A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors

First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI:10.1109/IWIAS.2003.1192456

R. Chinchani, S. Upadhyaya, K. Kwiat

{"title":"A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors","authors":"R. Chinchani, S. Upadhyaya, K. Kwiat","doi":"10.1109/IWIAS.2003.1192456","DOIUrl":null,"url":null,"abstract":"Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. We provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"163 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIAS.2003.1192456","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

Abstract

Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. We provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.

查看原文本刊更多论文

一个防篡改框架，用于使用进程监视器明确检测用户空间中的攻击

复制和冗余技术依赖于这样的假设，即大多数组件始终是安全的，并且使用投票来解决任何歧义。在攻击和入侵的背景下，这种假设可能是不合理的。入侵者可以破坏任意数量的服务可用副本，从而产生错误的安全感觉。基于内核的方法已经被证明是非常有效的，但是如果任何代码更改都在关键路径上，它们会导致性能影响。我们提供了一种由进程监视器组成的替代用户空间机制，通过这种机制可以明确地监视这些用户空间守护进程，而不会造成严重的性能影响。声称提供这种特性的框架本身必须具有防篡改攻击的能力。我们从理论上分析和比较了一些相关的方案，并证明了它们的错误性。我们提出了自己的框架，该框架基于图论的一些简单原理和拓扑容错的良好基础概念，并表明它不仅可以明确地检测到对服务的任何此类攻击，而且很难破坏。我们还提出了一些初步结果作为概念的证明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.

自引率

0.00%

发文量