Intrusion detection
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Intrusion detection using sequences of system calls
Journal of Computer Security
Linux kernel integrity measurement using contextual inspection
Proceedings of the 2007 ACM workshop on Scalable trusted computing
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Remote attestation on program execution
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Detecting motifs in system call sequences
WISA'07 Proceedings of the 8th international conference on Information security applications
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Hi-index | 0.00 |
Trusted computing presents a technique called remote attestation which helps in verifying the trustworthiness of a client's system. Generally known and mostly used methods to verify a target system's integrity are mostly static in nature. For the purpose of mitigating this problem many approaches have been presented. However, none of these are feasible either because of implementation complexity or because of an unrealistically high bandwidth requirement. In this paper, we propose STIDE-R, an approach that utilizes the concepts of the seminal work presented by STIDE -- a technique that measures the behavior of an application based on the sequence of system calls made. We focus on how to shorten the length of data that needs to be reported to the challenger. The principle advantage achieved is detection of zero-day malware at a remote system without incurring infeasible performance overhead. Further, the proposed architecture considers two dimensions as the most important for successful implementation of dynamic behavior attestation. These are to minimize the processing time on the target remote platform and to tackle the network overhead efficiently.