Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Understanding The Linux Kernel
Understanding The Linux Kernel
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
Usable Mandatory Integrity Protection for Operating Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
lmbench: portable tools for performance analysis
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Authorizing applications in singularity
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
ACM Transactions on Information and System Security (TISSEC)
BLADE: an attack-agnostic approach for preventing drive-by malware infections
Proceedings of the 17th ACM conference on Computer and communications security
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
A VMM-Based System Call Interposition Framework for Program Monitoring
ICPADS '10 Proceedings of the 2010 IEEE 16th International Conference on Parallel and Distributed Systems
DroidBarrier: know what is executing on your android
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Main stream operating system kernels lack a strong and reliable mechanism for identifying the running processes and binding them to the corresponding executable applications. In this paper, we address the identification problem by proposing a novel secure application identification model in which user-level applications are required to present identification proofs at run time to be authenticated to the kernel. In our model, applications are supplied with unique secret keys. The secret key of an application is registered with a trusted kernel at the installation time and is used to uniquely authenticate the application. We present a protocol for the secure authentication of applications. Additionally, we develop a system call monitoring architecture that uses our model to verify the identity of applications when making designated system calls. Our system call monitoring can be integrated with existing mandatory access control systems to enforce application-level access rights. We implement and evaluate a prototype of our monitoring architecture in Linux as device drivers with no modification of the kernel. The results from our extensive performance evaluation shows that our prototype incurs low overhead, indicating the feasibility of our approach for cryptographically identifying and authenticating applications in the operating system.