Noninterference and Intrusion Detection

  • Authors:
  • Calvin Ko;Timothy Redmond

  • Affiliations:
  • -;-

  • Venue:
  • SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
  • Year:
  • 2002

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper presents an intrusion detection methodology based on the concept of noninterference for detecting race-condition attacks. In general, this type of attack occurs when an unprivilege process causes a privilege process to perform illegal operations by executing strategic operations in the appropriate timing window. We apply the non-interference model in a novel way that allows us to formally represent valid interleaving between privilege and unprivilege processes. Instead of proving a system satis?es noninterference assertions, we derive an algorithm for checking the assertions at run-time based on the developed theory and a formal model of Unix system calls. Our methodology can detect unknown race-condition attacks. In addition, this work provides an example of the application of formal speci?cation and reasoning in intrusion detection.