发布求助
文献互助 智能选刊 最新文献

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)最新文献

筛选
英文 中文
So You Think You Can Dance? 《舞魅天下》
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.49
R. Kemmerer
{"title":"So You Think You Can Dance?","authors":"R. Kemmerer","doi":"10.1109/ACSAC.2007.49","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.49","url":null,"abstract":"This paper discusses the importance of keeping practitioners in mind when determining what research to pursue and when making design and implementation decisions as part of a research program. The author discussed how his 30 plus years of security research have been driven by the desire to provide products, tools, and techniques that are useful for practitioners. He also discussed his view of what new security challenges the future has in store for us.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126173157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
OmniUnpack: Fast, Generic, and Safe Unpacking of Malware OmniUnpack:快速,通用和安全的解包恶意软件
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.15
L. Martignoni, Mihai Christodorescu, S. Jha
{"title":"OmniUnpack: Fast, Generic, and Safe Unpacking of Malware","authors":"L. Martignoni, Mihai Christodorescu, S. Jha","doi":"10.1109/ACSAC.2007.15","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.15","url":null,"abstract":"Malicious software (or malware) has become a growing threat as malware writers have learned that signature- based detectors can be easily evaded by \"packing\" the malicious payload in layers of compression or encryption. State-of-the-art malware detectors have adopted both static and dynamic techniques to recover the pay- load of packed malware, but unfortunately such techniques are highly ineffective. In this paper we propose a new technique, called OmniUnpack, to monitor the execution of a program in real-time and to detect when the program has removed the various layers of packing. OmniUnpack aids malware detection by directly providing to the detector the unpacked malicious payload. Experimental results demonstrate the effectiveness of our approach. OmniUnpack is able to deal with both known and unknown packing algorithms and introduces a low overhead (at most 11% for packed benign programs).","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125711624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 246
Channels: Runtime System Infrastructure for Security-Typed Languages 通道:安全类型语言的运行时系统基础结构
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.35
Boniface Hicks, Tim Misiak, P. Mcdaniel
{"title":"Channels: Runtime System Infrastructure for Security-Typed Languages","authors":"Boniface Hicks, Tim Misiak, P. Mcdaniel","doi":"10.1109/ACSAC.2007.35","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.35","url":null,"abstract":"Security-typed languages (STLs) are powerful tools for provably implementing policy in applications. The programmer maps policy onto programs by annotating types with information flow labels, and the STL compiler guarantees that data always obeys its label as it flows within an application. As data flows into or out of an application, however, a runtime system is needed to mediate between the information flow world within the application and the non-information flow world of the operating system. In the few existing STL applications, this problem has been handled in ad hoc ways that hindered software engineering and security analysis. In this paper, we present a principled approach to STL runtime system development along with policy infrastructure and class abstractions for the STL, Jif that implement these principles. We demonstrate the effectiveness of our approach by using our infrastructure to develop a firewall application, Flow Wall, that provably enforces its policy.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132741958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting 自动化漏洞分析:利用进化输入工艺的控制流
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.27
S. Sparks, S. Embleton, Ryan Cunningham, C. Zou
{"title":"Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting","authors":"S. Sparks, S. Embleton, Ryan Cunningham, C. Zou","doi":"10.1109/ACSAC.2007.27","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.27","url":null,"abstract":"We present an extension of traditional \"black box\" fuzz testing using a genetic algorithm based upon a dynamic Markov model fitness heuristic. This heuristic allows us to \"intelligently\" guide input selection based upon feedback concerning the \"success\" of past inputs that have been tried. Unlike many software testing tools, our implementation is strictly based upon binary code and does not require that source code be available. Our evaluation on a Windows server program shows that this approach is superior to random black box fuzzing for increasing code coverage and depth of penetration into program control flow logic. As a result, the technique may be beneficial to the development of future automated vulnerability analysis tools.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132856236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 107
