Tamper-resistant, application-aware blocking of malicious network connections

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5230 LNCS, Issue , 2008, Pages 39-58

  Srivastava, Abhinav ^a   Giffin, Jonathon ^a  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Attack prevention; Firewall; Virtual machine introspection

Indexed keywords

ATTACK PREVENTION; BACKDOORS; EXTERNAL PROTECTIONS; FIREWALL; HYPERVISOR; LINUX SYSTEMS; MALICIOUS PACKETS; MALICIOUS TRAFFICS; MALWARE; MILLISECOND DELAYS; NETWORK CONNECTIONS; NETWORK FLOWS; PROCESS INFORMATIONS; PROCESS KNOWLEDGES; PROCESS-ORIENTED; TCP CONNECTIONS; UDP TRAFFICS; VIRTUAL MACHINE INTROSPECTION; VIRTUAL MACHINES;

APPLICATIONS; COMPUTER CRIME; COMPUTER SYSTEM FIREWALLS; INTERNET PROTOCOLS; INTRUSION DETECTION; PROCESS ENGINEERING; TRANSMISSION CONTROL PROTOCOL;

COMPUTER NETWORKS;

EID: 56549109177     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-87403-4_3     Document Type: Conference Paper

References (33)

1. Baliga, A., Kamat, P., Iftode, L.: Lurking in the shadows: Identifying systemic threats to kernel data. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2007)
2. th ACM Symposium on Operating Systems Principles (SOSP), Bolton Landing, NY (October 2003)
3. Bellovin, S.: Distributed firewalls. login (November 1999)
4. Borders, K., Zhao, X., Prakash, A.: Siren: Catching evasive malware. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2005)
5. CERT. TCP SYN Flooding and IP Spoofing Attacks. CERT Advisory CS-1996-21 (Last accessed April 4, 2008), http://www.cert.org/advisories/CA-1996-21.html
6. Check Point. ZoneAlarm (Last accessed April 4, 2008), http://www.zonealarm.com/store/content/home.jsp
7. Community Developers. Ebtables (Last accessed November 1, 2007), http://ebtables.sourceforge.net/
8. Community Developers. Tripwire (Last accessed November 1, 2007), http://sourceforge.net/projects/tripwire/
9. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: ACM Symposium on Operating Systems Principles (SOSP), October 2003, Bolton Landing, NY (2003)
10. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feburary (2003)
11. Garfinkel, T., Rosenblum, M., Boneh, D.: Flexible OS support and applications for trusted computing. In: 9th Hot Topics in Operating Systems (HOTOS), Lihue, HI (May 2003)
12. Oskoboiny, G.: Whiteiist-based spam filtering (Last accessed April 4, 2008), http://impressive.net/people/gerald/2000/12/spam-filtering.html
13. Grok. Coromputer Dunno (Last accessed April 4, 2008), http://lists.grok.org.uk/pipermail/full-disclosure/attacnments/20070911/ 87396911/attachment-0001.txt
14. Honeynet Project. Q8 (Last accessed April 4, 2008), http://www.honeynet. org/papers/bots/
15. loannidis, S., Keromytis, A., Bellovin, S., Smith, J.: Implementing a distributed firewall. In: ACM Conference on Computer and Communications Security (CCS), Athens, Greece (November 2000)
16. Jiang, X., Wang, X.: Out-of-the-box monitoring of VM-based high-interaction honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 198-218. Springer, Heidelberg (2007)
17. th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA (November 2007)
18. LKCD Project. LKCD - Linux Kernel Crash Dump (Last accessed April 4, 2008), http://lkcd.sourceforge.net/
19. nd ACM Workshop on Scalable Trusted Computing (STC), Alexandria, VA (November 2007)
20. McAfee. BackDoor-Rev.b. (Last accessed April 4. 2008), http://vil.nai.com/vil/Content/v_136510.htm
21. Mogul, J., Rashid, R., Accetta, M.: The packet filter: An efficient mechanism for user-level network code. In: ACM Symposium on Operating Systems Principles (SOSP), Austin, TX (November 1987)
22. Packet Storm (Last accessed April 4, 2008), http://packetstormsecurity. org/UNIX/penetration/rootkits/bdoor.c.blackhole.c,cheetah,c,server.c,ovasOn.c
23. Packet Storm (Last accessed April 4, 2008), http://packetstormsecurity. org/0209-exploits/apache-ssl-bug.c, apache-lirtux.txt
24. Packet Storm. Kaiten (Last accessed April 4, 2008), http:// packetstormsecurity.org/irc/kaiten.c
25. rd Annual Computer Security Applications Conference (ACSAC), Miami, FL (December 2007)
26. th USENIX Security Symposium, Vancouver, BC, Canada (August 2006)
27. th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA (November 2007)
28. Ta-Min, R., Litty, L., Lie, D.: Splitting interfaces: Making trust between applications and operating systems configurable. In: Symposium on Operating System Design and Implementation (OSDI), Seattle, WA (October 2006)
29. Venema, W.: TCP wrapper: Network monitoring, access control and booby traps. In: USENIX UNIX Security Symposium, Baltimore, MD (September 1992)
30. Whitaker, A., Cox, R.S., Shaw, M., Gribble, S.D.: Constructing services with interposable virtual hardware. In: 1st Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA (March 2004)
31. XenAccess Project. XenAccess Library (Last accessed April 4, 2008), http://xenaccess.sourceforge.net/
32. Xu, M., Jiang, X., Sandhu, R., Zhang, X.: Towards a VMM-based usage control framework for OS kernel integrity protection. In: 12th ACM Symposium on Access Control Models and Technologies (SACMAT), Sophia Antipolis, France (June 2007)
33. Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing systemwide information flow for malware detection and analysis. In: ACM Conference on Computer and Communications Security (CCS), Arlington, VA (October 2007)