The Time Machine: Smart operation-resilience in presence of attacks and failures

Logic bomb are hidden code lines intentionally added to the source code to enable input-triggered activation of a wide list of malicious features. Bombs have been used for decades and considered as the most dangerous kind of attacks. Detecting such bombs in large software modules is a very complicated if not an impossible task. In this paper, we present the Time Machine (TM). TM is a software management framework built to protect containerized software modules from such bombs. TM enables cloned containers to act in a time-delayed controlled environment to detect and circumvent activation events from triggering such bombs. TM relies on a smart "Bag of System Calls" monitoring module to detect even slight changes in the targeted software module behavior as an indication of bomb activation. In response, TM blocks the triggering event from reaching the clones, quarantine the bomb-activated module, use the clone as a replacement, and alert the system admin. Results showed that TM managed to protect such modules from undetectable bombs, with negligible impact on the module performance.