See this document in CiteSeerX!

Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications (2003)  (Make Corrections)  (13 citations)
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar, Daniel C. DuVarney



  Home/Search   Context   Related

 
View or download:
sunysb.edu/seclab/pubs/pape...sosp03.ps
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  sunysb.edu/seclab/pubs/papers (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: This paper presents a new approach called model-carrying code (MCC) for safe execution of untrusted code. At the heart of MCC is the idea that untrusted code comes equipped with a concise highlevel model of its security-relevant behavior. This model helps bridge the gap between high-level security policies and low-level binary code, thereby enabling analyses which would otherwise be impractical. For instance, users can use a fully automated verification procedure to determine if the code... (Update)

Cited by:   More
Dataflow Anomaly Detection - Bhatkar, Chaturvedi, Sekar   (Correct)
Improving Attack Detection in Host-Based IDS by.. - Chaturvedi, Bhatkar.. (2005)   (Correct)
Context Sensitive Anomaly Monitoring of Process Control Flow.. - Xu, Du, Chapin (2004)   (Correct)

Active bibliography (related documents):   More   All
2.4:   Model-Carrying Code: A Practical Approach for Safe .. - Sekar.. (2003)   (Correct)
0.2:   One-way Isolation: An Effective Approach for.. - Sun, Liang, Sekar, .. (2005)   (Correct)
0.2:   Isolated Program Execution: An Application Transparent .. - Liang.. (2003)   (Correct)

Similar documents based on text:   More   All
0.4:   Efficient Techniques for Comprehensive Protection from.. - Bhatkar, Sekar, DuVarney (2005)   (Correct)
0.3:   SELF: a Transparent Security Extension for ELF Binaries - DuVarney, Bhatkar.. (2003)   (Correct)
0.3:   A Program Transformation Technique for Enforcement .. - Venkatakrishnan..   (Correct)

Related documents from co-citation:   More   All
9:   Intrusion detection via static analysis - Wagner, Dean - 2001
7:   Stackguard: Automatic adaptive detection and prevention of buffer-overflow attac.. - Cowan, Pu et al. - 1998
6:   Proof-carrying code - Necula - 1997

BibTeX entry:   (Update)

R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. DuVarney. Model-carrying code: A practical approach for safe execution of untrusted applications. In ACM Symposium on Operating System Principles (SOSP), Bolton Landing, New York, October 2003. http://citeseer.ist.psu.edu/article/sekar03modelcarrying.html   More

@misc{ sekar03modelcarrying,
  author = "R. Sekar and V. Venkatakrishnan and S. Basu and S. Bhatkar and D. DuVarney",
  title = "Model-carrying code: A practical approach for safe execution of untrusted
    applications",
  text = "R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. DuVarney. Model-carrying
    code: A practical approach for safe execution of untrusted applications.
    In ACM Symposium on Operating System Principles (SOSP), Bolton Landing,
    New York, October 2003.",
  year = "2003",
  url = "citeseer.ist.psu.edu/article/sekar03modelcarrying.html" }
Citations (may not include all citations):
1097   Automatic verification of finite-state concurrent systems us.. (context) - Clarke, Emerson et al. - 1986
566   Proof-carrying code - Necula - 1997
270   Bandera: extracting finite-state models from Java source cod.. - Corbett, Dwyer et al. - 2000
175   A secure environment for untrusted helper applications: conf.. - Goldberg, Wagner et al. - 1996
153   A note on the confinement problem - Lampson - 1973
142   A sense of self for UNIX processes - Forrest, Hofmeyr et al. - 1996
100   Checking system rules using system-specific (context) - Engler, Chelf et al. - 2000
92   Going beyond the sandbox: An overview of the new security ar.. - Gong, Mueller et al. - 1997
84   Data mining approaches for intrusion detection - Lee, Stolfo - 1997
81   SASI enforcement of security policies: A retrospective - Erlingsson, Schneider - 1999
75   Flexible policy directed code safety - Evans, Tywman - 1999
66   Enforceable security policies - Schneider - 2001
64   Detecting format-string vulnerabilities with type qualifiers - Shankar, Talwar et al. - 2001
63   Hardening COTS software with generic software wrappers - Fraser, Badger et al. - 1999
58   MOPS: an infrastructure for examining security properties of.. - Chen, Wagner - 2002
55   Available from http://www (context) - XSB, system - 2001
54   Intrusion detection via static analysis - Wagner, Dean - 2001
47   IRM enforcement of Java stack inspection - Erlingsson, Schneider - 2000
41   Protecting privacy using the decentralized label model - Myers, Liskov - 1999
35   Statically detecting likely buffer overflow vulnerabilities - Larochelle, Evans - 2001
35   Java pathfinder: Second generation of a Java model checker - Brat, Havelund et al. - 2000
34   Software model checking - extracting verification models fro.. - Holzmann, Smith - 1999
34   Synthesizing fast intrusion preventiondetection system from .. - Prem, fast et al. - 1999
33   Mining specifications - Ammons, Bodik et al. - 2002
28   Mapbox: Using parameterized behavior classes to confine appl.. - Acharya, Raje - 2000
26   Mimicry attacks on host-based intrusion detection systems - Wagner, Soto - 2002
24   The SLAM toolkit (context) - Ball, Rajamani - 2001
22   A simple method for extracting models from protocol code - Lie, Chou et al. - 2001
19   Untrusted hosts and confidentiality: Secure program partitio.. - Zdancewic, Zheng et al. - 2001
13   Anomaly detection using call stack information - Feng, Kolesnikov et al. - 2003
13   Temporal-safety proofs for systems code - Henzinger, Jhala et al. - 2002
9   The minimum consistency DFA problem cannot be approximated w.. (context) - Pitt, Warmuth - 1989
8   Using finite automata to mine execution data for intrusion d.. - Michael, Ghosh - 2000
8   Empowering mobile code using expressive security policies - Venkatakrishnan, Peri et al. - 2002
7   Intrusion DetectionPrevention Using Behavior Specification (context) - Intrusion, Using et al. - 2003
7   Building survivable systems: An integrated approach based on.. - Bowen, Chee et al. - 2000
6   state-based approaches to program-based anomaly detection (context) - Michael, Ghosh - 2003
5   A fast automaton-based approach for detecting anomalous prog.. (context) - Sekar, Bendre et al. - 2001
5   variable-length patterns for detecting suspicious process be.. (context) - Wespi, Debar et al. - 2000
4   Wolf --- a toolset for extracting models from C programs (context) - DuVarney, Iyer - 2002
4   An approach for secure software installation (context) - Venkatakrishnan, Sekar et al. - 2002
http://www.http-analyze.org/



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://seclab.cs.sunysb.edu/seclab/pubs/papers.htm):   More
A High-Performance Network Intrusion Detection System - Sekar, Guang, Verma, Shanbhag (1999)   (Correct)
Building Survivable Systems: An Integrated.. - Bowen, Chee.. (2000)   (Correct)
Automatic Generation of Buffer Overflow Attack Signatures: An.. - Liang, Sekar (2005)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC