Survivability: Synergizing Security and Reliability

Advances in Computers

Volumn 60, Issue C, 2004, Pages 121-146

  Cowan, Crispin ^a  

^a Immunix Inc   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 77956778208     PISSN: 00652458     EISSN: None     Source Type: Book Series    
DOI: 10.1016/S0065-2458(03)60004-5     Document Type: Review

References (97)

1. Adelsbach A., Cachin C., Creese S., Deswarte Y., Kursawe K., Laprie J.-C., Powell D., Randell B., Riodan J., Ryan P., Simmionds W., Stroud R.J., Verssimo P., Waidner M., and Wespi A. Conceptual Model and Architecture of MAFTIA (January 31, 2003), LAAS-CNRS, Toulouse, and University of Newcastle upon Tyne. http://www.laas.research.ec.org/maftia/deliverables/D21.pdf Report MAFTIA deliverable D21
2. Arce I. Woah, please back up for one second (October 31, 2000). http://online.securityfocus.com/archive/98/142495 Definition of security and reliability
3. Badger L., Sterne D.F., et al. Practical domain and type enforcement for UNIX. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 1995)
4. Badger L., Sterne D.F., Sherman D.L., Walker K.M., and Haghighat S.A. A domain and type enforcement UNIX prototype. Proceedings of the USENIX Security Conference (1995)
5. Balzer R. Assuring the safety of opening email attachments. DARPA Information Survivability Conference and Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
6. Baratloo A., Singh N., and Tsai T. Transparent run-time defense against stack smashing attacks. 2000 USENIX Annual Technical Conference, San Diego, CA (June 18-23, 2000)
7. Beattie S.M., Cowan C., Arnold S., Wagle P., Wright C., and Shostack A. Timing the application of security patches for optimal uptime. USENIX 16th Systems Administration Conference (LISA), Philadelphia, PA (November 2002)
8. Bellovin S.M. Distributed firewalls. ;login: 24 (November 1999)
9. Bester J., Walther A., Erlinger M., Buchheim T., Feinstein B., Mathews G., Pollock R., and Levitt K. GlobalGuard: Creating the IETF-IDWG Intrusion Alert Protocol (IAP). DARPA Information Survivability Conference Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
10. Bhatkar S., DuVarney D.C., and Sekar R. Address obfuscation: an approach to combat buffer overflows, format-string attacks, and more. 12th USENIX Security Symposium, Washington, DC (August 2003)
11. Bobert W.E., and Kain R.Y. A practical alternative to hierarchical integrity policies. Proceedings of the 8th National Computer Security Conference, Gaithersburg, MD (1985)
12. Bray B. Report. How Visual C++ .Net Can Prevent Buffer Overruns (2001), Microsoft
13. Browne H.K., Arbaugh W.A., McHugh J., and Fithen W.L. A trend analysis of exploitations. Proceedings of the 2001 IEEE Security and Privacy Conference, Oakland, CA (May 2001) 214-229. http://www.cs.umd.edu/~waa/pubs/CS-TR-4200.pdf http://www.cs.umd.edu/~waa/pubs/CS-TR-4200.pdf
14. CERT Coordination Center. CERT Advisory CA-1999-04 Melissa Macro Virus (March 27, 1999). http://www.cert.org/advisories/CA-1999-04.html
15. CERT Coordination Center. CERT Advisory CA-2000-04 Love Letter Worm (May 4, 2000). http://www.cert.org/advisories/CA-2000-04.html
16. CERT Coordination Center. CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library (March 12, 2002). http://www.cert.org/advisories/CA-2002-07.html
17. CERT Coordination Center. CERT Incident Note IN-2003-03 (August 22, 2003). http://www.cert.org/incident_notes/IN-2003-03.html
18. Chen H., and Wagner D. MOPS: an infrastructure for examining security properties of software. Proceedings of the ACM Conference on Computer and Communications Security, Washington, DC (November 2002)
19. Cheswick W.R., and Bellovin S.M. Firewalls and Internet Security: Repelling the Wily Hacker (1994), Addison-Wesley
20. Cowan C., Arnold S., Beattie S.M., and Wright C. Defcon capture the flag: Defending vulnerable code from intense attack. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
21. Cowan C., Barringer M., Beattie S., Kroah-Hartman G., Frantzen M., and Lokier J. FormatGuard: automatic protection from printf format string vulnerabilities. USENIX Security Symposium, Washington, DC (August 2001)
22. Cowan C., Beattie S., Johansen J., and Wagle P. PointGuard: protecting pointers from buffer overflow vulnerabilities. USENIX Security Symposium, Washington, DC (August 2003)
23. Cowan C., Beattie S., Pu C., Wagle P., and Gligor V. SubDomain: parsimonious server security. USENIX 14th Systems Administration Conference (LISA), New Orleans, LA (December 2000)
24. Cowan C., Beattie S., Wright C., and Kroah-Hartman G. RaceGuard: kernel protection from temporary file race vulnerabilities. USENIX Security Symposium, Washington, DC (August 2001)
25. Cowan C., Hinton H., Pu C., and Walpole J. The cracker patch choice: an analysis of post hoc security techniques. Proceedings of the 19th National Information Systems Security Conference (NISSC 2000), Baltimore, MD (October 2000)
26. Cowan C., Pu C., and Hinton H. Death, taxes, and imperfect software: surviving the inevitable. Proceedings of the New Security Paradigms Workshop, Charlottesville, VA (September 1998)
27. Cowan C., Pu C., Maier D., Hinton H., Bakke P., Beattie S., Grier A., Wagle P., and Zhang Q. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. 7th USENIX Security Conference, San Antonio, TX (January 1998) 63-77
28. Cowan C., Wagle P., Pu C., Beattie S., and Walpole J. Buffer overflows: attacks and defenses for the vulnerability of the decade. DARPA Information Survivability Conference and Expo (DISCEX) (January 2000). http://schafercorp-ballston.com/discex Also presented as an invited talk at SANS 2000, March 23-26, 2000, Orlando, FL, http://schafercorp-ballston.com/discex
29. "Solar Designer", Non-Executable User Stack. http://www.openwall.com/linux/
30. Dietrich S., and Ryan P.Y.A. The survivability of survivability. Proceedings of the Information Survivability Workshop (ISW 2002), Vancouver, BC (March 2002)
31. Ellison R.J., Fisher D.A., Linger R.C., Lipson H.F., Longstaff T., and Mead N.R. Survivable Network Systems: An Emerging Discipline, Report CMU/SEI-97-TR-013 (November 1997), Software Engineering Institute. http://www.cert.org/research/tr13/97tr013title.html
32. Eskin E., Lee W., and Stolfo S.J. Modeling system calls for intrusion detecting with dynamic window sizes. DARPA Information Survivability Conference and Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
33. Etoh H. GCC extension for protecting applications from stack-smashing attacks (November 21, 2000). http://www.trl.ibm.com/projects/security/ssp/
34. Feinstein L., Schnackenberg D., Balupari R., and Kindred D. Statistical approaches to DDoS attack detection and response. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
35. Forrest S., Hofmeyr S.A., Somayaji A., and Longstaff T.A. A sense of self for UNIX processes. Proceedings of the IEEE Symposium on Security Privacy, Oakland, CA (1996)
36. Forrest S., Somayaji A., and Ackley D.H. Building diverse computer systems. HotOS-VI (May 1997)
37. Fraiser T., Loscocco P., Smalley S., et al. Security enhanced Linux (January 2, 2001). http://www.nsa.gov/selinux/
38. Fraser T., Badger L., and Feldman M. Hardening COTS software with generic software wrappers. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 1999)
39. Gao Z., Hui Ong C., and Kiong Tan W. Survivability assessment: modelling dependencies in information systems. Proceedings of the Information Survivability Workshop (ISW 2002), Vancouver, BC (March 2002)
40. Ghosh A.K., Schwatzbard A., and Shatz M. Learning program behavior profiles for intrusion detection. Proceedings of the First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA (April 1999)
41. Gosling J., and McGilton H. The Java language environment: A White Paper (May 1996). http://www.javasoft.com/docs/white/langenv/
42. Hamonds K.H. The strategy of the Fighter Pilot. Fast Company 59 (June 2002)
43. Hollebeek T., and Berrier D. Interception, wrapping and analysis framework for Win32 Scripts. DARPA Information Survivability Conference and Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
44. Hurley E. Keeping up with patch work near impossible. SearchSecurity (January 17, 2002). http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci796744,00.html
45. Tripwire Security Incorporated. Tripwire.org: Tripwire for Linux. http://www.tripwire.org/
