Preventing race condition attacks on file-systems
Proceedings of the 2005 ACM symposium on Applied computing
Distributed intrusion detection in clusters based on non-interference
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Analysis of an Intelligent Agent Intrusion Response System
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Fixing races for fun and profit: how to abuse atime
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Parallelizing security checks on commodity hardware
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Portably solving file TOCTTOU races with hardness amplification
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Portably solving file races with hardness amplification
ACM Transactions on Storage (TOS)
Introducing reference flow control for detecting intrusion symptoms at the OS level
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Intrusion detection and security policy framework for distributed environments
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Transactions on computational science XI
Protecting applications against TOCTTOU races by user-space caching of file metadata
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Flow based interpretation of access control: detection of illegal information flows
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A taint marking approach to confidentiality violation detection
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
| Hi-index | 0.00 |
This paper presents an intrusion detection methodology based on the concept of noninterference for detecting race-condition attacks. In general, this type of attack occurs when an unprivilege process causes a privilege process to perform illegal operations by executing strategic operations in the appropriate timing window. We apply the non-interference model in a novel way that allows us to formally represent valid interleaving between privilege and unprivilege processes. Instead of proving a system satis?es noninterference assertions, we derive an algorithm for checking the assertions at run-time based on the developed theory and a formal model of Unix system calls. Our methodology can detect unknown race-condition attacks. In addition, this work provides an example of the application of formal speci?cation and reasoning in intrusion detection.