发布求助
文献互助 智能选刊 最新文献

21st Annual Computer Security Applications Conference (ACSAC'05)最新文献

筛选
英文 中文
How to Develop a Career in Information Assurance and How to Advance in this Field 如何发展信息保障事业,如何在这一领域取得进步
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.31
Marla Collier
{"title":"How to Develop a Career in Information Assurance and How to Advance in this Field","authors":"Marla Collier","doi":"10.1109/CSAC.2005.31","DOIUrl":"https://doi.org/10.1109/CSAC.2005.31","url":null,"abstract":"One of the areas where industry is spending its money is for IA. This is not necessarily being done for only commercial reasons as the specter of legal action also weights heavily on corporate America and the European Union. This involves confidentiality, integrity, as well as privacy. ACSAC has never addressed the career aspects of IA. There are several schools/universities that teach IA, forests of books, and even some electronic courses available. However, there are numerous aspects of having a career in IA that could be explored. These include:","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132727949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Automated and safe vulnerability assessment 自动化和安全的脆弱性评估
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.11
F. Guo, Yang Yu, T. Chiueh
{"title":"Automated and safe vulnerability assessment","authors":"F. Guo, Yang Yu, T. Chiueh","doi":"10.1109/CSAC.2005.11","DOIUrl":"https://doi.org/10.1109/CSAC.2005.11","url":null,"abstract":"As the number of system vulnerabilities multiplies in recent years, vulnerability assessment has emerged as a powerful system security administration tool that can identify vulnerabilities in existing systems before they are exploited. Although there are many commercial vulnerability assessment tools in the market, none of them can formally guarantee that the assessment process never compromises the computer systems being tested. This paper proposes a featherweight virtual machine (FVM) technology to address the safety issue associated with vulnerability testing. Compared with other virtual machine technologies, FVM is designed to facilitate sharing between virtual machines but still provides strong protection between them. The FVM technology allows a vulnerability assessment tool to test an exact replica of a production-mode network service, including both hardware and system software components, while guaranteeing that the production-mode network service is fully isolated from the testing process. In addition to safety, the vulnerability assessment support system described in this paper can also automate the entire process of vulnerability testing and thus for the first time makes it feasible to run vulnerability testing autonomously and frequently. Experiments on a Windows-based prototype show that Nessus assessment results against an FVM virtual machine are identical to those against a real machine. Furthermore, modifications to the file system and registry state made by vulnerability assessment runs are completely isolated from the host machine. Finally, the performance impact of vulnerability assessment runs on production network services is as low as 3%","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132975784","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Verify results of network intrusion alerts using lightweight protocol analysis 使用轻量级协议分析验证网络入侵警报的结果
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.62
J. Zhou, Adam Carlson, M. Bishop
{"title":"Verify results of network intrusion alerts using lightweight protocol analysis","authors":"J. Zhou, Adam Carlson, M. Bishop","doi":"10.1109/CSAC.2005.62","DOIUrl":"https://doi.org/10.1109/CSAC.2005.62","url":null,"abstract":"We propose a method to verify the result of attacks detected by signature-based network intrusion detection systems using lightweight protocol analysis. The observation is that network protocols often have short meaningful status codes saved at the beginning of server responses upon client requests. A successful intrusion that alters the behavior of a network application server often results in an unexpected server response, which does not contain the valid protocol status code. This can be used to verify the result of the intrusion attempt. We then extend this method to verify the result of attacks that still generate valid protocol status code in the server responses. We evaluate this approach by augmenting Snort signatures and testing on real world data. We show that some simple changes to Snort signatures can effectively verify the result of attacks against the application servers, thus significantly improve the quality of alerts","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115617233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
Fault attacks on dual-rail encoded systems 双轨编码系统的故障攻击
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.25
J. Waddle, D. Wagner
{"title":"Fault attacks on dual-rail encoded systems","authors":"J. Waddle, D. Wagner","doi":"10.1109/CSAC.2005.25","DOIUrl":"https://doi.org/10.1109/CSAC.2005.25","url":null,"abstract":"Fault induction attacks are a serious concern for designers of secure embedded systems. An ideal solution would be a generic circuit transformation that would produce circuits that are robust against fault induction attacks. We develop a framework for analyzing the security of systems against single fault attacks and apply it to a recent proposed method (dual-rail encoding) for generically securing circuits against single fault attacks. Ultimately, we find that the method does not hold up under our threat models: n-bit cryptographic keys can be extracted from the device with roughly n trials. We conclude that secure designs should incorporate explicit countermeasures to either directly address or attempt to invalidate our threat models","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"17 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122591659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Building evidence graphs for network forensics analysis 为网络取证分析构建证据图
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.14
Wei Wang, Thomas E. Daniels
{"title":"Building evidence graphs for network forensics analysis","authors":"Wei Wang, Thomas E. Daniels","doi":"10.1109/CSAC.2005.14","DOIUrl":"https://doi.org/10.1109/CSAC.2005.14","url":null,"abstract":"In this paper, we present techniques for a network forensics analysis mechanism that includes effective evidence presentation, manipulation and automated reasoning. We propose the evidence graph as a novel graph model to facilitate the presentation and manipulation of intrusion evidence. For automated evidence analysis, we develop a hierarchical reasoning framework that includes local reasoning and global reasoning. Local reasoning aims to infer the roles of suspicious hosts from local observations. Global reasoning aims to identify group of strongly correlated hosts in the attack and derive their relationships. By using the evidence graph model, we effectively integrate analyst feedback into the automated reasoning process. Experimental results demonstrate the potential and effectiveness of our proposed approaches","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125493614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Looking back at the Bell-La Padula model 回顾Bell-La Padula模型
