PANDAcap: A framework for streamlining collection of full-system traces

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

41 Downloads (Pure)

Abstract

Full-system, deterministic record and replay has proven to be an invaluable tool for reverse engineering and systems analysis. However, acquiring a full-system recording typically involves signifcant planning and manual effort. This represents a distraction from the actual goal of recording a trace, i.e. analyzing it. We present PANDAcap, a framework based on PANDA full-system record and replay tool. PANDAcap combines off-the-shelf and custom-built components in order to streamline the process of recording PANDA traces. More importantly, in addition to making the setup of one-off experiments easier, PANDAcap also caters to the streamlining of systematic repeatable experiments in order to create PANDA trace datasets. As a demonstration, we have used PANDAcap to deploy an ssh honeypot aiming to study the actions of brute-force ssh attacks.

Original languageEnglish
Title of host publicationEuroSec '20
Subtitle of host publicationProceedings of the 13th European Workshop on Systems Security
PublisherAssociation for Computing Machinery, Inc
Pages1-6
Number of pages6
ISBN (Electronic)9781450375238
DOIs
Publication statusPublished - 27 Apr 2020
Event13th European Workshop on Systems Security, EuroSec 2020 - Heraklion, Greece
Duration: 27 Apr 2020 → …

Conference

Conference13th European Workshop on Systems Security, EuroSec 2020
CountryGreece
CityHeraklion
Period27/04/20 → …

Keywords

  • Dataset
  • Docker
  • Framework
  • Honeypot
  • PANDA
  • Record and replay

Fingerprint

Dive into the research topics of 'PANDAcap: A framework for streamlining collection of full-system traces'. Together they form a unique fingerprint.

Cite this