IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JRes: a resource accounting interface for Java
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Dynamic class loading in the Java virtual machine
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Securing Java: getting down to business with mobile code
Securing Java: getting down to business with mobile code
The Jalapeño dynamic optimizing compiler for Java
JAVA '99 Proceedings of the ACM 1999 conference on Java Grande
Programming languages as operating systems (or revenge of the son of the lisp machine)
Proceedings of the fourth ACM SIGPLAN international conference on Functional programming
Nested Java processes: OS structure for mobile code
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Practicing JUDO: Java under dynamic optimizations
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
A certifying compiler for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Experiences building a communication-oriented JavaOS
Software—Practice & Experience
Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Termination in language-based systems
ACM Transactions on Information and System Security (TISSEC)
Programming and Deploying Java Mobile Agents Aglets
Programming and Deploying Java Mobile Agents Aglets
Java Virtual Machine Specification
Java Virtual Machine Specification
The Java Language Specification
The Java Language Specification
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
An Intrusion Detection System for Aglets
MA '02 Proceedings of the 6th International Conference on Mobile Agents
Coupling on-line and off-line profile information to improve program performance
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
IBM Systems Journal
Luna: a flexible Java protection system
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Processes in KaffeOS: isolation, resource management, and sharing in java
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Techniques for the design of java operating systems
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Implementing multiple protection domains in java
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Java™ access control mechanisms
Java™ access control mechanisms
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
Enhancing Java security with history based access control
Foundations of security analysis and design IV
| Hi-index | 0.00 |
The Java Virtual Machine (JVM) is evolving as an infrastructure for the efficient execution of large-scale, network-based applications. To enable secure execution in this environment, industrial and academic efforts have implemented extensive support for verification of type-safety, authentication, and access control. However, JVMs continue to lack intrinsic support for intrusion detection. Existing operating system auditing facilities and host-based intrusion detection systems operate at the process level, with the assumption that one application is mapped onto one process. However, in many cases, multiple Java applications are executed concurrently as threads within a single JVM process. As such, it is difficult to analyze the behavior of Java applications using the corresponding OS-level audit trail. In addition, the malicious actions of a single Java application may trigger a response that disables an entire execution environment. To overcome these limitations, we have developed a thread-level auditing facility for the Java Virtual Machine and an intrusion detection tool that uses audit data generated by this facility to detect attacks by malicious Java code. This paper describes the JVM auditing mechanisms, the intrusion detection tool, and the quantitative evaluation of their performance.