Detecting attacks that exploit application-logic errors through application-level auditing

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2004, Pages 168-178

  Zhou, Jingyu ^a   Vigna, Giovanni ^a  

^a University of California   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION-LOGIC ERRORS; DETECTING ATTACKS; NETWORK BASED INTRUSION DETECTION SYSTEM (NIDS); OPENSSH SERVERS;

ERRORS; FORMAL LANGUAGES; MATHEMATICAL MODELS; PROBLEM SOLVING; SERVERS; USER INTERFACES; WORLD WIDE WEB;

SECURITY OF DATA;

EID: 21644485726     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2004.17     Document Type: Conference Paper

References (38)

1. M. Almgren and U. Lindqvist. Application-Integrated Data Collection for Security Monitoring. In Proceedings of Recent Advances in Intrusion Detection (RAID), LNCS, pages 22-36, Davis, CA, October 2001. Springer.
2. M. Bishop. A Standard Audit Trail Format. In Proc. 18th NIST-NCSC National Information Systems Security Conference, pages 136-145, Baltimore, MD, 1995.
3. B. Buck and J. K. Hollingsworth. An API for Runtime Code Patching. The International Journal of High Performance Computing Applications, 14(4):317-329, Winter 2000.
4. A. Chander, J. C. Mitchell, and I. Shin. Mobile Code Security by Java Bytecode Instrumentation. In DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.
5. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In 7th USENIX Security, pages 63-78, San Antonio, TX, January 1998.
6. T. W. Curry. Profiling and Tracing Dynamic Library Usage Via Interposition. In USENIX Summer 1994 Technical Conference, pages 267-278, Boston, MA, 1994.
7. D. P. Ghormley and D. Petrou and S. H. Rodrigues and T. E. Anderson. SLIC: An Extensibility System for Commodity Operating Systems. In Proceedings of the USENIX 1998 Annual Technical Conference, New Orleans, LO, 1998.
8. T. E. Daniels and E. H. Spafford. Identification of Host Audit Data to Detect Attacks on Low-level IP Vulnerabilities. Journal of Computer Security, 7(1):3-35, 1999.
9. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, San Diego, CA, October 2000.
10. S. Forrest. A Sense of Self for UNIX Processes. In Proceedings of the IEEE Symposium on Security and Privacy, pages 120-128, Oakland, CA, May 1996.
11. T. Fraser, L. Badger, and M. Feldman. Hardening COTS Software with Generic Software Wrappers. In IEEE Symposium on Security and Privacy, pages 2-16, Oakland, CA, 1999.
12. R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proc. of the Winter USENIX Technical Conference, San Francisco, CA, January 1992.
13. G. Hunt and D. Brubacher. Detours: Binary Interception of Win-32 Functions. In Proceedings of the 3rd USENIX Windows NT Symposium, pages 135-144, Seattle, WA, 1999.
14. K. Ilgun. USTAT: A Real-time Intrusion Detection System for UNIX. In Proceedings of the IEEE Symposium on Research on Security and Privacy, Oakland, CA, May 1993.
15. M. B. Jones. Interposition Agents: Transparently Interposing User Code at the System Interface. In Proceedings of the Symposium on Operating Systems Principles, pages 80-93, Asheville, NC, 1993.
16. F. Kerschbaum, E. H. Spafford, and D. Zamboni. Using Internal Sensors and Embedded Detectors for Intrusion Detection. Journal of Computer Security, 10(1-2):23-70, 2002.
17. G. H. Kim and E. H. Spafford. The Design and Implementation of Tripwire: A File System Integrity Checker. In Proceedings of the 2nd ACM Conference on Computer and communications security, pages 18-29, Fairfax, VA, 1994.
18. C. Ko and T. Redmond. Noninterference and Intrusion Detection. In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, 2002.
19. C. Ko, M. Ruschitzka, and K. Levitt. Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 175-187, Oakland, CA, May 1997.
20. B. A. Kuperman and E. Spafford. Generation of Application Level Audit Data via Library Interposition. Technical Report CERIAS TR-99-11, COAST Laboratory, Purdue University, October 1999.
21. J. Larus and E. Schnarr. EEL: Machine-Independent Executable Editing. In Proceedings of the ACM SIGPLAN '95 Conference on Programming Language Design and Implementation, La Jolla, CA, June 1995.
22. U. Lindqvist and P. Porras. Detecting Computer and Network Misuse with the Production-Based Expert System Toolset (P-BEST). In IEEE Symposium on Security and Privacy, pages 146-161, Oakland, California, May 1999.
23. T. F. Lunt. Detecting Intruders in Computer Systems. In Proceedings of the Sixth Annual Symposium and Technical Displays on Physical and Electronic Security, 1993.
24. B. P. Miller, M. Christodorescu, R. Iverson, T. Kosar, A. Mirgorodskii, and F. Popovici. Playing Inside the Black Box: Using Dynamic Instrumentation to Create Security Holes. In the Second Los Alamos Computer Science Institute Symposium, Sante Fe, NM, October 2001.
25. R. Pandey and B. Hashii. Providing Fine-Grained Access Control for Java Programs via Binary Editing. In Proc. of the 13th Conference on Object-Oriented Programming (ECOOP'99), pages 449-473, Lisbon, Portugal, 1999.
26. N. Provos. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium, Washington, DC, 2003.
27. T. Ptacek and T. Newsham. Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. Technical report, Secure Networks, January 1998.
28. X. Qie, R. Pang, and L. Peterson. Defensive Programming: Using an Annotation Toolkit to Build Dos-Resistant Software. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, Boston, MA, December 2002.
29. M. J. Ranum and F. M. Avolio. A Toolkit and Methods for Internet Firewalls. In USENIX Conference, pages 37-44, Boston, MA, 1994.
30. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA '99 Conference, Seattle, WA, November 1999.
31. T. Romer, G. Voelker, D. Lee, A. Wolman, W. Wong, H. Levy, and B. Bershad. Instrumentation and Optimization of Win32/Intel Executables Using Etch. In USENIX Windows NT Workshop, Seattle, WA, 1997.
32. SNARE - System iNtrusion Analysis and Reporting Environment, http://www.intersectalliance.com/projects/Snare.
33. S. Soman, C. Krintz, and G. Vigna. Detecting Malicious Java Code Using Virtual Machine Auditing. In Proc. of the 12th USENIX Security Symposium, pages 153-168, Washington, DC, 2003.
34. A. Srivastava and A. Eustace. ATOM - A System for Building Customized Program Analysis Tools. In Proceesings of the Symposium on Programming Language Design and Implementation, pages 196-205, Orlando, FL, 1994.
35. D. Thain and M. Livny. Multiple Bypass: Interposition Agents for Distributed Computing. Journal of Cluster Computing, 4(1):39-47, March 2001.
36. W. Venema. TCP Wrapper: network monitoring, access control, and booby traps. In USENIX Proceedings of the Third UNIX Security Symposium, Sept. 1992.
37. D. Wagner and D. Dean. Intrusion Detection via Static Analysis. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2001. IEEE Press.
38. J. Zimmermann, L. Mé, and C. Bidan. Experimenting with a Policy-Based HIDS Based on an Information Flow Control Model. In Proceedings of the 19 Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV, 2003.