Remediation of application-specific security vulnerabilities at runtime

IEEE Software

Volumn 17, Issue 5, 2000, Pages 59-67

  Bowen, Thomas F ^a   Segal, Mark E ^a  

^a TELCORDIA TECHNOLOGIES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; WORLD WIDE WEB;

SYSTEM CALL MONITORING SYSTEM;

SECURITY OF DATA;

EID: 0034269817     PISSN: 07407459     EISSN: None     Source Type: Journal    
DOI: 10.1109/52.877867     Document Type: Article

References (16)

1. S. Kitzberg, "Conflict and the Computer: Information Warfare and Related Ethical Issues," Proc. 21st Nat'1 Information System Security Conf., Nat'l Computer Security Center, Fort Meade, Md., pp. 126-135.
2. G. McGraw and E. Felten, Securing Java, John Wiley & Sons, New York, 1998.
3. Aleph One, "Smashing the Stack for Fun and Profit," Phrack Online, Vol. 7, No. 49, 9 Nov. 1996; www. phrack.com (current Sept. 2000).
4. E. Spafford, "The Internet Worm Program: Analysis," Computer Comm. Review, Vol. 19, No. 1, Jan. 1989.
5. CERT/CC Advisories 1988-2000, Carnegie Mellon Software Eng. Inst.; www.cert.org/advisories (current Sept. 2000).
6. M. Bishop and M. Dilger, "Checking for Race Conditions in File Accesses," Computing Systems, Vol. 9, No. 2, Spring 1996, pp. 131-152.
7. T.A. Linden, Operating System Structures to Support Security and Reliable Software, Tech. Report NBS 919, Inst. for Computer Sciences and Technology, Nat'l Bureau of Standards, US Dept. of Commerce, Washington, D.C., 1976.
8. C. Cowan et al., "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proc. Seventh USENIX Security Symp., USENIX, Berkeley, Calif., 1998, pp. 63-78.
9. R. Sekar, T. Bowen, and M. Segal, "On Preventing Intrusions by Process Behavior Monitoring," Proc. Workshop on Intrusion Detection and Network Monitoring Proceedings, Berkeley, Calif., USENIX, 1999, pp. 29-40.
10. G.H. Kim and E.H. Spafford, "Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection," Proc. Systems Administration, Networking, and Security Conf. III, USENIX, Berkeley, Calif., 1994, pp. 89-101.
11. M. Russinovich and Z. Segall, "Fault-Tolerance for Off-the-Shelf Applications and Hardware," Proc. 25th Int'l Symp. Fault-Tolerant Computing, IEEE Computer Society Press, Los Alamitos, Calif., 1995, pp. 67-71.
12. T. Mitchem, R. Lu, and R. O'Brien, "Using Kernel Hypervisors to Secure Applications," Proc. Ann. Computer Security Application Conf., IEEE Computer Soc. Press, Los Alamitos, Calif., 1997, pp. 175-181.
13. eTrust Access Control for UNIX, Computer Associates white paper, Jan. 2000; www.ca.com/solutions/ enterprise/etrust/whitepapers.htm (current Sept. 2000).
14. T. Fraser, L. Badger, and M. Feldman, "Hardening COTS Software with Generic Software Wrappers," Proc. 1999 Symp. Security and Privacy, IEEE Computer Soc. Press, Los Alamitos, Calif., 1999, pp. 2-16.
15. S. Forrest, S. Hofmeyr, and A. Somayaji, "Computer Immunology," Comm. ACM, Vol. 40, No. 10, Oct. 1997, pp. 88-96.
16. R.M. Balzer and N.M. Goldman, "Mediating Connectors," Proc. 1999 Int'l Conf. Distributed Computing Systems Workshop on Electronic Commerce and Web-Based Applications/Middleware, IEEE Computer Soc. Press, Los Alamitos, Calif., 1999, pp. 73-77.