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.37
D. E. Bell
{"title":"Looking back at the Bell-La Padula model","authors":"D. E. Bell","doi":"10.1109/CSAC.2005.37","DOIUrl":"https://doi.org/10.1109/CSAC.2005.37","url":null,"abstract":"The Bell-La Padula security model produced conceptual tools for the analysis and design of secure computer systems. Together with its sibling engineering initiatives, it identified and elucidated security principles that endure today. This paper reviews those security principles, first in their own time, and then in the context of today's computer and network environment","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133645750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 160
User-centered security: stepping up to the grand challenge 以用户为中心的安全:迎接重大挑战
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.60
M. Zurko
{"title":"User-centered security: stepping up to the grand challenge","authors":"M. Zurko","doi":"10.1109/CSAC.2005.60","DOIUrl":"https://doi.org/10.1109/CSAC.2005.60","url":null,"abstract":"User-centered security has been identified as a grand challenge in information security and assurance. It is on the brink of becoming an established subdomain of both security and human/computer interface (HCI) research, and an influence on the product development lifecycle. Both security and HCI rely on the reality of interactions with users to prove the utility and validity of their work. As practitioners and researchers in those areas, we still face major issues when applying even the most foundational tools used in either of these fields across both of them. This essay discusses the systemic roadblocks at the social, technical, and pragmatic levels that user-centered security must overcome to make substantial breakthroughs. Expert evaluation and user testing are producing effective usable security today. Principles such as safe staging, enumerating usability failure risks, integrated security, transparent security and reliance on trustworthy authorities can also form the basis of improved systems","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114463584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 82
Exploiting independent state for network intrusion detection 利用独立状态进行网络入侵检测
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.24
Robin Sommer, V. Paxson
{"title":"Exploiting independent state for network intrusion detection","authors":"Robin Sommer, V. Paxson","doi":"10.1109/CSAC.2005.24","DOIUrl":"https://doi.org/10.1109/CSAC.2005.24","url":null,"abstract":"Network intrusion detection systems (NIDSs) critically rely on processing a great deal of state. Often much of this state resides solely in the volatile processor memory accessible to a single user-level process on a single machine. In this work, we highlight the power of independent state, i.e., internal fine-grained state that can be propagated from one instance of a NIDS to others running either concurrently or subsequently. Independent state provides us with a wealth of possible applications that hold promise for enhancing the capabilities of NIDSs. We discuss an implementation of independent state for the Bro NIDS and examine how we can then leverage independent state for distributed processing, load parallelization, selective preservation of state across restarts and crashes, dynamic reconfiguration, high level policy maintenance, and support for profiling and debugging. We have experimented with each of these applications in several large environments and are now working to integrate them into the sites' operational monitoring. A performance evaluation shows that our implementation is suitable for use even in large scale environments","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133914033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Understanding complex network attack graphs through clustered adjacency matrices 通过聚类邻接矩阵理解复杂网络攻击图
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.58
S. Noel, S. Jajodia
{"title":"Understanding complex network attack graphs through clustered adjacency matrices","authors":"S. Noel, S. Jajodia","doi":"10.1109/CSAC.2005.58","DOIUrl":"https://doi.org/10.1109/CSAC.2005.58","url":null,"abstract":"We apply adjacency matrix clustering to network attack graphs for attack correlation, prediction, and hypothesizing. We self-multiply the clustered adjacency matrices to show attacker reachability across the network for a given number of attack steps, culminating in transitive closure for attack prediction over all possible number of steps. This reachability analysis provides a concise summary of the impact of network configuration changes on the attack graph. Using our framework, we also place intrusion alarms in the context of vulnerability-based attack graphs, so that false alarms become apparent and missed detections can be inferred. We introduce a graphical technique that shows multiple-step attacks by matching rows and columns of the clustered adjacency matrix. This allows attack impact/responses to be identified and prioritized according to the number of attack steps to victim machines, and allows attack origins to be determined. Our techniques have quadratic complexity in the size of the attack graph","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127601374","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 128
Replay attack in TCG specification and solution TCG中的重放攻击规范及解决方案
21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.47
D. Bruschi, L. Cavallaro, A. Lanzi, Mattia Monga
{"title":"Replay attack in TCG specification and solution","authors":"D. Bruschi, L. Cavallaro, A. Lanzi, Mattia Monga","doi":"10.1109/CSAC.2005.47","DOIUrl":"https://doi.org/10.1109/CSAC.2005.47","url":null,"abstract":"We prove the existence of a flaw which we individuated in the design of the object-independent authorization protocol (OIAP), which represents one of the building blocks of the trusted platform module (TPM), the core of the trusted computing platforms (TPs) as devised by the trusted computing group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115345001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 42
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信