History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A lattice model of secure information flow
Communications of the ACM
Intrusion Detection via System Call Traces
IEEE Software
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Safe Virtual Execution Using Software Dynamic Translation
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Dynamic label binding at run-time
Proceedings of the 2003 workshop on New security paradigms
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Queue - Security
Efficient, transparent, and comprehensive runtime code manipulation
Efficient, transparent, and comprehensive runtime code manipulation
TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting
ISCC '06 Proceedings of the 11th IEEE Symposium on Computers and Communications
Using Valgrind to detect undefined value errors with bit-precision
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Intrusion detection using sequences of system calls
Journal of Computer Security
Proceedings of the 4th annual conference on Information security curriculum development
InfoSec technology management of user space and services through security threat gateways
Proceedings of the 4th annual conference on Information security curriculum development
LeakProber: a framework for profiling sensitive data leakage paths
Proceedings of the first ACM conference on Data and application security and privacy
Journal of Computer Security
| Hi-index | 0.00 |
HTH (Hunting Trojan Horses) is a security framework developed for detecting difficult types of intrusions. HTH is intended as a complement to anti-virus software in that it targets unknown and zero-day Trojan Horses and Backdoors. In order to accurately identify these types of attacks HTH utilizes runtime information available during execution. The information collected includes fine-grained information flow, program execution flow and resources used.In this paper we present Harrier, an Application Security Monitor at the heart of our HTH framework. Harrier is an efficient run-time monitor that dynamically collects execution-related data. Harrier is capable of collecting information across different abstraction levels including architectural, system and library APIs. To date, Harrier is 3-4 times faster than comparable information flow tracking systems.Using the collected information, Harrier allows for accurate identification of abnormal program behavior. Preliminary results show a good detection rate with a low rate of false positives.