ACM Transactions on Information and System Security (TISSEC)
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Experiences with Specification-Based Intrusion Detection
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Noninterference and Intrusion Detection
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
ICDCS '96 Proceedings of the 16th International Conference on Distributed Computing Systems (ICDCS '96)
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Generic Approach to the Security of Multi-Threaded Programs
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Distributed intrusion detection in clusters based on non-interference
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Some ideas on virtualized system security, and monitors
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
| Hi-index | 0.00 |
This paper presents a novel approach to policy-based detection of "attacks by delegation". By exploiting unpredictable behaviour such as unknown side-effects, race-conditions, buffer overflows, confused deputies etc., these attacks aim at achieving their goals (i.e. executing some illegal operation) as legal consequences of other legitimate operations. The proposed approach enforces restrictions on whether an operation can be executed as a consequence of another, in order to detect that kind of attacks. We propose a proof-of-concept application to a Unix system and show its ability to detect novel attack scenarii that seek the same intrusion goals.