SubDomain: Parsimonious server security

Proceedings of the 14th Conference on Systems Administration, LISA 2000

Volumn , Issue , 2000, Pages 355-367

  Cowan, Crispin ^a   Beattie, Steve ^a   Kroah Hartman, Greg ^a   Pu, Calton ^a   Wagle, Perry ^a   Gligor, Virgil ^a  

^a WireX Communications

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION PROGRAMS; HTTP; NETWORK SECURITY;

IMPLEMENTATION COST; INTERNET SECURITY; INTERNET SERVERS; INTERNET SERVICES; PERFORMANCE METRICS; SECURITY ADMINISTRATOR; SECURITY ARCHITECTURE; SECURITY PROBLEMS;

INTERNET PROTOCOLS;

EID: 10044275460     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (42)

1. Alpern, Bowen and Fred B. Schneider, "Defining Liveness," Information Processing Letters, 21(4):181-185, 1985.
2. Amoroso, Edward, Fundamentals of Computer Security Technology, Prentice Hall, Englewood Cliffs, NJ, 1994.
3. Anonymous, The Java Web Server Architecture Overview, http://www.javasoft.com/products/javaserver/documentation/webserver1.1/, 1997.
4. Anonymous, JDK 1.2 Security, http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html, March 1998.
5. Assorted, NCSA HTTPd Tutorial: Server Side Includes, http://hoohoo.ncsa.uiuc.edu/docs/tutorials/includes.html.
6. Assorted, PHP Hypertext Processor, http://php3.org/.
7. L. Badger, D. F. Sterne, et al., "Practical Domain and Type Enforcement for UNIX," Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1995.
8. Lee Badger, Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, and Sheila A. Haghighat, "A Domain and Type Enforcement UNIX Prototype," Proceedings of the USENIX Security Conference, 1995.
9. Brian Behlendorf, Roy T. Fielding, Rob Hartill, David Robinson, Cliff Skolnick, Randy Terbush, Robert S. Thau, and Andrew Wilson, Apache HTTP Server Project, http://www.apache.org.
10. Andrew Berman, Virgil Bourassa, and Erik Selberg, "TRON: Process-Specific File Protection for the UNIX Operating System," Proceedings of the 1995 Winter USENIX Conference, USENIX Association, 1995.
11. D. J. Bernstein, qmail, http://cr.yp.to/qmail.html, 1990.
12. M. Bishop and M. Digler, "Checking for Race Conditions in File Accesses," Computing Systems, 9(2):131-152, http://olympus.cs.ucdavis.edu/bishop/scriv/index.html, Spring 1996.
13. W. E. Bobert and R. Y. Kain, "A Practical Alternative to Hierarchical Integrity Policies," Proceedings of the 8th National Computer Security Conference, Gaithersburg, MD, 1985.
14. CERT, Advisory CA-96.06: Vulnerability in NCSA/Apache CGI Example Code, ftp://info. cert.org/pub/cert-advisories/CA-96.06.cgi-example-code, September 1996.
15. CERT, Advisory CA-98.05: Multiple Vulnerabilities in BIND, ftp://info.cert.org/pub/cert-advisories/CA-98.05.bind-problems, May 1998.
16. Crispin Cowan, Ryan Finnin Day, and Hao Zhao, In Dependence: Automating the Discovery of Application Dependencies, http://www.cse.ogi.edu/DISC/projects/independence, 1997.
17. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," 7th USENIX Security Conference, pages 63-77, San Antonio, TX, January 1998.
18. Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole, "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade," DARPA Information Survivability Conference and Expo (DISCEX), January 2000; Also presented as an invited talk at SANS 2000, Orlando, FL, http://schafercorp-ballston.com/discex, March 23-26, 2000.
19. Michele Crabb, "Curmudgeon's Executive Summary," The SANS Network Security Digest, Michele Crabb, editor, Contributing Editors: Matt Bishop, Gene Spafford, Steve Bellovin, Gene Schultz, Rob Kolstad, Marcus Ranum, Dorothy Denning, Dan Geer, Peter Neumann, Peter Galvin, David Harley, Jean Chouanard, SANS, 1997.