46. Jim T., Morrisett G., Grossman D., Hicks M., Cheney J., and Wang Y. Cyclone: A safe dialect of C. Proceedings of USENIX Annual Technical Conference, Monteray, CA (June 2002)
47. Just J.E., and Reynolds J.C. HACQIT: Hierarchical adaptive control of QoS for intrusion tolerance. Annual Computer Security Applications Conference (ACSAC), New Orleans, LA (December 10-14, 2001)
48. Kc G.S., Keromytis A.D., and Prevelakis V. Countering CodeInjection attacks with InstructionSet randomization. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington, DC (October 2003)
49. Kernighan B.W., and Ritchie D.M. The C Programming Language. second ed. (1988), Prentice-Hall, Englewood Cliffs, NJ
50. Kewley D., Fink R., Lowry J., and Dean M. Dynamic approaches to thwart adversary intelligence gathering. DARPA Information Survivability Conference and Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
51. Kim G.H., and Spafford E.H. Writing, supporting, and evaluating Tripwire: A publicly available security tool. Proceedings of the USENIX UNIX Applications Development Symposium, Toronto, Canada (1994) 88-107
52. Knight J.C., and Leveson N.G. An experimental evaluation of the assumptions of independence in multiversion programming. IEEE Transactions on Software Engineering 12 1 (1986) 96-109
53. Knight J.C., Strunk E.A., and Sullivan K.J. Towards a rigorous definition of information system survivability. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
54. Lampson B.W. Protection. Proceedings of the 5th Princeton Conference on Information Sciences and Systems, Princeton, NJ (1971) Reprinted in
55. Lampson B.W. Protection. ACM Operating Systems Review 8 1 (January 1974) 18-24
56. Lee W., Stoflo S.J., Chan P.K., Eskin E., Fan W., Miller M., Hershkop S., and Zhang J. Real time data mining-based intrusion detection. DARPA Information Survivability Conference and Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
57. Levin D. Lessons learned in using live red teams in IA experiments. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
58. Lippmann R., Haines J.W., Fried D.J., Korba J., and Das K. The 1999 DARPA off-line intrusion detection evaluation. Recent Advances in Intrusion Detection (RAID), Toulouse, France (October 2-4, 2000)
59. Liu P. Engineering a distributed intrusion tolerant database system using COTS components. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
60. Liu P., and Pal P. Workshop on Survivable and Self-Regenerative Systems (October 31, 2003) In conjunction with the ACM International Conference on Computer and Communications Security (CCS-10)
61. Loscocco P., and Smalley S. Integrating flexible support for security policies into the Linux operating system. Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01) (June 2001)
62. McHugh J. The 1998 Lincoln Lab IDS evaluation-a critique. Recent Advances in Intrusion Detection (RAID), Toulouse, France (October 2-4, 2000)
63. Michael C.C. Finding the vocabulary of program behavior data for anomaly detection. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
64. Milner R., Tofte M., and Harper R. The Definition of Standard ML (1990), The MIT Press
65. Necula G.C., McPeak S., and Weimer W. CCured: type-safe retrofitting of legacy code. Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL02), London, UK (January 2002). http://raw.cs.berkeley.edu/Papers/ccured_popl02.pdf Also available at
66. O'Brien D. Intrusion tolerance via network layer controls. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
67. Papadopoulos C., Lindell R., Mehringer J., Hussain A., and Govindan R. COSSACK: Coordinated Suppression of Simultaneous Attacks. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
68. Payne C., and Markham T. Architecture and applications for a distributed embedded firewall. Annual Computer Security Applications Conference (ACSAC), New Orleans, LA (December 10-14, 2001)
69. Porras P., and Neumann P. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. Proceedings of the 20th National Information Systems Security Conference (NISSC 1997), Baltimore, MD (October 1997)
70. Ptacek T.H., and Newsham T.N. Insertion, Evation, and Denial of Service: Eluding Network Intrusion Detection, Report (January 1998), Network Associates Inc. http://www.nai.com/products/security/advisory/papers/ids-html/doc001.asp
