Host-based security sensor integrity in multiprocessing environments

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6047 LNCS, Issue , 2010, Pages 138-152

  McEvoy, Thomas Richard ^a   Wolthusen, Stephen D ^a,b  

^a UNIVERSITY OF LONDON   (United Kingdom)

^b NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

CAUSAL MODEL; DEFENCE MECHANISMS; DEFENSIVE MEASURES; EXPERIMENTAL VALIDATIONS; FORMAL MODEL; HARDWARE COMPONENTS; HIGHER ORDER; HOST-BASED; HOST-BASED SENSORS; KEY LOCATION; MULTI CORE; MULTIPROCESSOR-SYSTEM; NON-LINEARITY; NONUNIFORM; OPERATING SYSTEMS; SECURITY CONTROLS; SECURITY SENSORS; SELF-DEFENCE; SELF-OBSERVATION; VIRTUALISATION;

COMPUTER ARCHITECTURE; COMPUTER OPERATING SYSTEMS; CONCURRENCY CONTROL; INTRUSION DETECTION; SECURITY SYSTEMS; SEMANTICS; SENSORS;

MULTIPROCESSING SYSTEMS;

EID: 78149475419     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-12827-1_11     Document Type: Conference Paper

References (34)

1. Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, Reading (2005).
2. Petroni, N.L., Fraser, T., Walters, A., Arbaugh, W.A.: An Architecture for Specification-Based Detection of Semantic Integrity Violations in Kernel Dynamic Data. In: Proceedings of the 15th USENIX Security Symposium (2006).
3. King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: 2006 IEEE Symposium on Security and Privacy (S&P 2006), vol. 0, pp. 314-327. IEEE Computer Society, Los Alamitos (2006).
4. Rutkowska, J.: Beyond the cpu: Defeating hardware based ram acquisition. Defcon (2007).
5. Heasman, J.: Implementing and Detecting an ACPI BIOS Root Kit. In: Briefing at Black Hat 2005, Las Vegas, NV, USA (July 2005).
6. Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Reading (2005).
7. Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the 10th Annual Network And Distributed System Security Symposium (NDSS 2003), Internet Society, San Diego (2003).
8. Yee, B., Tygar, J.D.: Secure Coprocessors in Electronic Commerce Applications. In: Geer, D.E. (ed.) Proceedings of the First USENIX Workshop on Electronic Commerce, p. 14. USENIX Press, New York (1995).
9. Wang, Y.-M., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. In: 2005 International Conference on Dependable Systems and Networks (DSN 2005), pp. 368-377. IEEE Computer Society, Los Alamitos (2005).
10. Petroni Jr., N.L., Hicks, M.: Automated Detection of Persistent Kernel Control- Flow Attacks. In: di Vimercati, S.D.C., Syverson, P. (eds.) Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 103-115. ACM Press, New York (2007).
11. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (S&P 2005), pp. 32-46. IEEE Press, Piscataway (2005).
12. Baliga, A., Kamat, P., Iftode, L.: Lurking in the Shadows: Identifying Systemic Threats to Kernel Data. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), pp. 246-251. IEEE Press, Piscataway (2007).
13. Chuvakin, A.: An overview of unix rootkits. White Paper, iDefense Laboratories, iDefence Inc., 14151 Newbrook Suite, Chantilly, VA 20151 (2003).
14. Wilhelm, J., cker Chiueh, T.: A Forced Sampled Execution Approach to Kernel Rootkit Identification. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 219-235. Springer, Heidelberg (2007).
15. Zhang, X., van Doorn, L., Jaeger, T., Perez, R., Sailer, R.: Secure Coprocessor- Based Intrusion Detection. In: Muller, G., Jul, E. (eds.) Proceedings of the 10th ACM SIGOPS European Workshop, pp. 239-242. ACM Press, New York (2002).
16. Molina, J., Arbaugh, W.: Using Independent Auditors as Intrusion Detection Systems. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 291-302. Springer, Heidelberg (2002).
17. Williams, P.D., Spafford, E.H.: CuPIDS: An Exploration of Highly Focused, Co-Processor-based Information System Protection. Computer Networks 51(5), 1284-1298 (2007).
18. Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 1-20. Springer, Heidelberg (2008).
19. Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware Analysis via Hardware Virtualization Extensions. In: Ning, P., Syverson, P., Jha, S. (eds.) Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 51-62. ACM Press, New York (2008).
20. Huang, Y., Stavrou, A., Ghosh, A.K., Jajodia, S.: Efficiently Tracking Application Interactions using Lightweight Virtualization. In: Nieh, J., Stavrou, A. (eds.) Proceedings of the 1st ACM Workshop on Virtual Machine Security (VMSec 2008), pp. 19-28. ACM Press, New York (2008).
21. Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection through VMM-based "out-of-the-box" Semantic View Reconstruction. In: De Capitani di Vimercati, S., Syverson, P. (eds.) Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 128-138. ACM Press, New York (2007).
22. Riley, R., Jiang, X., Xu, D.: Multi-Aspect Profiling of Kernel Rootkit Behavior. In: Proceedings of the 4th ACM European Conference on Computer Systems, pp. 47-69. ACM Press, Nuremberg (2008).
23. Thober, M., Pendergrass, J.A., McDonell, C.D.: Improving Coherency of Runtime Integrity Measurement. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 51-60. ACM Press, Alexandria (2008).
24. Loscocco, P., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux Kernel Integrity Measurement using Contextual Inspection. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 21-29. ACM Press, Alexandria (2007).
25. Oplinger, J., Lam, M.S.: Enhancing Software Reliability with Speculative Threads. In: Gharachorloo, K. (ed.) Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XIII), pp. 184-196. ACM Press, New York (2002).
26. Nightingale, E.B., Peek, D., Chen, P.M., Flinn, J.: Parallelizing Security Checks on Commodity Hardware. In: Eggers, S., Larus, J. (eds.) Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XIII), pp. 308-318. ACM Press, New York (2008).
27. (for review), A (Anonymised for review). In (Anonymised for review) (September 2008).
28. Garg, V.K.: 1. In: Elements of Distributed Computing. John Wiley and Sons Inc., Chichester (2002).
29. Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: IEEE Symposium on Security and Privacy, vol. 0, pp. 231-245 (2007).
30. Ring, S., Cole, E.: Taking a Lesson from Stealthy Rootkits. IEEE Security and Privacy 02(4), 38-45 (2004).
31. Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), pp. 421-430. IEEE Press, Miami Beach (2007).
32. Cavallaro, L., Saxena, P., Sekar, R.: On the Limits of Information Flow Techniques for Malware Analysis and Containment. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 143-163. Springer, Heidelberg (2008).
33. Asanovic, K., Bodik, R., Catanzaro, B.C., Gebis, J.J., Husbands, P., Keutzer, K., Patterson, D.A., Plishker, W.L., Shalf, J., Williams, S.W., Yelick, K.A.: The landscape of parallel computing research: A view from berkeley. Technical Report UCB/EECS-2006-183, EECS Department, University of California, Berkeley (December 2006).
34. Ivan Sklyarov: 21. In: Programming Linux Hacker Tools Uncovered. A-LIST, LLC (2007).