Results 1 - 10
of
182
Checking for Race Conditions in File Accesses
- COMPUTING SYSTEMS
, 1996
"... Flaws due to race conditions in which the binding of a name to an object changes between repeated references occur in many programs. We examine one type of this flaw in the UNIX operating system, and describe a semantic method for detecting possible instances of this problem. We present the results ..."
Abstract
-
Cited by 148 (3 self)
- Add to MetaCart
Flaws due to race conditions in which the binding of a name to an object changes between repeated references occur in many programs. We examine one type of this flaw in the UNIX operating system, and describe a semantic method for detecting possible instances of this problem. We present the results of one such analysis in which a previously undiscovered race condition flaw was found.
Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection
- SOFTWARE ENGINEERING, IEEE TRANSACTIONS ON
, 2002
"... We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarkin ..."
Abstract
-
Cited by 117 (4 self)
- Add to MetaCart
We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarking, a process that makes it possible to determine the origin of software. A defense against tampering is tamper-proofing, so that unauthorized modifications to software (for example, to remove a watermark) will result in nonfunctional code. We briefly survey the available technology for each type of defense.
THE INLINED REFERENCE MONITOR APPROACH TO SECURITY POLICY ENFORCEMENT
, 2004
"... Embedding security enforcement code into applications is an alternative to tradi-tional security mechanisms. This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems. IRMs enable flexible general-purpose e ..."
Abstract
-
Cited by 99 (1 self)
- Add to MetaCart
Embedding security enforcement code into applications is an alternative to tradi-tional security mechanisms. This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems. IRMs enable flexible general-purpose enforcement of security policies, and they are especially well suited for extensible systems and other non-traditional platforms. IRMs can exhibit similar, or even better, performance than previous approaches and can help increase assurance by contributing little to the size of a trusted computing base. Moreover, IRMs ’ agility in distributed settings allows for their cost-effective and trustworthy deployment in many scenarios. In this dissertation, IRM implementations are derived from formal automata-based specifications of security policies. Then, an IRM toolkit for Java is described in detail. This Java IRM toolkit uses an imperative policy language that allows a security policy, in combination with the details of its enforcement, to be given in a single complete specification. Various example policies, including the stack-inspection policy of Java, illustrate the approach. These examples shed light on
A Taxonomy of Botnet Structures
- In Proc. of the 23 Annual Computer Security Applications Conference (ACSAC'07
, 2007
"... We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using the performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In pa ..."
Abstract
-
Cited by 81 (4 self)
- Add to MetaCart
(Show Context)
We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using the performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In particular, our models show that for scale free botnets, targeted responses are particularly effective. Further, botmasters ’ efforts to improve the robustness of scale free networks comes at a cost of diminished transitivity. Botmasters do not appear to have any structural solutions to this problem in scale free networks. We also show that random graph botnets (e.g., those using P2P formations) are highly resistant to both random and targeted responses. We evaluate the impact of responses on different topologies using simulation. We also perform some novel measurements of a P2P network to demonstrate the utility of our proposed metrics. Our analysis shows how botnets may be classified according to structure, and given rank or priority using our proposed metrics. This may help direct responses, and suggests which general remediation strategies are more likely to succeed. 1
The design of a COTS real-time distributed security kernel
- In Proceedings of the Fourth European Dependable Computing Conference
, 2002
"... Abstract. This paper describes the design of a security kernel called TTCB, which has innovative features. Firstly, it is a distributed subsystem with its own secure network. Secondly, the TTCB is real-time, that is, a synchronous subsystem capable of timely behavior. These two characteristics toget ..."