20. Drew Dean, Edward W. Felten, and Dan S. Wallach, "Java Security: From HotJava to Netscape and Beyond," Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, http://www.cs.princeton.edu/sip/pub/secure96.html, 1996.
21. eEye, IIS Remote Hole, http://www.eye.com/database/advisories/ad06081999/ad06081999.html, June 1999.
22. David F. Ferraiolo and Richard Kuhn, "Role-Based Access Control," Proceedings of the 15th National Computer Security Conference, Baltimore, MD, October 1992.
23. Tim Fraser, Lee Badger, and Mark Feldman, "Hardening COTS Software with Generic Software Wrappers," Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.
24. Neal Glew and Greg Morrisett, "Type-Safe Linking and Modular Assembly Language," Twenty-Sixth ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 250-261, San Antonio, TX, http://www.cs.cornell.edu/talc/papers.html, January 1999.
25. Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer, "A Secure Environment for Untrusted Helper Applications," 6th USENIX Security Conference, San Jose, CA, July 1996.
26. James Gosling and Henry McGilton, "The Java Language Environment: A White Paper," http://www.javasoft.com/docs/white/langenv/, May 1996.
27. J. A. McLean, "A General Theory of the Composition for Trace Sets Closed Under Selective Interleaving Functions," Proceedings of the IEEE Symposium on Security and Privacy, pages 79-93, Oakland, CA, May 1994.
28. Terrance Mitchem, Raymond Lu, and Richard O'Brien, "Using Kernel Hypervisors to Secure Applications," Proceedings of the Annual Computer Security Application Conference, December 1997.
29. Mudge, How to Write Buffer Overflows, http://l0pht.com/advisories/bufero.html, 1997.
30. George C. Necula and Peter Lee, "Safe Kernel Extensions Without Run-Time Checking," Proceedings of the USENIX 2nd Symposium on OS Design and Implementation (OSDI'96), http://www.usenix.org/publications/library/proceedings/osdi96/necula.html, 1996.
31. Nathan Neulinger, CGIWrap: User CGI Access, http://www.unixtools.org/cgiwrap/, 1997.
32. Aleph One, "Smashing The Stack For Fun And Profit," Phrack, 7(49), November 1996.
33. Jerome H. Saltzer and Michael D. Schroeder, "The Protection of Information in Computer Systems," Proceedings of the IEEE, 63(9), November 1975.
34. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Role Based Access Control Models," IEEE Computer, pages 38-47, February 1996.
35. Howie Shrobe, ARPATech '96 Information Survivability Briefing, http://www.darpa.mil/ito/ARPATech96-Briefs/survivability/survive-brief.html, May 1996.
36. Marc Slemko, Microsoft FrontPage 98 Security Hell, http://www.worldgate.com/marcs/fp/, October 1997.
37. Robert E. Strom and Shaula Alexander Yemini, "Typestate: A Programming Language Concept for Enhancing Software Reliability," IEEE Transactions on Software Engineering, 12(1):157-171, January 1986.
38. Linus Torvalds, et al., Linux Operating System, http://www.linux.org/.
39. United States Department of Defense, Reference Manual for the Ada Programming Language ANSI/MIL-STD-1815A-1983, United States Department of Defense, February 1983.
40. Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham, "Efficient Software-Based Fault Isolation," Proceedings of the Fourteenth ACM Symposium on Operating System Principles (SOSP'93), pages 203-216, Asheville, NC, December 1993.
41. Larry Wall, Tom Christiansen, and Randal L. Schwartz, Programming Perl, O'Reilly & Associates, Inc., 2nd edition, 1996.
42. D. R. Wichers, D. M. Cook, R. A. Olsson, J. Crossley, P. Kerchen, K. Levitt, and R. Lo, "PACL's: An Access Control List Approach to Anti-viral Security," Proceedings of the 13th National Computer Security Conference, pages 340-349, Washington, DC, October 1-4 1990.