T. Garfinkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In Proc. Network and Distributed Systems Security Symposium, February 2003. Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
Improving Host Security with System Call Policies - Provos (2002) (24 citations) (Correct)
....to change their working directory or call chroot because Janus can not keep track of the application s changed state. Janus has evolved signi cantly over time and its latest version uses a hybrid approach similar to Systrace to get direct control of system call processing in the operating system [17]. One particularly dicult problem in application con nement are symlinks, which can be used to redirect lesystem access almost arbitrarily. Gar nkel introduces safe calling sequences that do not follow any symlinks. The approach uses an extension to the open system call that is speci c to the ....
....systems based on system call interposition. 6. 1 Security Analysis To enforce security policies e ectively by system call interposition, we need to resolve the following challenges: incorrectly replicating OS semantics, resource aliasing, lack of atomicity, and side e ects of denying system calls [17, 31, 33]. We brie y explain their nature and discuss how we address them. The sandboxing tool needs to track operating system state in order to reach policy decisions. Systrace, for example, has to keep track of process uids and the lename of the program binary the monitored process is executing. In ....
Tal Gar nkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the ISOC Symposium on Network and Distributed System Security, 2003. To appear.
Secure Execution Environment via Program Shepherding - Kiriansky (2003) (Correct)
....of violations of the memory and execution model assumed in the analyses [60] Our system may be used to complement these approaches and enforce the execution model of the application. Most host based intrusion detection systems focus on the sequences of system calls executed by an application [24, 30, 27, 50, 62, 40]. The mimicry attacks introduced [62] and further analyzed by Wagner [64] show how attackers can easily evade existing intrusion detection at the system call level by introducing undetected sequences of system calls. Our example from Section 5.4.2 is an information ow [32] mimicry attack. While ....
Tal Gar nkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In Proc. Network and Distributed Systems Security Symposium, February 2003.
Ostia: A Delegating Architecture for Secure System Call.. - Tal Garfinkel Ben (2003) (1 citation) Self-citation (Garfinkel) (Correct)
No context found.
T. Garfinkel. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proc. Network and Distributed Systems Security Symposium, February 2003.
Ubiquitous Redirection as Access Control Response - George Bakos Gbakos (2005) (Correct)
No context found.
T. Garfinkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In Proc. Network and Distributed Systems Security Symposium, February 2003.
The Entropia Virtual Machine for Desktop Grids - Brad Calder Andrew (1 citation) (Correct)
No context found.
T. Garfinkel. Traps and pitfalls: Practical problems in system call interposition based security tools. In Internet Society's 2003.
Countering Network Worms through Automatic Patch Generation - Sidiroglou, Keromytis (2003) (12 citations) (Correct)
No context found.
T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163--176, February 2003.
Secure Isolation and Migration of Untrusted Legacy Applications - Jason (2004) (1 citation) (Correct)
No context found.
T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proc. Network and Distributed Systems Security Symposium, Feb. 2003.
Countering Network Worms through Automatic Patch Generation - Sidiroglou, Keromytis (2003) (12 citations) (Correct)
No context found.
T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163--176, February 2003.
Deploying Complex Applications in Unfriendly Distributed.. - Thain, Klous, al. (Correct)
No context found.
Garfinkel, T.: 2003, `Traps and Pitfalls: Practical Problems in in System Call Interposition based Security Tools'. In: Proceedings of the Network and Distributed Systems Security Symposium.
A Network Worm Vaccine Architecture - Stelios Sidiroglou Stelios (2003) (4 citations) (Correct)
No context found.
T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163--176, February 2003.
Countering Network Worms through Automatic Patch Generation - Sidiroglou, Keromytis (2003) (12 citations) (Correct)
No context found.
T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163--176, February 2003.
Parrot: An Application Environment for Data-Intensive Computing - Thain, Livny (Correct)
No context found.
T. Garfinkel, Traps and pitfalls: Practical problems in in system call interposition based security tools, in Proceedings of the Network and Distributed Systems Security Symposium, February 2003.
Using Minix to Teach Computer Security Courses - Wenliang Du And (Correct)
No context found.
T. Garfinkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In Proceedings of the Network and Distributed Systems Security Symposium, February 2003.
Improving Host Security with System Call Policies - Provos (2002) (24 citations) (Correct)
No context found.
Tal Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the ISOC Symposium on Network and Distributed System Security, 2003. 2, 8
Parrot: Transparent User-Level Middleware for Data Intensive.. - Thain, Livny (2003) (Correct)
No context found.
T. Garfinkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In Proceedings of the Network and Distributed Systems Security Symposium, February 2003.
Deploying Complex Applications in Unfriendly Distributed.. - Thain, Klous, al. (2004) (Correct)
No context found.
Garfinkel, T.: 2003, `Traps and Pitfalls: Practical Problems in in System Call Interposition based Security Tools'. In: Proceedings of the Network and Distributed Systems Security Symposium.
SQLrand: Preventing SQL Injection Attacks - Boyd, Keromytis (2004) (4 citations) (Correct)
No context found.
T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163--176, February 2003.
Parrot: An Application Environment for Data-Intensive Computing - Thain, Livny (Correct)
No context found.
T. Garfinkel, Traps and pitfalls: Practical problems in in system call interposition based security tools, in Proceedings of the Network and Distributed Systems Security Symposium, February 2003.
Parrot: Transparent User-Level Middleware for Data-Intensive.. - Thain, Livny (2003) (Correct)
No context found.
T. Garfinkel. Traps and pitfalls: Practical problems in in system call interposition based security tools. In Proceedings of the Network and Distributed Systems Security Symposium, February 2003.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC