R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In Proc. 8th USENIX Security Symposium. USENIX Association, August 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....actually need to access the kernel and thus, reduces the system call overhead. In contrast with our approach, however, the Exokernel approach cannot be used directly in conventional operating systems. Finally, system call profiling has been used successfully for intrusion detection and prevention [7, 22]. In [7] short patterns of normal system call sequences are collected in a program. These sequences are then analyzed offline for pattern creation and anomaly detection. More recent work performs anomaly detection online. For example, 22] uses profiles to derive patterns that represent the ....

....successfully for intrusion detection and prevention [7, 22] In [7] short patterns of normal system call sequences are collected in a program. These sequences are then analyzed offline for pattern creation and anomaly detection. More recent work performs anomaly detection online. For example, [22] uses profiles to derive patterns that represent the normal execution of a program. At runtime, system calls are intercepted and matched with good behavior. If the sequences do not match, the offending program can be terminated. This work is similar in the sense that it relies on profiling and ....

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In Proceedings of the 8th USENIX Security Symposium, pages 63--78, Berkeley, CA, Aug 1999. Usenix Association.

....the backbone of its security 1 2 3 4 5 6 7 8 9 10 1K, FA 1K DM 2K, FA 2K DM 4K , FM 4K , DM Miss rate ( Instruction Cache Da a Cac he Figure 12: Cache miss rate for di#erent sizes of caches with direct mapped and fully associative organization. architecture is a sandbox [23]. Sekar and Uppuluri developed a security layer that includes a sandbox designed to protect the application against malicious users and the host from malicious applications [23] The main idea behind the firewalling technique for mobile code security is to conduct comprehensive examination of the ....

....miss rate for di#erent sizes of caches with direct mapped and fully associative organization. architecture is a sandbox [23] Sekar and Uppuluri developed a security layer that includes a sandbox designed to protect the application against malicious users and the host from malicious applications [23]. The main idea behind the firewalling technique for mobile code security is to conduct comprehensive examination of the provided mobile code at the very point where it enters the consumer domain. Several variants of the generic approach have emerged, but their e#ectiveness is not often ....

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. USENIX Security Symposium,pages 63--78, 1999.

....interface. While native methods are a convenient mechanism for running platform specific code, and for increasing overall system performance, they make security policy enforcement very difficult. One can address security in the presence of native methods by interception of system calls as done in [14], but we do not address this problem in this paper. Threads: Our current (preliminary) implementation does not handle multi threaded programs. To handle them, one needs to change deliver event so that the id of the current thread is passed along as an additional parameter. The thread id can be ....

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In Proceedings of the USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In Proc. 8th USENIX Security Symposium. USENIX Association, August 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention /detection systems from high-level specifications. In Proceedings of USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention /detection systems from high-level specifications. In Proceedings of the USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. USENIX Security Symposium, pages 63--78, 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. USENIX Security Symposium, pages 63--78, 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In Proc. 8th USENIX Security Symposium. USENIX Association, August 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention /detection systems from high-level specifications. In Proceedings of the USENIX Security Symposium, 1999.

.... N code used in Network Flight Recorder [55] P BEST used in SRI s EMERALD [36] RUSSEL used in ASAX [20] SNP L [68] GASSATA [43] the language used in IDIOT [9, 34, 33] the language used in Bro [51] the language used in Snort [56, 62] parallel environment grammars [32] JIGSAW [67] REE [59, 60], and ASL [58] Correlation languages describe the relations among separate events, possibly detected by a detection language, and attempt to reason abstract meaningful events from them. Examples of correlation languages are Honeywell s ARGUS [2] SRI s eBayes [69] STATL [13] SRI s P BEST [36] ....

....by a detection language, and attempt to reason abstract meaningful events from them. Examples of correlation languages are Honeywell s ARGUS [2] SRI s eBayes [69] STATL [13] SRI s P BEST [36] MuSigs [35] Roger and Goubault Larreq s linear time temporal logic [57] Uppuluri and Sekar s REE [59, 60], Sutekh from Pouzol and Ducasse [53, 54] Gerard s LaDAA language for generating ASAX rules [17] LAMBDA from Cuppens and Ortalo [10] and ADeLe from Michel and Me [44] STATL [13] is a detection language developed for attack specification in the STAT family of intrusion detection systems, ....

R. Sekar and P. Uppuluri. Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications. In Proceedings 8th Usenix Security Symposium, pages 63--78, Washington DC, 1999.

....this approach, they attempt to combine the advantages of misuse and anomaly detection. It should reach the accuracy of a misuse detection system and have the ability to deal with future attacks of anomaly detection. Their systems managed the detection by inspecting log files. This differs from [26], where a run time engine was developed to detect violations in real time. This approach is even capable of intercepting intrusions. Advantages More or less the same as for misuse detection. However these systems manage to detect some types classes of novel attacks. Additionally, they are more ....

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. Master's thesis, State University of New York at Stony Brook, NY 11794.

....intrusion detection technique in Section 2. Following this, we develop a methodology for specification development in Section 3. In Section 4, we report our experimental results. Section 5 further analyzes our results. Finally, we summarize our conclusions in Section 6. 2 Background In [8, 1] we described our approach to specification based intrusion detection. Central to our approach is the observation that intrusions manifest observable events that deviate from the norm. We extend the current state of the art in event based intrusion detection by developing a domain specific ....

....detection. Central to our approach is the observation that intrusions manifest observable events that deviate from the norm. We extend the current state of the art in event based intrusion detection by developing a domain specific language called behavioral monitoring specification language (BMSL) [8]. BMSL enables concise specifications of event based securityrelevant properties. These properties can capture either normal behavior of programs and systems, or misuse behaviors associated with known exploitations. Pfr. h#vt T #r Fr. ry T #r 8hyy D#r. prf# . Qhpxr# D#r. prf# . ....

[Article contains additional citation context not shown here]

R. Sekar and P. Uppuluri, Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications, USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri, Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications, USENIX Security Symposium, 1999.

No context found.

R Sekar and Prem Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri, Synthesizing Fast Intrusion Prevention/Detection Systems from High Level Specificiations, in Proceedings 8th Usenix Security Symposium, August 1999

No context found.

R. Sekar and P. Uppuluri, Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications, USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri, Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications, USENIX Security Symposium, 1999.

No context found.

R Sekar and Prem Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In Proceedings of the USENIX Security Symposium, pages 63--78, 1999.

No context found.

R Sekar and Prem Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In USENIX Security Symposium, 1999.

No context found.

R Sekar and Prem Uppuluri. Synthesizing fast intrusion prevention/detection systems from high-level specifications. In USENIX Security Symposium, 1999.

No context found.

R. Sekar and P. Uppuluri. Synthesizing fast intrusion prevention /detection systems from high-level specifications. In 8th USENIX Security Symposium, Washington, DC, August 1999.

No context found.

R. Sekar and P. Uppuluri, "Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications", Proc. 8th USENIX Security Symposium, Washington DC, Aug. 1999,

No context found.

R. Sekar and P. Uppuluri. "Synthesizing fast intrusion prevention/detection system from high-level specification". Proceedings of the 8th USENIX Security Symposium, Washington DC, Aug. 1999.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC