Department | Computer Science |
| Work Location | 220 Searles Science Building |
| doliveir@bowdoin.edu |
Spring 2012
- Introduction to Computer Science (CSCI 101)
- Introduction to Computer Science (CSCI 101L1)
- Introduction to Computer Science (CSCI 101L2)
- Computer Networks (CSCI 370)
Education
Ph.D 2010 University of California at Davis
MS 2001 Federal University of Minas Gerais, Brazil
BS 1999 Federal University of Minas Gerais, Brazil
Links
Professor Oliveira’s personal web page >>
Research
My research interests are leveraging virtual machine (VM) technology and collaboration between guest operating system and VM to address prevention, post-attack analysis and recovery from malware and remote attacks. I am also interested in applying online social networks in Cyber defense.
Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System
The traditional virtual machine usage model advocates placing security mechanisms in a trusted VM layer and letting the untrusted guest OS run unaware of the presence of virtualization. In this work we challenged this traditional model and proposed a collaboration approach between a virtualization-aware operating system and a VM layer to prevent tampering against kernel code and data. Our integrity model is a relaxed version of Biba integrity model and the main idea is to have all attempted writes into kernel code and data segments checked for validity at VM level. The OS-VM collaboration bridges the semantic gap between tracing low integrity objects at OS-level (files, processes, modules and allocated areas) and architecture-level (memory and registers). We have implemented this approach in a proof-of-concept prototype and have successfully tested it against 6 rootkits (including a non-control data attack) and 4 real-world benign LKM/drivers. All rootkits were prevented from corrupting kernel space and no false positive was triggered for benign modules. Performance measurements show that the average overhead to the VM for the OS-VM communication is low (7%, CPU benchmarks). The greatest overhead is caused by the memory monitoring module inside the VM: 1.38X alone and 1.46X when combined with the OS-VM communication. For OS microbenchmarks the slowdown for the OS-VM communication was 1.16X on average.
Automated Virtual Machine-based Full-System Recovery from Control-Flow Hijacking Attacks
Availability is difficult for systems to maintain in the face of Internet worms. Large systems have vulnerabilities, and if a system attempts to continue operation after an attack, it may not behave properly. Traditional mechanisms for detecting attacks disrupt service, and current recovery approaches are application-based and cannot guarantee recovery in the face of exploits that corrupt the kernel, involve multiple processes or target multithreaded network services. In this research work we presented Bezoar, an automated full-system virtual machine-based approach to recover from zero-day control-flow hijacking attacks. Bezoar tracks down the source of network bytes in the system and after an attack, replays the checkpointed run while ignoring inputs from the malicious source. We evaluated our proof-of-concept prototype on six notorious exploits for Linux and Windows. In all cases, it recovered the full system state and resumed execution. Bezoar incurs low overhead to the virtual machine: less than 1% for the recovery and log components and approximately 1.4X for the memory monitor component that tracks down network bytes, for five SPEC INT 2000 benchmarks.
VM-Based Full-System Replay for Attack Analysis and System Recovery
Log-based recovery and replay systems are important for system reliability, debugging and postmortem analysis/recovery of malware attacks. These systems must incur low space and performance overhead, provide full-system replay capabilities, and be resilient against attacks. Previous approaches fail to meet these requirements: they replay only a single process, or require changes in the host and guest OS, or do not have a fully-implemented replay component. In this research we studied full-system replay for uniprocessors by logging and replaying architectural events. To limit the amount of logged information, we identify architectural nondeterministic events, and encode them compactly. We presented ExecRecorder, a full-system, VM-based, log and replay framework for post-attack analysis and recovery. ExecRecorder can replay the execution of an entire system by checkpointing the system state and logging architectural nondeterministic events, and imposes low performance overhead (less than 4% on average). In our evaluation its log files grow at about 5.4 GB/hour (arithmetic mean). Thus it is practical to log on the order of hours or days between checkpoints. It can also be integrated naturally with an Intrusion Detection System (IDS) and a post-attack analysis tool for intrusion analysis and recovery.
Publications (Peer Reviewed)
Daniela Alvim Seabra de Oliveira and S. Felix Wu. Protecting Kernel Code and Data with a Virtualization-Aware Collaborative Operating System . Annual Computer Security Applications Conference (ACSAC). Honolulu, Hawaii. December 2009. (<20%) pdf
Jedidiah R. Crandall, John Brevik, Shaozhi Ye, Gary Wassermann, Daniela A.S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. Putting Trojans on the Horns of a Dilemma: Redundancy for Information Theft Detection . Special Issue on Security in Computing of the Transactions on Computational Sciences Journal (Springer LNCS).pdf
Ryan Iwahashi, Daniela Oliveira, S. Felix Wu, Jedidiah Crandall, Young-Jun Heo, Jin-Tae Oh, and Jong-Soo Jang. Towards Automatically Generating Double-Free Vulnerability Signatures Using Petri Nets . 11th Information Security Conference (ISC 2008). Taipei, Taiwan. September 2008. pdf
Daniela A.S. de Oliveira, Jedidiah R. Crandall, Gary Wassermann, Shaozhi Ye, Felix Wu, Zhendong Su, and Frederic T. Chong. Bezoar: Automated Virtual Machine-based Full-System Recovery from Control-Flow Hijacking Attacks . 2008 IEEE/IFIP Network Operations and Management Symposium ( NOMS 2008 ) . Salvador-Bahia, Brazil. April 2008. (27%) pdf
Daniela A. S. de Oliveira, Jedidiah R. Crandall, Gary M. Wassermann, S. Felix Wu, Zhendong Su, and Frederic T. Chong. ExecRecorder: VM-Based Full-System Replay for Attack Analysis and System Recovery. Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006 with ASPLOS). October 21st , 2006. pdf
Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, and Frederic T. Chong. Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines . Twelfth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XII) . San Jose, CA. October 2006. (22%) pdf
My last name appears as "Santos" because I wasn't married at that time.
Daniela Alvim Seabra dos Santos, Bruno Santos Pimentel, Fabiana Trindade Machado, Gisele Silva Cardoso e Wilson de Padua Paula Filho. Personalization and Implementation of Quality Management Procedures in the Context of a Software Process Improvement Program (original work in Portuguese), in the Proceedings of the III Brazilian Symposium on Quality of Software (SBQS'2004). Brasilia, DF, Brazil. June 2004.
Daniela A. S. dos Santos, Alex Borges Vieira, Berthier Ribeiro-Neto and Sergio Vale Aguiar Campos. Performance Analysis and Optimization of a Distributed Video on Demand Service . 2003 IEEE International Symposium on Performance Analysis of Systems and Software, Austin, Texas, USA. March 2003.
Daniela A. S. dos Santos , Alex Borges, Matheus Ribeiro, Joao Caram, Berthier Ribeiro-Neto and Sergio Campos. Architectures for a New Generation of VoD Servers (original work in Portuguese), in the Proceedings of the VIII Brazilian Symposium on Multimedia and Hypermedia Systems (SBMIDIA 2002). Fortaleza, CE, Brazil. October 2002.
Lucio Mauro Pereira, Berthier Ribeiro-Neto and Daniela A. S. dos Santos. Performance Analysis of a Video Server in Multiple Resolutions (original work in Portuguese), in the Proceedings of the VIII Brazilian Symposium on Multimedia and Hypermedia Systems (SBMIDIA 2002). Fortaleza, CE, Brazil. October 2002.
Daniela A. S. dos Santos, Berthier Ribeiro-Neto and Sergio V. A. Campos. Performance Analysis of a Distributed Video on Demand Service (original work in Portuguese), in the Proceedings of the VII Brazilian Symposium on Multimedia and Hypermedia Systems (SBMIDIA 2001). Florianopolis, SC, Brazil. October 2001.
Daniela A. S. dos Santos, Marcio T. Oliveira, Reuber G. Duarte, Antonio Alfredo F. Loureiro, Geraldo Robson Mateus and Berthier Ribeiro-Neto. Adaptive Exhibition of MPEG Video for Mobile Environments (original work in Portuguese), in the Proceedings of the III Brazilian Workshop on Wireless Communication and Mobile Computing. Recife, PE, Brazil. August 2001.
Master thesis (2001): Title: Performance Analysis of a Distributed Video on Demand Service. Advisor: Prof. Berthier Ribeiro-Neto (PhD, University of California, Los Angeles, 1995), Co-Advisor: Prof. Sergio Vale Aguiar Campos (PhD, Carnegie Mellon University, 1997).
Luciano Bertini, Sergio V. A. Campos, George L. Jamil, Autran Macedo, Berthier Ribeiro-Neto, Claudemberg F. Santos and Daniela A. S. dos Santos. Performance Analysis of the ALMADEM-VoD Video Server (original work in Portuguese), in the Proceedings of the V Brazilian Symposium on Multimedia and Hypermedia Systems (SBMIDIA 99). Goiania, GO, Brazil. June 1999.
A - Z Index | Directory | Help
Send Feedback | Print Page
Connect on Bowdoin Social »
Bowdoin College · Brunswick, Maine · 04011 · 207-725-3000