Data-provenance verification for secure hosts

IEEE Transactions on Dependable and Secure Computing

Volumn 9, Issue 2, 2012, Pages 173-183

  Xu, Kui ^a   Xiong, Huijun ^a   Wu, Chehai ^b   Stefan, Deian ^c   Yao, Danfeng ^a  

^a Virginia Polytechnic Institute and State University   (United States)

^b AppFolio Inc   (United States)

^c STANFORD UNIVERSITY   (United States)

Author keywords

Authentication; cryptography; malware; networking; provenance

Indexed keywords

AUTHENTICATION; COMPUTER SYSTEM FIREWALLS; CRYPTOGRAPHY; NETWORK SECURITY; TRUSTED COMPUTING;

CONCRETE APPLICATIONS; CRYPTOGRAPHIC PROTOCOLS; INTEGRITY VERIFICATIONS; LIGHTWEIGHT FRAMEWORKS; NETWORKING; PROVENANCE; SECURITY PROPERTIES; TRUSTED COMPUTING PLATFORM;

MALWARE;

EID: 84863028103     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2011.50     Document Type: Article

References (37)

1. A. Baliga, V. Ganapathy, and L. Iftode, "Automatic Inference and Enforcement of Kernel Data Structure Invariants," Proc. 24th Ann. Computer Security Applications Conf. (ACSAC'08), 2008.
2. A. Baliga, P. Kamat, and L. Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data," Proc. IEEE Symp. Security and Privacy, pp. 246-251, 2007. (Pubitemid 47432531)
3. B. Blackburn and R. Ranger, Barbara Blackburn, the World's Fastest Typist. 1999.
4. M. Christodorescu, S. Jha, and C. Kruegel, "Mining Specifications of Malicious Behavior," Proc. Sixth Joint Meeting of the European Software Eng. Conf. and the ACM SIGSOFT Symp. the Foundations of Software Eng. (ESEC-FSE'07), pp. 5-14, 2007.
5. W. Cui, R. H. Katz, and W. tian Tan, "Design and Implementation of an Extrusion-Based Break-in Detector for Personal Computers," Proc. 21st Ann. IEEE Computer Security Applications Conf. (ACSAC'05), pp. 361-370, 2005. (Pubitemid 46116492)
6. D. E. Denning, "A Lattice Model of Secure Information Flow," Comm. ACM, vol. 19, pp. 236-243, May 1976.
7. D. E. Denning and P. J. Denning, "Certification of Programs for Secure Information Flow," Comm. ACM, vol. 20, pp. 504-513, July 1977.
8. M. Dhawan and V. Ganapathy, "Analyzing Information Flow in Javascript-Based Browser Extensions," Proc. Ann. IEEE Computer Security Applications Conf. (ACSAC'09), pp. 382-391, 2009.
9. A. Dinaburg, P. Royal, M. Sharif, and W. Lee, "Ether: Malware Analysis via Hardware Virtualization Extensions," Proc. 15th ACM Conf. Computer and Comm. Security (CCS'08), pp. 51-62, 2008.
10. S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang, "Trustworthy and Personalized Computing on Public Kiosks," Proc. Sixth Int'l Conf. Mobile Systems, Applications, and Services, pp. 199-210, 2008.
11. J. Goebel and T. Holz, "Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation," Proc. First USENIX Workshop Hot Topics in Understanding Botnets, Apr. 2007.
12. J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon, "Peer-to-Peer Botnets: Overview and Case Study," Proc. First USENIX Workshop Hot Topics in Understanding Botnets, Apr. 2007.
13. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "Bot Miner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection," Proc. 17th USENIX Security Symp., 2008.
14. R. Gummadi, H. Balakrishnan, P. Maniatis, and S. Ratnasamy, "Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks," Proc. Sixth USENIX Symp. Networked Systems Design and Implementation (NDSI'09), 2009.
15. M. G. Jaatun, J. Jensen, H. Vegge, F. M. Halvorsen, and R. W. Nergârd, "Fools Download where Angels Fear to Tread," IEEE Security & Privacy, vol. 7, no. 2, pp. 83-86, 2009.
