发布求助
文献互助 智能选刊 最新文献

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)最新文献

筛选
英文 中文
Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine Java虚拟机中的细粒度信息流分析和执行
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.37
Deepak Chandra, M. Franz
{"title":"Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine","authors":"Deepak Chandra, M. Franz","doi":"10.1109/ACSAC.2007.37","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.37","url":null,"abstract":"We have implemented an information flow framework for the Java virtual machine that combines static and dynamic techniques to capture not only explicit flows, but also implicit ones resulting from control flow. Unlike other approaches that freeze policies at time of compilation, our system truly separates policy and enforcement mechanism and thereby permits policy changes even while a program is running. Ahead of execution, we run a static analysis that annotates an executable with information-flow information. During execution, we then use the annotations to safely update the labels of variables that lie in alternative paths of execution while enforcing the policy currently in place. Our framework doesn't require access to source code and is fully backward-compatible with existing Java class files. Preliminary benchmark results suggest that the run-time overhead of information flow techniques such as ours is well within acceptable range for many application domains.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126477078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 95
HoneyIM: Fast Detection and Suppression of Instant Messaging Malware in Enterprise-Like Networks HoneyIM:企业级网络中即时通讯恶意软件的快速检测和抑制
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.24
Mengjun Xie, Zhenyu Wu, Haining Wang
{"title":"HoneyIM: Fast Detection and Suppression of Instant Messaging Malware in Enterprise-Like Networks","authors":"Mengjun Xie, Zhenyu Wu, Haining Wang","doi":"10.1109/ACSAC.2007.24","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.24","url":null,"abstract":"Instant messaging (IM) has been one of most frequently used malware attack vectors due to its popularity. Distinct from other malware, it is straightforward for IM malware to find and hit the next victim by exploiting the current victim's contact list and playing social engineering tricks. Thus, the spread of IM malware is much harder to detect and suppress through conventional approaches. The previous solutions are ineffective to defend against IM malware in an enterprise-like network environment, mainly because of high false positive rate and the requirement of the IM server being inside the protected network. In this paper, we propose a novel IM malware detection and suppression mechanism, HoneyIM, which guarantees almost zero false positive on detecting and blocking IM malware in an enterprise-like network. The detection of HoneyIM is based on the concept of honeypot. HoneyIM uses decoy accounts to trap IM malware by leveraging malware spreading characteristics. Fed with accurate detection results, the suppression of HoneyIM can conduct a network-wide blocking. In addition, HoneyIM delivers attack information to network administrators in real-time so that system quarantine and recovery can be quickly performed. The core design of HoneyIM is generic, and can be applied to the scenarios that either enterprise IM services or public IM services are used in the protected network. Based on open-source IM client Pidgin and client honeypot Capture, we build a prototype of HoneyIM and validate its efficacy through both simulations and real experiments. Our results show that HoneyIM provides effective protection against IM malware in enterprise-like networks.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"137 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116609548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
A Taxonomy of Botnet Structures 僵尸网络结构的分类
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.44
D. Dagon, G. Gu, Christopher P. Lee, Wenke Lee
{"title":"A Taxonomy of Botnet Structures","authors":"D. Dagon, G. Gu, Christopher P. Lee, Wenke Lee","doi":"10.1109/ACSAC.2007.44","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.44","url":null,"abstract":"We propose a taxonomy of botnet structures, based on their utility to the botmaster. We propose key metrics to measure their utility for various activities (e.g., spam, ddos). Using these performance metrics, we consider the ability of different response techniques to degrade or disrupt botnets. In particular, our models show that targeted responses are particularly effective against scale free botnets and efforts to increase the robustness of scale free networks comes at a cost of diminished transitivity. Botmasters do not appear to have any structural solutions to this problem in scale free networks. We also show that random graph botnets (e.g., those using P2P formations) are highly resistant to both random and targeted responses. We evaluate the impact of responses on different topologies using simulation and demonstrate the utility of our proposed metrics by performing novel measurements of a P2P network. Our analysis shows how botnets may be classified according to structure and given rank or priority using our proposed metrics. This may help direct responses and suggests which general remediation strategies are more likely to succeed.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133213473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 314
Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies 静态与动态相结合的精确访问控制策略自动识别
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.39
Paolina Centonze, R. Flynn, Marco Pistoia
{"title":"Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies","authors":"Paolina Centonze, R. Flynn, Marco Pistoia","doi":"10.1109/ACSAC.2007.39","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.39","url":null,"abstract":"Given a large component-based program, it may be very complex to identify an optimal access-control policy, allowing the program to execute with no authorization failures and no violations of the principle of least privilege. This paper presents a novel combination of static and dynamic analysis for automatic determination of precise access-control policies for programs that will be executed on stack-based access control systems, such as Java and the Common Language Runtime (CLR). The static analysis soundly models the execution of the program taking into account native methods, reflection, and multi-threaded code. The dynamic analysis interactively refines the potentially conservative results of the static analysis, with no need for writing or generating test cases or for restarting the system if an authorization failure occurs during testing, and no risk of corrupting the underlying system on which the analysis is performed. We implemented the analysis framework presented by this paper in an analysis tool for Java programs, called Access-Control Explorer (ACE). ACE allows for automatic, safe, and precise identification of access-right requirements and library-code locations that should be made privilege-asserting to prevent client code from requiring unnecessary access rights. This paper presents experimental results obtained on large production-level applications.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126437124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
So You Think You Can Dance? 《舞魅天下》
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.49
R. Kemmerer
{"title":"So You Think You Can Dance?","authors":"R. Kemmerer","doi":"10.1109/ACSAC.2007.49","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.49","url":null,"abstract":"This paper discusses the importance of keeping practitioners in mind when determining what research to pursue and when making design and implementation decisions as part of a research program. The author discussed how his 30 plus years of security research have been driven by the desire to provide products, tools, and techniques that are useful for practitioners. He also discussed his view of what new security challenges the future has in store for us.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126173157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
OmniUnpack: Fast, Generic, and Safe Unpacking of Malware OmniUnpack:快速,通用和安全的解包恶意软件
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.15
L. Martignoni, Mihai Christodorescu, S. Jha
{"title":"OmniUnpack: Fast, Generic, and Safe Unpacking of Malware","authors":"L. Martignoni, Mihai Christodorescu, S. Jha","doi":"10.1109/ACSAC.2007.15","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.15","url":null,"abstract":"Malicious software (or malware) has become a growing threat as malware writers have learned that signature- based detectors can be easily evaded by \"packing\" the malicious payload in layers of compression or encryption. State-of-the-art malware detectors have adopted both static and dynamic techniques to recover the pay- load of packed malware, but unfortunately such techniques are highly ineffective. In this paper we propose a new technique, called OmniUnpack, to monitor the execution of a program in real-time and to detect when the program has removed the various layers of packing. OmniUnpack aids malware detection by directly providing to the detector the unpacked malicious payload. Experimental results demonstrate the effectiveness of our approach. OmniUnpack is able to deal with both known and unknown packing algorithms and introduces a low overhead (at most 11% for packed benign programs).","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125711624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 246
Channels: Runtime System Infrastructure for Security-Typed Languages 通道:安全类型语言的运行时系统基础结构
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.35
Boniface Hicks, Tim Misiak, P. Mcdaniel
{"title":"Channels: Runtime System Infrastructure for Security-Typed Languages","authors":"Boniface Hicks, Tim Misiak, P. Mcdaniel","doi":"10.1109/ACSAC.2007.35","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.35","url":null,"abstract":"Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The programmer maps policy onto programs by annotating types with information flow labels, and the STL compiler guarantees that data always obeys its label as it flows within an application. As data flows into or out of an application, however, a runtime system is needed to mediate between the information flow world within the application and the non-information flow world of the operating system. In the few existing STL applications, this problem has been handled in ad hoc ways that hindered software engineering and security analysis. In this paper, we present a principled approach to STL runtime system development along with policy infrastructure and class abstractions for the STL, Jif that implement these principles. We demonstrate the effectiveness of our approach by using our infrastructure to develop a firewall application, Flow Wall, that provably enforces its policy.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132741958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting 自动化漏洞分析:利用进化输入工艺的控制流
