Realization of dynamic behavior using remotely verifiable n-call slides in Unix process execution trace

Authors:
Roslan Ismail;Toqeer Ali Syed;Shahrulniza Musa;Mohammad Nauman;Sohail Khan
Affiliations:
Universiti Kuala Lumpur, Malaysia;Universiti Kuala Lumpur, Malaysia;Universiti Kuala Lumpur, Malaysia;Universiti Kuala Lumpur, Malaysia;Universiti Kuala Lumpur, Malaysia
Venue:
Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication
Year:
2013

Citing 13
Cited 0

Intrusion detection

Intrusion detection
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
PRIMA: policy-reduced integrity measurement architecture

Proceedings of the eleventh ACM symposium on Access control models and technologies
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Intrusion detection using sequences of system calls

Journal of Computer Security
Linux kernel integrity measurement using contextual inspection

Proceedings of the 2007 ACM workshop on Scalable trusted computing
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)

Proceedings of the 14th ACM conference on Computer and communications security
Flicker: an execution infrastructure for tcb minimization

Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Remote attestation on program execution

Proceedings of the 3rd ACM workshop on Scalable trusted computing
Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks

Proceedings of the 2009 ACM workshop on Scalable trusted computing
Exploiting execution context for the detection of anomalous system calls

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Detecting motifs in system call sequences

WISA'07 Proceedings of the 8th international conference on Information security applications
A sense of self for Unix processes

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Trusted computing presents a technique called remote attestation which helps in verifying the trustworthiness of a client's system. Generally known and mostly used methods to verify a target system's integrity are mostly static in nature. For the purpose of mitigating this problem many approaches have been presented. However, none of these are feasible either because of implementation complexity or because of an unrealistically high bandwidth requirement. In this paper, we propose STIDE-R, an approach that utilizes the concepts of the seminal work presented by STIDE -- a technique that measures the behavior of an application based on the sequence of system calls made. We focus on how to shorten the length of data that needs to be reported to the challenger. The principle advantage achieved is detection of zero-day malware at a remote system without incurring infeasible performance overhead. Further, the proposed architecture considers two dimensions as the most important for successful implementation of dynamic behavior attestation. These are to minimize the processing time on the target remote platform and to tackle the network overhead efficiently.