发布求助
文献互助 智能选刊 最新文献

21st Annual Computer Security Applications Conference (ACSAC'05)最新文献

筛选
英文 中文
ScriptGen: an automated script generation tool for Honeyd ScriptGen:用于hadoop的自动脚本生成工具
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.49
Corrado Leita, Ken Mermoud, M. Dacier
{"title":"ScriptGen: an automated script generation tool for Honeyd","authors":"Corrado Leita, Ken Mermoud, M. Dacier","doi":"10.1109/CSAC.2005.49","DOIUrl":"https://doi.org/10.1109/CSAC.2005.49","url":null,"abstract":"Honeyd (N. Provos, 2004) is a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC. It is a so called low interaction honeypot. Responses to incoming requests are generated thanks to ad hoc scripts that need to be written by hand. As a result, few scripts exist, especially for services handling proprietary protocols. In this paper, we propose a method to alleviate these problems by automatically generating new scripts. We explain the method and describe its limitations. We analyze the quality of the generated scripts thanks to two different methods. On the one hand, we have launched known attacks against a machine running our scripts; on the other hand, we have deployed that machine on the Internet, next to a high interaction honeypot during two months. For those attackers that have targeted both machines, we can verify if our scripts have, or not, been able to fool them. We also discuss the various tuning parameters of the algorithm that can be set to either increase the quality of the script or, at the contrary, to reduce its complexity","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115614876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 192
Building a MAC-based security architecture for the Xen open-source hypervisor 为Xen开源管理程序构建基于mac的安全架构
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.13
R. Sailer, T. Jaeger, Enriquillo Valdez, R. Cáceres, R. Perez, Stefan Berger, J. Griffin, L. V. Doorn
{"title":"Building a MAC-based security architecture for the Xen open-source hypervisor","authors":"R. Sailer, T. Jaeger, Enriquillo Valdez, R. Cáceres, R. Perez, Stefan Berger, J. Griffin, L. V. Doorn","doi":"10.1109/CSAC.2005.13","DOIUrl":"https://doi.org/10.1109/CSAC.2005.13","url":null,"abstract":"We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero performance overhead, non-intrusive implementation, and usability are of paramount importance. sHype enforces strong isolation at the granularity of a virtual machine, thus providing a robust foundation on which higher software layers can enact finer-grained controls. We provide the rationale behind the sHype design and describe and evaluate our implementation for the Xen open-source hypervisor","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115371471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 316
Strengthening software self-checksumming via self-modifying code 通过自修改代码加强软件的自校验和
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.53
Jonathon T. Giffin, Mihai Christodorescu, L. Kruger
{"title":"Strengthening software self-checksumming via self-modifying code","authors":"Jonathon T. Giffin, Mihai Christodorescu, L. Kruger","doi":"10.1109/CSAC.2005.53","DOIUrl":"https://doi.org/10.1109/CSAC.2005.53","url":null,"abstract":"Recent research has proposed self-checksumming as a method by which a program can detect any possibly malicious modification to its code. Wurster et al. developed an attack against such programs that renders code modifications undetectable to any self-checksumming routine. The attack replicated pages of program text and altered values in hardware data structures so that data reads and instruction fetches retrieved values from different memory pages. A cornerstone of their attack was its applicability to a variety of commodity hardware: they could alter memory accesses using only a malicious operating system. In this paper, we show that their page-replication attack can be detected by self-checksumming programs with self-modifying code. Our detection is efficient, adding less than 1 microsecond to each checksum computation in our experiments on three processor families, and is robust up to attacks using either costly interpretive emulation or specialized hardware","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"7 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124907571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 86
An integrity verification scheme for DNS zone file based on security impact analysis 基于安全影响分析的DNS区域文件完整性验证方案
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.9
R. Chandramouli, S. Rose
{"title":"An integrity verification scheme for DNS zone file based on security impact analysis","authors":"R. Chandramouli, S. Rose","doi":"10.1109/CSAC.2005.9","DOIUrl":"https://doi.org/10.1109/CSAC.2005.9","url":null,"abstract":"The domain name system (DNS) is the world's largest distributed computing system that performs the key function of translating user-friendly domain names to IP addresses through a process called name resolution. After looking at the protection measures for securing the DNS transactions, we discover that the trust in the name resolution process ultimately depends upon the integrity of the data repository that authoritative name servers of DNS use. This data repository is called a zone file. Hence we analyze in detail the data content relationships in a zone file that have security impacts. We then develop a taxonomy and associated population of constraints. We also have developed a platform-independent framework using XML, XML schema and XSLT for encoding those constraints and verifying them against the XML encoded zone file data to detect integrity violations","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"44 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126126892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
The Pump: a decade of covert fun 泵:十年的隐蔽乐趣
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.56
Myong H. Kang, I. S. Moskowitz, Stanley Chincheck
{"title":"The Pump: a decade of covert fun","authors":"Myong H. Kang, I. S. Moskowitz, Stanley Chincheck","doi":"10.1109/CSAC.2005.56","DOIUrl":"https://doi.org/10.1109/CSAC.2005.56","url":null,"abstract":"This paper traces the ten plus year history of the Naval Research Laboratory's Pump idea. The Pump was theorized, designed, and built at the Naval Research Laboratory's Center for High Assurance Computer Systems. The reason for the Pump is the need to send messages from a \"low\" enclave to a \"high\" enclave, in a secure and reliable manner. In particular, the Pump was designed to minimize the covert channel threat from the necessary message acknowledgements, without penalizing system performance and reliability. We review the need for the Pump, the design of the Pump, the variants of the Pump, and the current status of the Pump, along with manufacturing and certification difficulties","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126046875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 73
A framework for detecting network-based code injection attacks targeting Windows and UNIX 用于检测针对Windows和UNIX的基于网络的代码注入攻击的框架
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.5
Stig Andersson, A. Clark, G. Mohay, Bradley L. Schatz, J. Zimmermann
{"title":"A framework for detecting network-based code injection attacks targeting Windows and UNIX","authors":"Stig Andersson, A. Clark, G. Mohay, Bradley L. Schatz, J. Zimmermann","doi":"10.1109/CSAC.2005.5","DOIUrl":"https://doi.org/10.1109/CSAC.2005.5","url":null,"abstract":"Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a framework for detecting new or previously unseen code injection attacks in a heterogeneous networking environment and compares code injection attack and detection strategies used in the UNIX and Windows environments. The approach presented is capable of detecting both obfuscated and clear text attacks, and is suitable for implementation in the Windows environment. A prototype intrusion detection system (IDS) capable of detecting code injection attacks, both clear text attacks and obfuscated attacks, which targets Windows systems is presented","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130928151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
How Does Information Assurance R&D Impact Information Assurance in Practice? Follow the money - Where does it Go - What is our ROI? 信息保障研发如何影响信息保障实践?跟着钱走-钱去哪儿了-我们的投资回报率是多少?