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.27
S. Sparks, S. Embleton, Ryan Cunningham, C. Zou
{"title":"Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting","authors":"S. Sparks, S. Embleton, Ryan Cunningham, C. Zou","doi":"10.1109/ACSAC.2007.27","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.27","url":null,"abstract":"We present an extension of traditional \"black box\" fuzz testing using a genetic algorithm based upon a dynamic Markov model fitness heuristic. This heuristic allows us to \"intelligently\" guide input selection based upon feedback concerning the \"success\" of past inputs that have been tried. Unlike many software testing tools, our implementation is strictly based upon binary code and does not require that source code be available. Our evaluation on a Windows server program shows that this approach is superior to random black box fuzzing for increasing code coverage and depth of penetration into program control flow logic. As a result, the technique may be beneficial to the development of future automated vulnerability analysis tools.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132856236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 107
The Design and Development of an Undercover Multipurpose Anti-spoofing Kit (UnMask) 一种秘密多用途反欺骗套件(UnMask)的设计与开发
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.12
S. Aggarwal, Jasbinder Bali, Z. Duan, Leo Kermes, Wayne W. Liu, Shahank Sahai, Zhenghui Zhu
{"title":"The Design and Development of an Undercover Multipurpose Anti-spoofing Kit (UnMask)","authors":"S. Aggarwal, Jasbinder Bali, Z. Duan, Leo Kermes, Wayne W. Liu, Shahank Sahai, Zhenghui Zhu","doi":"10.1109/ACSAC.2007.12","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.12","url":null,"abstract":"This paper describes the design and development of a software system to support law enforcement in investigating and prosecuting email based crimes. It focuses on phishing scams which use emails to trick users into revealing personal data. The system described in this paper, called the undercover multipurpose anti-spoofing kit (UnMask), will enable investigators to reduce the time and effort needed for digital forensic investigations of email-based crimes. A novel aspect of UnMask is its use of a database to not only store information related to the email and its constituent parts (such as IP addresses, links, domain names), but also to organize a workflow to automatically launch UNIX tools to collect additional information from the Internet. The retrieved information is in turn added to the database. Reports can then be automatically generated according to the needs of the forensic investigator, including correlations across multiple email data stored in the database. UnMask is a working system. To the best of our knowledge, UnMask is the first comprehensive system that can automatically analyze emails and generate forensic reports that can be used for subsequent investigation and prosecution.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129235206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Distributed Secure Systems: Then and Now 分布式安全系统:过去和现在
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.48
B. Randell, J. Rushby
{"title":"Distributed Secure Systems: Then and Now","authors":"B. Randell, J. Rushby","doi":"10.1109/ACSAC.2007.48","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.48","url":null,"abstract":"The early 1980s saw the development of some rather sophisticated distributed systems. These were not merely networked file systems: rather, using remote procedure calls, hierarchical naming, and what would now be called middleware, they allowed a collection of systems to operate as a coherent whole. One such system in particular was developed at Newcastle that allowed pre-existing applications and (Unix) systems to be used, completely unchanged, as components of an apparently standard large (multiprocessor) Unix system. The distributed secure system (DSS) described in our 1983 paper proposed a new way to construct secure systems by exploiting the design freedom created by this form of distributed computing. The DSS separated the security concerns of policy enforcement from those due to resource sharing and used a variety of mechanisms (dedicated components, cryptography, periods processing, separation kernels) to manage resource sharing in ways that were simpler than before. In this retrospective, we provide the full original text of our DSS paper, prefaced by an introductory discussion of the DSS in the context of its time, and followed by an account of the subsequent implementation and deployment of an industrial prototype of DSS, and a description of its modern interpretation in the form of the MILS architecture. We conclude by outlining current opportunities and challenges presented by this approach to security.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124819479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信