Putting Trojans on the Horns of a Dilemma: Redundancy for Information Theft Detection

Authors:
Jedidiah R. Crandall;John Brevik;Shaozhi Ye;Gary Wassermann;Daniela A. Oliveira;Zhendong Su;S. Felix Wu;Frederic T. Chong
Affiliations:
Dept. of Computer Science, University of New Mexico,;Dept. of Mathematics and Statistics, California State University, Long Beach,;Dept. of Computer Science, University of California at Davis,;Dept. of Computer Science, University of California at Davis,;Dept. of Computer Science, University of California at Davis,;Dept. of Computer Science, University of California at Davis,;Dept. of Computer Science, University of California at Davis,;Dept. of Computer Science, University of California at Santa Barbara,
Venue:
Transactions on Computational Science IV
Year:
2009

Citing 27
Cited 1

A pump for rapid, reliable, secure communication

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
An entropy conservation law for testing the completeness of covert channel analysis

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Shared resource matrix methodology: an approach to identifying storage and timing channels

ACM Transactions on Computer Systems (TOCS)
A note on the confinement problem

Communications of the ACM
A comment on the confinement problem

SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Optical Time-Domain Eavesdropping Risks of CRT Displays

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
ReVirt: enabling intrusion analysis through virtual-machine logging and replay

ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Mode Security: An Infrastructure for Covert Channel Suppression

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Inside the Slammer Worm

IEEE Security and Privacy
Malicious Cryptography: Exposing Cryptovirology

Malicious Cryptography: Exposing Cryptovirology
RIFLE: An Architectural Framework for User-Centric Information-Flow Security

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Remote Physical Device Fingerprinting

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Belief in Information Flow

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
A Mathematical Theory of Communication

A Mathematical Theory of Communication
CADRE: Cycle-Accurate Deterministic Replay for Hardware Debugging

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
ExecRecorder: VM-based full-system replay for attack analysis and system recovery

Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Assessing security threats of looping constructs

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
New cache designs for thwarting software cache-based side channel attacks

Proceedings of the 34th annual international symposium on Computer architecture
Exploiting underlying structure for detailed reconstruction of an internet-scale event

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Timing analysis of keystrokes and timing attacks on SSH

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A simulation-based proof technique for dynamic information flow

Proceedings of the 2007 workshop on Programming languages and analysis for security
An information-theoretic model for adaptive side-channel attacks

Proceedings of the 14th ACM conference on Computer and communications security
Detecting covert timing channels: an entropy-based approach

Proceedings of the 14th ACM conference on Computer and communications security
Quantitative information flow as network flow capacity

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Tightlip: keeping applications from spilling the beans

NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible?

Proceedings of the 2010 workshop on New security paradigms

Quantified Score

Hi-index	0.01

Visualization

Abstract

Conventional approaches to either information flow security or intrusion detection are not suited to detecting Trojans that steal information such as credit card numbers using advanced cryptovirological and inference channel techniques. We propose a technique based on repeated deterministic replays in a virtual machine to detect the theft of private information. We prove upper bounds on the average amount of information an attacker can steal without being detected, even if they are allowed an arbitrary distribution of visible output states. Our intrusion detection approach is more practical than traditional approaches to information flow security. We show that it is possible to, for example, bound the average amount of information an attacker can steal from a 53-bit credit card number to less than a bit by sampling only 11 of the 253 possible outputs visible to the attacker, using a two-pronged approach of hypothesis testing and information theory.