Internetworking with TCP/IP: volume III: client-server programming and applications (Windows sockets version)
On Preventing Intrusions by Process Behavior Monitoring
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Improving address space randomization with a dynamic offset randomization technique
Proceedings of the 2006 ACM symposium on Applied computing
Address-space layout randomization using code islands
Journal of Computer Security - Best papers of the Sec Track at the 2006 ACM Symposium
| Hi-index | 0.00 |
We present the design and implementation of a cost-effective mechanism which controls the invocation of critical, from the security viewpoint, system calls. The integration into existing UNIX operating systems is carried out by instrumenting the code of the system calls so that the system call itself once invoked checks to see whether the invoking process and the argument values passed comply with the rules held in an access control database. A working prototype able to detect and block buffer overflow attacks is available as a small set of "patches" to the Linux operating system kernel source.