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.30
T. Tba
{"title":"How Does Information Assurance R&D Impact Information Assurance in Practice? Follow the money - Where does it Go - What is our ROI?","authors":"T. Tba","doi":"10.1109/CSAC.2005.30","DOIUrl":"https://doi.org/10.1109/CSAC.2005.30","url":null,"abstract":"The Federal Government has an impressive record of achievements in Information Technology R&D. Some notable examples of how the Federal Government’s R&D has impacted the industry include major advances in such areas as networking, high performance computing, software engineering, programming languages and information assurance (IA). However, there are also many cases where the R&D has not had a partner to transition to and good results have languished on the tree and this is one if not the major challenge in the Federal Government R&D programs. In this session, we have brought together leaders in the Federal Government’s IA R&D program from both DoD and non-DoD agencies, as well as the Chief Technology Offiers/Chief Security Officers (CSO’s) of some major agencies to discuss how Information Assurance/Security R&D is impacting the operations of the agencies and how the needs of the operations organizations are being reflected in current R&D initiatives. Some questions that we hope to answer include:","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128879015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Uniform application-level access control enforcement of organizationwide policies 组织范围策略的统一应用程序级访问控制实施
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.59
Tine Verhanneman, F. Piessens, Bart De Win, W. Joosen
{"title":"Uniform application-level access control enforcement of organizationwide policies","authors":"Tine Verhanneman, F. Piessens, Bart De Win, W. Joosen","doi":"10.1109/CSAC.2005.59","DOIUrl":"https://doi.org/10.1109/CSAC.2005.59","url":null,"abstract":"Fine-grained and expressive access control policies on application resources need to be enforced in application-level code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and security officer, which hampers a centralized management of a policy and therefore compromises the uniformity of its enforcement. To address this problem, the concept of an access interface is introduced as a contract between an organization-wide authorization engine and the various applications that need its services. The access interface provides support for the central management of the policy by the security officer. By means of a view connector, the application deployer ensures that each application complies with this contract, so that the policy can be enforced","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122926662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Using continuous biometric verification to protect interactive login sessions 使用连续的生物识别验证来保护交互式登录会话
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.61
Sandeep Kumar, T. Sim, R. Janakiraman, S. Zhang
{"title":"Using continuous biometric verification to protect interactive login sessions","authors":"Sandeep Kumar, T. Sim, R. Janakiraman, S. Zhang","doi":"10.1109/CSAC.2005.61","DOIUrl":"https://doi.org/10.1109/CSAC.2005.61","url":null,"abstract":"In this paper we describe the theory, architecture, implementation, and performance of a multimodal passive biometric verification system that continually verifies the presence/participation of a logged-in user. We assume that the user logged in using strong authentication prior to the starting of the continuous verification process. While the implementation described in the paper combines a digital camera-based face verification with a mouse-based fingerprint reader, the architecture is generic enough to accommodate additional biometric devices with different accuracy of classifying a given user from an imposter. The main thrust of our work is to build a multimodal biometric feedback mechanism into the operating system so that verification failure can automatically lock up the computer within some estimate of the time it takes to subvert the computer. This must be done with low false positives in order to realize a usable system. We show through experimental results that combining multiple suitably chosen modalities in our theoretical framework can effectively do that with currently available off-the-shelf components","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130821744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 68
e-NeXSh: achieving an effectively non-executable stack and heap via system-call policing e-NeXSh:通过系统调用监管实现有效的不可执行堆栈和堆
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.22
Gaurav S. Kc, A. Keromytis
{"title":"e-NeXSh: achieving an effectively non-executable stack and heap via system-call policing","authors":"Gaurav S. Kc, A. Keromytis","doi":"10.1109/CSAC.2005.22","DOIUrl":"https://doi.org/10.1109/CSAC.2005.22","url":null,"abstract":"We present e-NeXSh, a novel security approach that utilises kernel and LIBC support for efficiently defending systems against process-subversion attacks. Such attacks exploit vulnerabilities in software to override its program control-flow and consequently invoke system calls, causing out-of-process damage. Our technique defeats such attacks by monitoring all LIBC function and system-call invocations, and validating them against process-specific information that strictly prescribes the permissible behaviour for the program (unlike general sandboxing techniques that require manually maintained, explicit policies, we use the program code itself as a guideline for an implicit policy). Any deviation from this behaviour is considered malicious, and we halt the attack, limiting its damage to within the subverted process. We implemented e-NeXSh as a set of modifications to the Linux-2.4.18-3 kernel and a new user-space shared library (e-NeXSh.so). The technique is transparent, requiring no modifications to existing libraries or applications. e-NeXSh was able to successfully defeat both code-injection and LIBC-based attacks in our effectiveness tests. The technique is simple and lightweight, demonstrating no measurable overhead for select UNIX utilities, and a negligible 1.55% performance impact on the Apache Web server","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131549318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信