Automatic extraction of accurate application-specific sandboxing policy

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3224, Issue , 2004, Pages 1-20

  Lam, Lap Chung ^a   Chiueh, Tzi Cker ^a  

^a Rether Networks Inc   (United States)

Author keywords

Intrusion detection; Mimicry attack; Non deterministic finite state automaton; Sandboxing; System call graph

Indexed keywords

APPLICATION PROGRAMS; MERCURY (METAL); MONITORING; SEMANTICS; SERVERS; THROUGHPUT;

APPLICATION BEHAVIOR MODELS; APPLICATION-SPECIFIC SYSTEMS; DETERMINISTIC FINITE STATE AUTOMATA; INTRUSION DETECTION SYSTEMS; MIMICRY ATTACK; SANDBOXING; SYSTEM CALL MONITORING; SYSTEM CALLS;

INTRUSION DETECTION;

EID: 35048824326     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30143-1_1     Document Type: Article

References (24)

1. A. Acharya and R. Mandar. Mapbox: Using parameterized behavior classes to confine untrusted applications. In Proceedings of the Tenth USENIX Security Symposium, 2000.
2. A. Alexandrov, P. Kmiec, and K. Schauser. Consh: A confined execution environment for internet computations. In USENIX Ann. Technical Conf, 99.
3. D. Balfanz and D. R. Simon. Windowbox: a simple security model for the connected desktop. In Proceedings of. the 4th USENIX Windows Systems Symposium, pages 37-48, 2000.
4. CERT Corrdingation Center. Cert summary cs-2003-01. http://www.cert.org/ summaries/, 2003.
5. T. cker Chiueh and F.-H. Hsu. Rad: A compiler time solution to buffer overflow attacks. In Proceedings of International Conference on Distributed Computing Systems (ICDCS), Phoenix, Arizona, April 2001.
6. C. Cowan, G. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Seventh USENIX Security Symposium, pages 63-78, San Antonio, Texas, January 1998.
7. H. Etho. Gcc extension for protecting applications from stack-smashing attacks. http://www.trl.ibm.com/projects/security/ssp/.
8. H. H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In Proceedings of the IEEE Symposium on Security and Privacy, pages 62-76, Berkeley, CA, May 2003. IEE Press.
9. J. T. Giffin, S. Jha, and B. P. Miller. Detecting manipulated remote call streams. USENIX Security Symposium, August 2002.
10. J. T. Giffin, S. Jha, and B. P. Miller. Efficient context-sensitive intrusion detection. 11th Annual Network and Distributed System Security Symposium, February 2004.
11. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications. In Proceedings of the 6th Usenix Security Symposium, San Jose, CA, USA, 1996.
12. R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, pages 125-136, 1992.
13. S. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3), 1998.
14. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In 11th USENIX Security Symposium, August 2002.
15. N. Nguyen, P. Reiher, and G. H. Kuenning. Detecting insider threats by monitoring system call activity. In IEEE Information Assurance Workshop, United States Military Academy West Point, New York, June 2003.
16. M. Prasad and T. cker Chiueh. A binary rewriting approach to stack-based buffer overflow attacks. In Proceedings of 2003 USENIX Conference, June 2003.
17. V. Prevelakis and D. Spinellis. Sandboxing applications. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pages 119-126, Berkeley, CA, June 2001. USENIX Association.
18. R. Sekar, M. Bendre, P. Bollineni, and D. Dhurjati. A fast automaton-based method for detecting anomalous program behaviors. IEEE Symposium on Security and Privacy, pages 144-155, 2001.
19. Solar Designer. Non-executable user stack. http://www.false.com/security/ linux-stack/.
20. TESO Security. x86/linux wu_tpd remote root exploit. htip:// packetstormsecurity.nl/0205-exploits/7350ururm.c.
21. Vendicator. Stackshield: A "stack smashing" technique protection tool for linux. http://www.angelfire.com/sk/stackshield/.
22. D. Wagner and D. Dean. Intrusion detection via static analysis. In Proceedings of the IEEE Symposium on Security and Privacy, pages 156-169, Oakland, CA, May 2001. IEEE Press.
23. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security, November 2002.
24. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models, May 1999.