16. H. C. Kim, A. D. Keromytis, M. Covington, and R. Sahita, "Capturing Information Flow with Concatenated Dynamic Taint Analysis," Proc. Int'l Conf. Availability, Reliability, and Security (ARES'09), pp. 355-362, 2009.
17. T. Krovetz, "UMAC: Fast and Provably Secure Message Authentication," http://fastcrypto.org/umac, 2011.
18. L. Lu, V. Yegneswaran, P. Porras, and W. Lee, "BLADE: An Attackagnostic Approach for Preventing Drive-By Malware Infections," Proc. 17th ACM Conf. Computer and Comm. Security, 2010.
19. J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, "Flicker: An Execution Infrastructure for TCB Minimization," Proc. Third ACM SIGOPS/EuroSys European Conf. Computer Systems, pp. 315-328, 2008.
20. J. M. McCune, A. Perrig, and M. K. Reiter, "Bump in the Ether: A Framework for Securing Sensitive User Input," Proc. USENIX Ann. Technical Conf., General Track, pp. 185-198, 2006.
21. J. M. McCune, A. Perrig, and M. K. Reiter, "Safe Passage for Passwords and Other Sensitive Data," Proc. Annual Network and Distributed System Security Symp. (NDSS'09), 2009.
22. B. D. Payne and W. Lee, "Secure and Flexible Monitoring of Virtual Machines," Proc. 23rd Ann. Computer Security Applications Conf. (ACSAC'07), pp. 385-397, 2007.
23. M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "My Botnet Is Bigger Than Yours (Maybe, Better Than Yours)," Proc. First USENIX Workshop Hot Topics in Understanding Botnets, Apr. 2007.
24. R. Riley, X. Jiang, and D. Xu, "Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing," R. Lippmann, E. Kirda, and A. Trachtenberg, eds., pp. 1-20, Springer, 2008.
25. B. Schneier and N. Ferguson, Practical Cryptography, John Wiley and Sons, 2003.
26. R. Sekar, "An Efficient Black-Box Technique for Defeating Web Application Attacks," Proc. ISOC Network and Distributed Systems Symp. (NDSS'09), Feb. 2009.
27. C. Shannon, "Prediction and Entropy of Printed English," Bell System Technical J., vol. 30, no. 1, pp. 50-64, 1951.
28. S. W. Smith, Trusted Computing Platforms: Design and Applications, Springer-Verlag, 2005.
29. E. Sparks, "A Security Assessment of Trusted Platform Modules," senior hons. thesis, Dept. of Computer Science, Dartmouth College, 2007.
30. A. Srivastava and J. Giffin, "Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections," Proc. 11th Int'l Symp. Recent Advances in Intrusion Detection, pp. 39-58, Springer-Verlag, 2008.
31. D. Stefan and D. Yao, "Keystroke-Dynamics Authentication against Synthetic Forgeries," Proc. Int'l Conf. Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom'10), Nov. 2010.
32. Z. Wang, X. Jiang, W. Cui, and X. Wang, "Countering Persistent Kernel Rootkits through Systematic Hook Discovery," Proc. 11th Int'l Symp. Recent Advances in Intrusion Detection, pp. 21-38, Springer-Verlag, 2008.
33. J. Wei, B. D. Payne, J. Giffin, and C. Pu, "Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense," Proc. Ann. Computer Security Applications Conf., pp. 97-107, 2008.
34. H. Xiong, P. Malhotra, D. Stefan, C. Wu, and D. Yao, "User-Assisted Host-Based Detection of Outbound Malware Traffic," Proc. Int'l Conf. Information and Comm. Security (ICICS'09), Dec. 2009.
35. G. Xu, C. Borcea, and L. Iftode, "Satem: Trusted Service Code Execution Across Transactions," Proc. 25th IEEE Symp. Reliable Distributed Systems (SRDS'06), pp. 321-336, 2006.
36. K. Xu, D. Yao, Q. Ma, and A. Crowell, "Detecting Infection Onset with Behavior-Based Policies," Proc. Fifth Int'l Conf. Network and System Security (NSS'11), Sept. 2011.
37. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, "Panorama: Capturing Systemwide Information Flow for Malware Detection and Analysis," Proc. 14th ACM Conf. Computer and Communication Security (CCS'07), 2007.