71. Rushby J. Critical system properties: Survey and taxonomy. Reliability Engineering and System Safety 43 2 (1994) 189-219
72. Saltzer J.H., and Schroeder M.D. The protection of information in computer systems. Proceedings of the IEEE 63 9 (November 1975)
73. Savage S., Wetherall D., Karlin A., and Anderson T. Network support for IP traceback. IEEE/ACM Transactions on Networking 9 3 (June 2001) 226-237
74. Schmid M., Hill F., Ghosh A.K., and Bloch J.T. Preventing the execution of unauthorized Win32 applications. DARPA Information Survivability Conference and Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
75. Schnackenberg D., Djahandari K., and Sterne D. Infrastructure for intrusion detection and response. DARPA Information Survivability Conference and Expo (DISCEX) (January 2000)
76. Secure Software. RATS: Rough Auditing Tool for Security (July 2002). http://www.securesoftware.com/download_rats.htm
77. Song D. Fragroute (May 27, 2002). http://monkey.org/~dugsong/fragroute/
78. Stavridou V., Dutertre B., Riemenschneider R.A., and Saldi H. Intrusion tolerant software architectures. DARPA Information Survivability Conference and Expo (DISCEX II), Anaheim, CA (June 12-14, 2001)
79. Strom R.E., Bacon D.F., Goldberg A., Lowry A., Yellin D., and Yemini S.A. Hermes: A Language for Distributed Computing (1991), Prentice-Hall
80. Strom R.E., and Yemini S.A. Typestate: A programming language concept for enhancing software reliability. IEEE Transactions on Software Engineering 12 1 (January 1986) 157-171
81. Stroustrup B. The C++ Programming Language (1987), Addison-Wesley, Reading, MA
82. Tan K.M.C., and Maxion R.A. "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2002)
83. 'The PaX Team'. PaX (May 2003). http://pageexec.virtualave.net/
84. "tf8", Wu-Ftpd remote format string stack overwrite vulnerability (June 22, 2000). http://www.securityfocus.com/bid/1387
85. Thomas R., Mark B., Johnson T., and Croall J. NetBouncer: client-legitimacy-based high-performance DDoS filtering. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
86. Turing A. On computable numbers with an application to the Entscheidungsproblem. Proc. London Math. Society 42 2 (1937) 230-265
87. Valdes A. Detecting novel scans through pattern anomaly detection. DARPA Information Survivability Conference and Expo (DISCEX III), Washington, DC (April 22-24, 2003)
88. Viega J., Bloch J.T., Kohno T., and McGraw G. ITS4: A static vulneability scanner for C and C++ code. Annual Computer Security Applications Conference (ACSAC), New Orleans, LA (December 2000). http://www.cigital.com/its4/
89. Vigna G., Eckmann S.T., and Kemmerer R.A. The STAT tool suite. DARPA Information Survivability Conference and Expo (DISCEX) (January 2000)
90. Wagner D., Foster J.S., Brewer E.A., and Aiken A. A first step towards automated detection of buffer overrun vulnerabilities. NDSS (Network and Distributed System Security), San Diego, CA (February 2000)
91. Wagner D., and Soto P. Mimicry attacks on HostBased intrusion detection systems. Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC (October 2002)
92. Walsh L.M. Window of opportunity closing for patching. Security Wire Digest 5 66 (September 4, 2003). http://infosecuritymag.techtarget.com/ss/0,295812,sid6_iss82,00.html#news2
93. Wheeler D. Flawfinder (July 2, 2002). http://www.dwheeler.com/flawfinder/
94. Wright C., Cowan C., Smalley S., Morris J., and Kroah-Hartman G. Linux security module framework. Ottawa Linux Symposium, Ottawa, Canada (June 2002)
95. Wright C., Cowan C., Smalley S., Morris J., and Kroah-Hartman G. Linux security modules: general security support for the Linux kernel. USENIX Security Symposium, San Francisco, CA (August 2002). http://lsm.immunix.org
96. Xu J., Kalbarczyk Z., and Iyer R.K. Transparent runtime randomization for security. Proceedings of the 22nd Symposium on Reliable Distributed Systems (SRDS'2003), Florence, Italy (October 2003)
97. Zhang Y., Dao S.K., Vin H., Alvisi L., and Wenke Lee L.A. Heterogeneous networking: a new survivability paradigm. Proceedings of the New Security Paradigms Workshop, Cloudcroft, NM (September 2001)