Disarming offense to facilitate defense

Proceedings New Security Paradigm Workshop

Volumn , Issue , 2000, Pages 69-75

  Bruschi, Danilo ^a   Rosti, Emilia ^a  

^a UNIVERSITY OF MILAN   (Italy)

Author keywords

Attack; Computer and network security; Defense; Disarm; Monitor; Offense

Indexed keywords

ELECTRONIC MAIL; INTRANETS; LEGACY SYSTEMS; SOFTWARE ENGINEERING;

NETWORK SECURITY;

SECURITY OF DATA;

EID: 0034593306     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/366173.366192     Document Type: Conference Paper

References (29)

1. Aleph One, "Smashing the stack for fun and profit," Phrack Magazine 49, Fall 1997.
2. Anderson J., "Computer security technology plannng study," U.S. Air Force Electronic System Division Technical Report 73-51, October 1972.
3. Bach M.J., The design of the Unix operating system, Prentice-Hall Int. Series, 1987.
4. Bandel D. "Linux Security Toolkit," IDG Books, 2000.
5. Banfi R., Bruschi D., Rosti E., "A tool for pro-active defense against the buffer overrun attack," Proc. of ESORICS '98, LNCS 1485, pp. 17-31, 1998.
6. Bruschi D., Cavallaro L., Rosti E., "Less harm, less worry or hot to improve network security by bounding system, offensiveness," ACSAC '00, 16th Annual Computer Security Application Conferences, New Orleans, Dec. 2000.
7. S. Bunch, "The setuid feature in Unix and security," Proceedings of the 10th National Security Conference, 1987.
8. CERT-CC, "TCP SYN flooding attacks and IP Spoofing attacks," CERT Advisory CA-96.21, http://www.cert.org, 1996-98.
9. CERT-CC, "Denial of service attack via ping," CERT Advisory CA-96.26, http://www.cert.org, 1996-97.
10. CERT-CC, "IP Denial of service attacks," CERT Advisory CA-97.28, http://www.cert.org, 1997-98.
11. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Ziang, "StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks," Proc. of the 7th USENIX Security Symposium, 1998.
12. Ferguson P., Senie D., "Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing," Network Working Group RFC 2267, http://www.rfc-editor.org/rfc/rfc2267.txt, January 1998.
13. S. Garfinkel, E. Spafford, Practical UNIX and Internet Security, O'Reilly, 1996.
14. Huegen C., "The latest in denial of service attacks: smurfing. Description and information to minimize effects," http://users.quadrunner.com/chuegen/smurf.cgi, last update Feb. 2000.
15. R. Jones, P. Kelly, "Bounds checking for C," http://www-ala.doc.ic.ac.uk/phjk/BoundsChecking.html, July 1995.
16. J. Kleinwaechter, "The limitations of intrusion detection systems on high speed networks," presented at the "First International Workshop on Recent Advances in Intrusion Detection (RAID)," http://www.zurich.ibm.com/̃dac/RAID98, Louvain La Neuve, Belgium, Sept. 1998.
17. Lampson B., "Protection," republished in Proc. of the 5th Princeton Symposium, Operating System Review, Vol 8, No 1, pp 18-24, Jan. 1974.
18. MCAfee, "MCAfee.com Personal Firewall," http://www.mcafee.com/, 2000.
19. Mudge, "How to write buffer overflow," http://www.10pht.com/advisories/bufero.html 1997.
20. B.C. Neuman, T. Ts'o, "Kerberos: an authentication service for computer networks," IEEE Communications, Vol 32, No 9, pp 33-38, 1994.
21. Object Management Group, "CORBAsecurity Service version 1.5," OMG, 2000
22. Open Door Networks, "Door Stop Personal Firewall," http://www2.opendoor.com/doorstop/, 2000.
23. Russel P.R., "Linux IPCHAINS-HOWTO," http://www.linuxdoc.org, 2000.
24. Schuba C.L., Krsul I.V., Kuhn M.G., Spafford E.H., Sundaram A., Zamboni D., "Analysis of a denial of service attack on TCP," Proc. of the 1997 IEEE Symposium on Security and Privacy, pp 208-223, Oakland, May 1997.
25. A. Snarskii, "FreeBSD Stack integrity patch," ftp://ftp.lucky.net/pub/unix/local/libc-letter, 1997.
26. Solar Designer, "Non-Executable user stack," http://www.false.com/security/linux-stack/.
27. Sygate, "Sygate Personal Firewall," htpp://www.sygate.com, 2000.
28. Symantec, "Norton Personal Firewall 2001," http://www.symantec.com/, 2000.
29. TinySoftware, "Tiny Personal Firewall," http://www.tinysoftware.com, 2000.