Detecting and countering system intrusions using software wrappers

Authors:
Calvin Ko;Timothy Fraser;Lee Badger;Douglas Kilpatrick
Affiliations:
NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.;NAI Labs, Network Associates, Inc.
Venue:
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Year:
2000

Citing 5
Cited 16

State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Classification and detection of computer intrusions

Classification and detection of computer intrusions
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Synthesizing fast intrusion prevention/detection systems from high-level specifications

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8

Secure Execution via Program Shepherding

Proceedings of the 11th USENIX Security Symposium
BlueBoX: A policy-driven, host-based intrusion detection system

ACM Transactions on Information and System Security (TISSEC)
Web application security assessment by fault injection and behavior monitoring

WWW '03 Proceedings of the 12th international conference on World Wide Web
Minos: Control Data Attack Prevention Orthogonal to Memory Model

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
A testing framework for Web application security assessment

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
ASM: application security monitor

ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
Hunting Trojan Horses

Proceedings of the 1st workshop on Architectural and system support for improving software dependability
NetHost-sensor: Monitoring a target host's application via system calls

Information Security Tech. Report
Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Exploiting concurrency vulnerabilities in system call wrappers

WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Secure isolation of untrusted legacy applications

LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
A testing framework for Web application security assessment

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A format-independent architecture for run-time integrity checking of executable code

SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Extending .NET security to unmanaged code

ISC'06 Proceedings of the 9th international conference on Information Security
Automatic OS kernel TCB reduction by leveraging compile-time configurability

HotDep'12 Proceedings of the Eighth USENIX conference on Hot Topics in System Dependability
A taint marking approach to confidentiality violation detection

AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125

Quantified Score

Hi-index	0.00

Visualization

Abstract

Designing a suitable confinement mechanism to confine untrusted applications is challenging as such a mechanism needs to satisfy conflicting requirements. The main trade-off is between ease of use and flexibility. In this paper, we present the design, ...