Abstract
-
Cited by 63 (33 self)
- Add to MetaCart
(Show Context)
Abstract. This paper describes the design of a security kernel called TTCB, which has innovative features. Firstly, it is a distributed subsystem with its own secure network. Secondly, the TTCB is real-time, that is, a synchronous subsystem capable of timely behavior. These two characteristics together are uncommon in security kernels. Thirdly, the TTCB can be implemented using only COTS components. We discuss essentially three things in this paper: (1) The TTCB is a simple component providing a small set of basic secure services. It aims at building a new style of protocols to achieve intrusion tolerance, which for the most part execute in insecure, arbitrary failure environments, and resort to the TTCB only in crucial parts of their operation. (2) Besides, the TTCB is a synchronous device supplying functions that may be an enabler of a new generation of timed secure protocols, until now known to be fragile due to attacks on timing assumptions. (3) Finally, we present a design methodology that establishes our hybrid failure assumptions in a well-founded manner. It helps us to achieve a robust design, despite using exclusively COTS components, with the advantage of allowing the security kernel to be easily deployed on widely used platforms. 1
Incentive-based modeling and inference of attacker intent, objectives, and strategies
- in Proc. of the 10th ACM Computer and Communications Security Conference (CCS’03
, 2003
"... Although the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this ..."
Abstract
-
Cited by 62 (0 self)
- Add to MetaCart
(Show Context)
Although the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game theoretic approach to infer AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game theoretic AIOS formalization which can capture the inherent inter-dependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how AIOS can be inferred in real world attack-defense scenarios.
A High-Performance Network Intrusion Detection System
- In Proceedings of the 6th ACM conference on Computer and communications security
, 1999
"... In this paper we present a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences. Our specification language is geared for a robust network intrusion detection by enforcing a strict type discipline via a combinatio ..."
Abstract
-
Cited by 46 (0 self)
- Add to MetaCart
In this paper we present a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences. Our specification language is geared for a robust network intrusion detection by enforcing a strict type discipline via a combination of static and dynamic type checking. Unlike most previous approaches in network intrusion detection, our approach can easily support new network protocols as information relating to the protocols are not hard-coded into the system. Instead, we simply add suitable type definitions in the specifications and define intrusion patterns on these types. We compile these specifications into a highperformance network intrusion detection system. Important components of our approach include efficient algorithms for patternmatching and information aggregation on sequences of network packets. In particular, our techniques ensure that the matching time is insensitive to the number of patterns characterizing different network intrusions, and that the aggregation operations typically take constant time per packet. Our system participated in an intrusion detection evaluation organized by MIT Lincoln Labs, where our system demonstrated its effectiveness (96% detection rate on low-level network attacks) and performance (real-time detection at 500Mbps), while producing very few false positives (0.05 to 0.1 per attack).
Reliable Identification of Bounded-length Viruses is NP-complete
, 2003
"... A virus is a program that replicates itself by copying its code into other files. A common virus protection mechanism involves scanning files to detect code patterns of known viruses. We prove that the problem of reliably identifying a bounded-length mutating virus is NP-complete by showing that a v ..."
Abstract
-
Cited by 44 (1 self)
- Add to MetaCart
A virus is a program that replicates itself by copying its code into other files. A common virus protection mechanism involves scanning files to detect code patterns of known viruses. We prove that the problem of reliably identifying a bounded-length mutating virus is NP-complete by showing that a virus detector for a certain virus strain can be used to solve the satisfiability problem. The implication of this result is that virus identification methods will be facing increasing strain as virus mutation and hosting strategies mature, and that different protection methods should be developed and employed.
The Dendritic Cell Algorithm
, 2007
"... Abstract. The Dendritic Cell Algorithm is an immune-inspired algorithm originally based on the function of natural dendritic cells. The original instantiation of the algorithm is a highly stochastic algorithm. While the performance of the algorithm is good when applied to large real-time datasets, i ..."
Abstract
-
Cited by 40 (14 self)
- Add to MetaCart
Abstract. The Dendritic Cell Algorithm is an immune-inspired algorithm originally based on the function of natural dendritic cells. The original instantiation of the algorithm is a highly stochastic algorithm. While the performance of the algorithm is good when applied to large real-time datasets, it is difficult to analyse due to the number of random-based elements. In this paper a deterministic version of the algorithm is proposed, implemented and tested using a port scan dataset to provide a controllable system. This version consists of a controllable amount of parameters, which are experimented with in this paper. In addition the effects are examined of the use of time windows and variation on the number of cells, both which are shown to influence the algorithm. Finally a novel metric for the assessment of the algorithms output is introduced and proves to be a more sensitive metric than the metric used with the original Dendritic Cell Algorithm. 1