Backtracking intrusions

Operating Systems Review (ACM)

Volumn 37, Issue 5, 2003, Pages 223-236

  King, Samuel T ^a   Chen, Peter M ^a  

^a UNIVERSITY OF MICHIGAN   (United States)

Author keywords

Computer forensics; Information flow; Intrusion analysis

Indexed keywords

COMPUTER SOFTWARE; COMPUTER SYSTEMS; CRYPTOGRAPHY; GRAPH THEORY; INFORMATION ANALYSIS; SEMANTICS; WORLD WIDE WEB;

COMPUTER FORENSICS; INFORMATION FLOW; INTRUSION ANALYSIS; SYSTEM ADMINISTRATORS;

COMPUTER OPERATING SYSTEMS;

EID: 21644490164     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1165389.945467     Document Type: Conference Paper

References (29)

1. Steps for Recovering from a UNIX or NT System Compromise. Technical report, CERT Coordination Center, April 2000. http://www.cert.org/tech_tips/ win-UNIX-system_compromise.htnil.
2. Detecting Signs of Intrusion. Technical Report CMU/SEI-SIM-009, CERT Coordination Center, April 2001. http://www.cert.org/security-improvement/modules/m09.html.
3. L-133: Sendmail Debugger Arbitrary Code Execution Vulnerability. Technical report, Computer Incident Advisory Capability, August 2001. http://www.ciac.org/ciac/bulletins/l-133.shtml.
4. CERT/CC Overview Incident and Vulnerability Trends. Technical report, CERT Coordination Center, April 2002. http://www.cert.org/present/cert-overview-trends/.
5. Multiple Vulnerabilities In OpenSSL. Technical Report CERT Advisory CA-2002-23, CERT Coordination Center, July 2002. http://www.cert.org/advisories/CA-2002-23.html.
6. Paul Ammann, Sushil Jajodia, and Peng Liu. Recovery from Malicious Transactions. IEEE Transactions on Knowledge and Data Engineering, 14(5): 1167-1185, September 2002.
7. Ken Ashcraft and Dawson Engler. Using Programmer-Written Compiler Extensions to Catch Security Holes. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002.
8. Kerstin Buchacker and Volkmar Sieh. Framework for testing the fault-tolerance of systems including OS and network aspects. In Proceedings of the 2001 IEEE Symposium on High Assurance System Engineering (HASE), pages 95-105, October 2001.
9. Bill Cheswick. An Evening with Berferd in Which a Cracker is Lured, Endured, and Studied. In Proceedings of the Winter 1992 USENIX Technical Conference, pages 163-174, January 1992.
10. Alan M. Christie. The Incident Detection, Analysis, and Response (IDAR) Project. Technical report, CERT Coordination Center, July 2002. http://www.cert.org/idar.
11. Dorothy E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, May 1976.
12. George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza Basrai, and Peter M. Chen. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In Proceedings of the 2002 Symposium on Operating Systems Design and Implementation (OSDI), pages 211-224, December 2002.
13. Dan Farmer. What are MACtimes? Dr. Dobb's Journal, October 2000.
14. Dan Farmer. Bring out your dead. Dr. Dobb's Journal, January 2001.
15. Dan Farmer and Wietse Venema. Forensic computer analysis: an introduction. Dr. Dobb's Journal, September 2000.
16. Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, and Thomas A. Longstaff. A sense of self for Unix processes. In Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, 1996.
17. Tal Garfinkel and Mendel Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the 2003 Network and Distributed System Security Symposium (NDSS), February 2003.
18. Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. A Secure Environment for Untrusted Helper Applications. In Proceedings of the 1996 USENIX Technical Conference, July 1996.
19. Xie Huagang. Build a secure system with LIDS, 2000. http://www.lids.org/document/build_lids-0.2.html.
20. Gene H. Kim and Eugene H. Spafford. The design and implementation of Tripwire: a file system integrity checker. In Proceedings of 1994 ACM Conference on Computer and Communications Security (CCS), November 1994.
21. Samuel T. King, George W. Dunlap, and Peter M. Chen. Operating System Support for Virtual Machines. In Proceedings of the 2003 USENIX Technical Conference, pages 71-84, June 2003.
22. Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe. Secure Execution Via Program Shepherding. In Proceedings of the 2002 USENIX Security Symposium, August 2002.
23. Leslie Lamport. Time, Clocks, and the Ordering of Events in a Distributed System. Communications of the ACM, 21(7):558-565, July 1978.
24. Butler W. Lampson. A Note on the Confinement Problem. Communications of the ACM, 16(10):613-615, October 1973.
25. The Honeynet Project, editor. Know your enemy: revealing the security tools, tactics, and motives of the blackhat community. Addison Wesley, August 2001.
26. Frank Tip. A survey of program slicing techniques. Journal of Programming Languages, 3(3), 1995.
27. W. M. Tyson. DERBI: Diagnosis, Explanation and Recovery from Computer Break-ins. Technical Report DARPA Project F30602-96-C-0295 Final Report, SRI International, Artificial Intelligence Center, January 2001. http://www.dougmoran.com/dmoran/publications.html.
28. Larry Wall, Tom Christiansen, and Jon Orwant. Programming Perl, 3rd edition. O'Reilly & Associates, July 2000.
29. Ningning Zhu and Tzi-cker Chiueh. Design, Implementation, and Evaluation of Repairable File Service. In Proceedings of the 2003 International Conference on Dependable Systems and Networks (DSN), June 2003.