Communications of the ACM
UNIX network programming
Internetworking with TCP/IP (2nd ed.), vol. I
Internetworking with TCP/IP (2nd ed.), vol. I
A survey of intrusion detection techniques
Computers and Security
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Operating system enhancements to prevent the misuse of system calls
Proceedings of the 7th ACM conference on Computer and communications security
On Preventing Intrusions by Process Behavior Monitoring
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Assuring Distributed Trusted Mach
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Providing policy control over object operations in a mach based system
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
SLIC: an extensibility system for commodity operating systems
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
BlueBoX: A policy-driven, host-based intrusion detection system
ACM Transactions on Information and System Security (TISSEC)
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Protecting host-based intrusion detectors through virtual machines
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic high-performance reconstruction and recovery
Computer Networks: The International Journal of Computer and Telecommunications Networking
Flexible and efficient sandboxing based on fine-grained protection domains
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Enforcement of integrated security policy in trusted operating systems
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Salvia: a privacy-aware operating system for prevention of data leakage
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
HSP: A solution against heap sprays
Journal of Systems and Software
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Message filters for hardening the Linux kernel
Software—Practice & Experience
An automatic intrusion diagnosis approach for clouds
International Journal of Automation and Computing
Design and implementation of an extended reference monitor for trusted operating systems
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Improving host-based IDS with argument abstraction to prevent mimicry attacks
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Enforcing the principle of least privilege with a state-based privilege control model
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
A novel intrusion severity analysis approach for Clouds
Future Generation Computer Systems
InkTag: secure applications on an untrusted operating system
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
A taint marking approach to confidentiality violation detection
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
| Hi-index | 0.00 |
We present a detailed analysis of the UNIX system calls and classify them according to their level of threat with respect to system penetration. Based on these results, an effective mechanism is proposed to control the invocation of critical, from the security viewpoint, system calls. The integration into existing UNIX operating systems is carried out by instrumenting the code of the system calls in such a way that the execution is granted only in the case where the invoking process and the value of the arguments comply with the rules held in an access control database. This method does not require changes in the kernel data structures and algorithms. All kernel modifications are transparent to the application processes that continue to work correctly with no need of source code changes or recompilation. A working prototype has been implemented as a loadable kernel module for the Linux operating system. The prototype is able to detect and block any attacks by which an intruder tries to gain direct access to the system as a privileged user.