The Design and Development of an Undercover Multipurpose Anti-spoofing Kit (UnMask) 一种秘密多用途反欺骗套件(UnMask)的设计与开发
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.12
S. Aggarwal, Jasbinder Bali, Z. Duan, Leo Kermes, Wayne W. Liu, Shahank Sahai, Zhenghui Zhu
{"title":"The Design and Development of an Undercover Multipurpose Anti-spoofing Kit (UnMask)","authors":"S. Aggarwal, Jasbinder Bali, Z. Duan, Leo Kermes, Wayne W. Liu, Shahank Sahai, Zhenghui Zhu","doi":"10.1109/ACSAC.2007.12","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.12","url":null,"abstract":"This paper describes the design and development of a software system to support law enforcement in investigating and prosecuting email based crimes. It focuses on phishing scams which use emails to trick users into revealing personal data. The system described in this paper, called the undercover multipurpose anti-spoofing kit (UnMask), will enable investigators to reduce the time and effort needed for digital forensic investigations of email-based crimes. A novel aspect of UnMask is its use of a database to not only store information related to the email and its constituent parts (such as IP addresses, links, domain names), but also to organize a workflow to automatically launch UNIX tools to collect additional information from the Internet. The retrieved information is in turn added to the database. Reports can then be automatically generated according to the needs of the forensic investigator, including correlations across multiple email data stored in the database. UnMask is a working system. To the best of our knowledge, UnMask is the first comprehensive system that can automatically analyze emails and generate forensic reports that can be used for subsequent investigation and prosecution.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129235206","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Distributed Secure Systems: Then and Now 分布式安全系统:过去和现在
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.48
B. Randell, J. Rushby
{"title":"Distributed Secure Systems: Then and Now","authors":"B. Randell, J. Rushby","doi":"10.1109/ACSAC.2007.48","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.48","url":null,"abstract":"The early 1980s saw the development of some rather sophisticated distributed systems. These were not merely networked file systems: rather, using remote procedure calls, hierarchical naming, and what would now be called middleware, they allowed a collection of systems to operate as a coherent whole. One such system in particular was developed at Newcastle that allowed pre-existing applications and (Unix) systems to be used, completely unchanged, as components of an apparently standard large (multiprocessor) Unix system. The distributed secure system (DSS) described in our 1983 paper proposed a new way to construct secure systems by exploiting the design freedom created by this form of distributed computing. The DSS separated the security concerns of policy enforcement from those due to resource sharing and used a variety of mechanisms (dedicated components, cryptography, periods processing, separation kernels) to manage resource sharing in ways that were simpler than before. In this retrospective, we provide the full original text of our DSS paper, prefaced by an introductory discussion of the DSS in the context of its time, and followed by an account of the subsequent implementation and deployment of an industrial prototype of DSS, and a description of its modern interpretation in the form of the MILS architecture. We conclude by outlining current opportunities and challenges presented by this approach to security.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124819479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
MetaAware: Identifying Metamorphic Malware MetaAware:识别变形恶意软件
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.9
Qinghua Zhang, D. Reeves
{"title":"MetaAware: Identifying Metamorphic Malware","authors":"Qinghua Zhang, D. Reeves","doi":"10.1109/ACSAC.2007.9","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.9","url":null,"abstract":"Detection of malicious software (malware) by the use of static signatures is often criticized for being overly simplistic. Available methods of obfuscating code (so-called metamorphic malware) will invalidate the use of a fixed signature, without changing the harmful effects of the software. This paper presents a new approach for recognizing metamorphic malware. The method uses fully automated static analysis of executables to summarize and compare program semantics, based primarily on the pattern of library or system functions which are called. The proposed method has been prototyped and evaluated using randomized benchmark programs, instances of known malware program variants, and utility software available in multiple releases. The results demonstrate three important capabilities of the proposed method: (a) it does well at identifying metamorphic variants of common malware; (h) it distinguishes easily between programs that are not related; and, (c) it can identify and detect program variations, or code reuse. Such variations can be due to insertion of malware (such as viruses) into the executable of a host program. We argue that this method of metamorphic code detection will be difficult for malware writers to bypass.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124839464","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 128
