Identifying native applications with high assurance

CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2012, Pages 275-282

  Almohri, Hussain M J ^a   Yao, Danfeng Daphne ^a   Kafura, Dennis ^a  

^a Virginia Polytechnic Institute and State University   (United States)

Author keywords

application authentication; cryptography; malware; operating system; process identification

Indexed keywords

CRYPTOGRAPHY; LINUX; MALWARE; MONITORING; NETWORK SECURITY;

APPLICATION AUTHENTICATION; HIGH ASSURANCE; MALWARES; MONITORING ARCHITECTURE; OPERATING SYSTEM; OPERATING SYSTEM KERNEL; PROCESS IDENTIFICATION; RUNNING PROCESS; SECRET KEY; SYSTEM CALL MONITORING;

AUTHENTICATION;

EID: 84866626135     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2133601.2133635     Document Type: Conference Paper

References (26)

1. grsecurity. http://www. grsecurity. net/.
2. H. M. J. Almohri, D. Yao, and D. Kafura. Identifying native applications with high assurance. Technical Report, Department of Computer Science, Virginia Tech, 2011.
3. D. P. Bovet and M. Cesati. Understanding the linux kernel. O'Reilly, 2006.
4. J. A. Buchmann and J. A. Buchmann. Cryptographic Hash Functions. In S. Axler, F. W. Gehring, and K. A. Ribet, editors, Introduction to Cryptography, Undergraduate Texts in Mathematics, pages 235-248. Springer New York, 2004.
5. M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-aware malware detection. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 32-46, may 2005.
6. J.-L. Cooke and D. Bryson. Strong cryptography in the Linux kernel. In Proceedings of the 2003 Linux Symposium, pages 139-144, 2003.
7. B. Ford and R. Cox. Vx32: lightweight user-level sandboxing on the x86. In Proceedings of the 2008 USENIX Annual Technical Conference, pages 293-306, Berkeley, CA, USA, 2008. USENIX Association.
8. Z. M. Hong Chen, Ninghui Li. Analyzing and comparing the protection quality of security enhanced operating systems. In Proceedings of the 16th Annual Network & Distributed System Security Symposium, 2009.
9. T. Jaeger, J. Liedtke, and N. Islam. Operating system protection for fine-grained programs. In Proceedings of the 7th USENIX Security Symposium, 1998.
10. T. Jaeger, A. D. Rubin, and A. Prakash. Building systems that flexibly control downloaded executable content. In Proceedings of the 6th USENIX Security Symposium, July 1996.
11. T. Jaeger, R. Sailer, and U. Shankar. PRIMA: policy-reduced integrity measurement architecture. In Proceedings of the 11th ACM symposium on Access control models and technologies, SACMAT '06, pages 19-28, New York, NY, USA, 2006. ACM.
12. X. Jiang, X. Wang, and D. Xu. Stealthy Malware Detection and Monitoring Through VMM-based "out-of-the-box" Semantic View Reconstruction. ACM Transactions on Information Systems Security, 13: 12: 1-12: 28, March 2010.
13. M. T. Jones. Access the Linux kernel using the/proc filesystem, 2006. http://www. ibm. com/developerworks/linux/library/lproc. html.
14. T. Kim and N. Zeldovich. Making Linux protection mechanisms egalitarian with UserFS. In Proceedings of the 19th USENIX conference on Security, pages 13-27, Berkeley, CA, USA, 2010. USENIX Association.
15. B. Li, J. Li, T. Wo, C. Hu, and L. Zhong. A VMM-based system call interposition framework for program monitoring. In Proceedings of the 16th IEEE International Conference on Parallel and Distributed Systems, ICPADS '10, pages 706-711, Washington, DC, USA, 2010. IEEE Computer Society.
16. N. Li, Z. Mao, and H. Chen. Usable mandatory integrity protection for operating systems. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 164-178, may 2007.
17. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the 2001 USENIX Annual Technical Conference, Berkeley, CA, 2001. USENIX Association.
18. L. Lu, V. Yegneswaran, P. Porras, and W. Lee. BLADE: An attack-agnostic approach for preventing drive-by malware infections. In Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pages 440-450, New York, NY, USA, 2010. ACM.
19. L. McVoy and C. Staelin. lmbench: portable tools for performance analysis. In Proceedings of the 1996 annual conference on USENIX Annual Technical Conference, pages 23-23, Berkeley, CA, USA, 1996. USENIX Association.
20. NIST. Announcing the advanced encryption standard (AES). Federal Information Processing Standards Publication 197, November 2006.
21. C. Parampalli, R. Sekar, and R. Johnson. A practical mimicry attack against powerful system-call monitors. In Proceedings of the 2008 ACM symposium on Information, computer and communications security, ASIACCS '08, pages 156-167, New York, NY, USA, 2008. ACM.
22. M. Rajagopalan, M. A. Hiltunen, T. Jim, and R. D. Schlichting. System call monitoring using authenticated system calls. IEEE Transactions on Dependable and Secure Computing, 3: 216-229, July 2006.
23. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, N. James, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security, ICISS'08, pages 1-25, Berlin, Heidelberg, 2008. Springer-Verlag.
24. D. Stefan, C. Wu, D. Yao, and G. Xu. Knowing where your input is from: Kernel-level provenance verification. In Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS), pages 71-87. Springer-Verlag, 2010.
25. T. Wobber, A. Yumerefendi, M. Abadi, A. Birrell, and D. R. Simon. Authorizing applications in singularity. In Proceedings of the 2nd European Conference on Computer Systems, EuroSys '07, pages 355-368, New York, NY, USA, 2007. ACM.
26. C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux security module framework. In Proceedings of the 11th Ottawa Linux Symposium, 2002.