Lurking in the shadows: Identifying systemic threats to kernel data (short paper)

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2007, Pages 246-251

  Baliga, Arati ^a   Kamat, Pandurang ^a   Iftode, Liviu ^a  

^a RUTGERS UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); COMPUTER SYSTEMS; DATA STRUCTURES; KNOWLEDGE ENGINEERING; SOFTWARE PROTOTYPING;

KERNEL INTEGRITY MONITORS; MALICIOUS MODIFICATIONS; ROOTKIT WRITERS;

INTRUSION DETECTION;

EID: 34548708575     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2007.25     Document Type: Conference Paper

References (18)

1. Advanced intrusion detection environment. http://sourceforge.net/ projects/aide.
2. The marsaglia random number cdrom including the diehard battery of tests of randomness. G Marsaglia - See http://stat.fsu.edu/pub/diehard, 1996.
3. Registration weakness in linux kernel's binary formats. Shellcode - See http://www.packetstormsecurity.org/papers/general/binfmt-en.pdf, 2006.
4. D. Beck, B. Vo, and C. Verbowski. Detecting stealth software with strider ghostbuster. In Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN'05).
5. T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proc. Network and Distributed Systems Security Symposium, 2003.
6. Z. Gutterman, B. Pinkas, and T. Reinman. Analysis of the linux random number generator. In Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE Computer Society, 2006.
7. N. L. P. Jr., T. Fraser, J. Molina, and W. A. Arbaugh. Copilot - a coprocessor-based kernel runtime integrity monitor. In USENIX Security Symposium, 2004.
8. N. L. P. Jr., T. Fraser, A. Walters, and W. A. Arbaugh. An architecture for specification-based detection of semantic integrity violations in kernel dynamic data. In USENIX Security Symposium, 2006.
9. R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. 12th USENIX Security Symposium, Washington DC, 09 2003.
10. G. H. Kim and E. H. Spafford. The design and implementation of tripwire: a file system integrity checker. In Proceedings of the 2nd ACM Conference on Computer and communications security, 1994.
11. D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage. Inferring internet denial-of-service activity. ACM Trans. Comput. Syst., 24(2):115-139, 2006.
12. C. L. Schuba, I. V. Krsul, M. G. Kuhn, E. H. spafford, A. Sundaram, and D. Zamboni. Analysis of a denial of service attack on tcp. sp, 00:0208, 1997.
13. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doom, and P. K. Khosla. Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In SOSP, pages 1-16, 2005.
14. A. Seshadri, A. Perrig, L. van Doom, and P. Khosla. Swatt: Software-based attestation for embedded devices. sp, 00:272, 2004.
15. A. Shamir and N. van Someren. Playing "hide and seek" with stored keys. In FC '99: Proceedings of the Third International Conference on Financial Cryptography, pages 118-124, London, UK, 1999. Springer-Verlag.
16. E. Shi, A. Perrig, and L. van Doom. Bind: A fine-grained attestation service for secure distributed systems. In IEEE Symposium on Security and Privacy, pages 154-168, 2005.
17. H. Wang, D. Zhang, and K. Shin. Detecting syn flooding attacks. 2002.
18. X. Zhang, L. van Doom, T. Jaeger, R. Perez, and R. Sailer. Secure coprocessor-based intrusion detection. In Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, 2002.