An Overview of the Annex System 附件制度概述
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.8
D. Grove, Toby C. Murray, Chris A. Owen, Chris J. North, J. A. Jones, Mark R. Beaumont, Bradley D. Hopkins
{"title":"An Overview of the Annex System","authors":"D. Grove, Toby C. Murray, Chris A. Owen, Chris J. North, J. A. Jones, Mark R. Beaumont, Bradley D. Hopkins","doi":"10.1109/ACSAC.2007.8","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.8","url":null,"abstract":"This paper describes the security and network architecture of the Annex system, a family of technologies for secure and pervasive communication and information processing that we have developed at the Australian Government's Defence Science and Technology Organisation. Our security architecture is built on top of a distributed object-capability system, which we believe provides an ideal platform for developing very high assurance devices. Our network architecture revolves around next generation networking technologies, including Mobile IPv6 and 802.11i wireless networking, but includes a small number of important extensions to improve security, robustness and mobility in the military context. A particular and unique contribution of our work is the tight integration of our very strong security architecture with next generation networking technologies. To complete the paper we describe our reference implementation of the Annex security and networking architecture, which consists of a number of devices known collectively as the Annex Ensemble.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116522606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Closed-Circuit Unobservable Voice over IP 闭路不可观测IP语音
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.34
C. A. Melchor, Y. Deswarte, Julien Iguchi-Cartigny
{"title":"Closed-Circuit Unobservable Voice over IP","authors":"C. A. Melchor, Y. Deswarte, Julien Iguchi-Cartigny","doi":"10.1109/ACSAC.2007.34","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.34","url":null,"abstract":"Among all the security issues in Voice over IP (VoIP) communications, one of the most difficult to achieve is traffic analysis resistance. Indeed, classical approaches provide a reasonable degree of security but induce large round-trip times that are incompatible with VoIP. In this paper, we describe some of the privacy and security issues derived from traffic analysis in VoIP. We also give an overview of how to provide low-latency VoIP communication with strong resistance to traffic analysis. Finally, we present a server which can provide such resistance to hundreds of users even if the server is compromised.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"92 13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128850044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Automated Security Debugging Using Program Structural Constraints 使用程序结构约束的自动安全调试
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Pub Date : 2007-12-01 DOI: 10.1109/ACSAC.2007.19
Chongkyung Kil, E. C. Sezer, P. Ning, Xiaolan Zhang
{"title":"Automated Security Debugging Using Program Structural Constraints","authors":"Chongkyung Kil, E. C. Sezer, P. Ning, Xiaolan Zhang","doi":"10.1109/ACSAC.2007.19","DOIUrl":"https://doi.org/10.1109/ACSAC.2007.19","url":null,"abstract":"Understanding security bugs in a vulnerable program is a non-trivial task, even if the target program is known to be vulnerable. Though there exist debugging tools that facilitate the vulnerability analysis and debugging process, human developers still need to manually trace the program execution most of the times. This makes security debugging a difficult and tiresome task even for experienced programmers. In this paper, we present the development of a novel security debugging tool called CBones (SeeBones, where bones is an analogy of program structures). CBones is intended to fully automate the analysis of a class of security vulnerabilities in C programs, the exploits of which would compromise the integrity of program structures satisfied by all legitimate binaries compiled from C source code. In other words, CBones automatically discovers how unknown vulnerabilities in C programs are exploited based on program structural constraints. Unlike the previous approaches, CBones can automatically identify exploit points of unknown security bugs without requiring a training phase, source code access (analysis or instrumentation), or additional hardware supports. To validate the effectiveness of this approach, we evaluate CBones with 12 real-world applications that contain a wide range of vulnerabilities. Our results show that CBones can discover all security bugs with no false alarms, pinpoint the corrupting instructions, and provide information to facilitate the understanding of how an attack exploits a security bug.","PeriodicalId":199101,"journal":{"name":"Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131128124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信