Integrity Checking For Process Hardening

Integrity Checking For Process Hardening (2005)

Cached

Download Links

by Kyung-suk Lhee

BibTeX

@MISC{Lhee05integritychecking,
    author = {Kyung-suk Lhee},
    title = { Integrity Checking For Process Hardening},
    year = {2005}
}

Bookmark

OpenURL

Abstract

Computer intrusions can occur in various ways. Many of them occur by exploiting program flaws and system configuration errors. Existing solutions that detects specific kinds of flaws are substantially different from each other, so aggregate use of them may be incompatible and require substantial changes in the current system and computing practice. Intrusion detection systems may not be the answer either, because they are inherently inaccurate and susceptible to false positives/negatives. This dissertation presents a taxonomy of security flaws that classifies program vulnerabilities into finite number of error categories, and presents a security mechanism that can produce accurate solutions for many of these error categories in a modular fashion. To be accurate, a solution should closely match the characteristic of the target error category. To ensure this, we focus only on error categories whose characteristics can be defined in terms of a violation of process integrity. The thesis of this work is that the proposed approach produces accurate solutions for many error categories. To prove the accuracy of produced solutions, we define the process integrity checking approach and analyze its properties. To prove that this approach can cover many error categories, we develop a classification of program security flaws and find error characteristics (in terms of a process integrity) from many of these categories. We

Citations

681	Operating System Concepts - Silberschatz, Baer, et al. - 2005
477	Points-to analysis in almost linear time - Steensgaard - 1996
458	Principles of Program Analysis - Nielson, Nielson, et al. - 1999
457	A sense of self for unix processes - Forrest, Hofmeyr, et al. - 1996
407	Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks - Cowan, Pu, et al.
366	Integrity considerations for secure computer systems - Biba - 1977
353	L.J.: Secure computer systems: Mathematical foundations and model - Bell, Padula - 1973
321	Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems - Kocher - 1996
314	A first step towards automated detection of buffer overrun vulnerabilities - Wagner, Foster, et al. - 2000
286	CCured: Type-safe retrofitting of legacy code - Necula, McPeak, et al. - 2002
274	Cyclone: A Safe Dialect - Jim, Morrisett, et al. - 2002
239	transition analysis: A rule-based intrusion detection approach - Ilgun, Kermmerer, et al. - 1995
195	Efficient detection of all pointer and array access errors - Austin, Breach, et al. - 1994
165	Backwards-compatible bounds checking for arrays and pointers in C programs - Jones, Kelly - 1997
158	Statically detecting likely buffer overflow vulnerabilities - Larochelle, Evans - 2001
158	P (2002) Mimicry attacks on host-based intrusion detection systems. In: CCS’02: proc of the 9th ACM conf on comp and comm security - Wagner, Soto
156	Transparent run-time defense against stack-smashing attacks - Baratloo, Singh, et al. - 2000
123	Remote Timing Attacks Are Practical - Brumley, Boneh - 2003
123	E.: A pattern matching model for misuse intrusion detection - Kumar, Spafford - 1994
120	FormatGuard: Automatic protection from printf format string vulnerabilities - Cowan - 2001
119	Checking for race conditions in file accesses - Bishop, Dilger - 1996
119	A Taxonomy of Computer Program Security Flaws, with Examples - Landwehr, Bull, et al. - 1994
114	Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade - Cowan, Wagle, et al. - 2000
104	LCLint: A tool for using specifications to check code - Evans, Guttag, et al. - 1994
104	Automated detection of vulnerabilities in privileged programs by execution monitoring - KO, FINK, et al. - 1994
90	Security for mobile agents: Authentication and state appraisal - Farmer, Guttman, et al. - 1996
81	Orthogonal defect classification — a concept for in-process measurements - Chillarege - 1986
77	What are Race Conditions?: Some Issues and Formalizations - Netzer, Miller - 1992
67	Adaptive real-time anomaly detection using inductively generated sequential patterns - Teng, Chen, et al.
67	ITS4: A static vulnerability scanner for C and C++ code - Viega, Bloch, et al. - 2000
66	Use of a taxonomy of security faults - Aslam, Krsul, et al. - 1996
59	Artificial intelligence and intrusion detection: Current and future directions - Frank - 1994
50	A prototype real-time intrusion-detection expert system - Lunt, Jagannathan - 1988
44	Improving computer security using extended static checking - Chess - 2002
43	Security Analysis and Enhancements of Computer Operating Systems - Abbott
40	Defeating Solar Designer’s Non-executable Stack Patch. http://insecure.org/sploits/ non-executable.stack.problems.html - Wojtczuk - 1998
38	Type-assisted dynamic buffer overflow detection - Lee, Chapin - 2000
38	Janus: An Approach for Confinement of Untrusted Applications - Wagner - 1999
32	Advanced SQL injection in SQL server applications. NGSSoftware - Anley - 2002
31	advanced return-into-lib(c) exploits: PaX case study - Nergal - 2001
30	Precise flow-insensitive may-alias analysis is NP-hard - HORWITZ - 1997
29	On preventing intrusions by process behavior monitoring - SEKAR, BOWEN, et al.
27	A taxonomy of UNIX system and network vulnerabilities - Bishop - 1995
21	Smashing stack for fun and profit - AlephOne - 1996
20	Noninterference and intrusion detection - Ko, Redmond - 2002
19	Basic integer overflows - blexim
16	Program analysis and specialization for the C programming language - ANDERSON - 1994
16	RaceGuard: kernel protection from temporary file race vulnerabilities - Cowan, Beattie, et al. - 2001
16	Dynamic detection and prevention of race conditions in file accesses - Tsyrklevich, Yee - 2003
12	Categorization of software errors that led to security breaches - Du, Mathur - 1998