Forensic analysis of file system intrusions using improved backtracking

Proceedings - 3rd IEEE International Workshop on Information Assurance, IWIA 2005

Volumn , Issue , 2005, Pages 154-163

  Sitaraman, Sriranjani ^a   Venkatesan, S ^a  

^a The University of Texas at Dallas   (United States)

Author keywords

Backtracking; Data flow analysis; Dynamic slicing; File system; Intrusion detection

Indexed keywords

DATA FLOW ANALYSIS; DATA TRANSFER; DIGITAL STORAGE; FILE ORGANIZATION; FLOW GRAPHS;

BACKTRACKING; DATA-FLOW ANALYSIS; DETECTION POINT; DYNAMIC SLICING; FILESYSTEM; FORENSIC ANALYSIS; INTRUSION DETECTION SYSTEMS; INTRUSION-DETECTION; SEARCH TIME; SYSTEM ADMINISTRATORS;

INTRUSION DETECTION;

EID: 84869597650     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (33)

1. CERT/CC List of security tools. 2001, http://www.cert.org/tech_tips/security_tools.html.
2. CERT/CC Overview of attack trends. 2002, http://www.cert.org/archive/pdf/attack_trends.pdf.
3. CERT/CC Overview: Incident and vulnerability trends. 2003, http://www.cert.org/present/cert-overview-trends/.
4. H. Agrawal, R. A. DeMillo, and E. H. Spafford. Dynamic slicing in the presence of unconstrained pointers. In Proceedings of the symposium on Testing, analysis, and verification, pages 60-73. ACM Press, 1991.
5. H. Agrawal, R. A. Demillo, and E. H. Spafford. Debugging with dynamic slicing and backtracking. Software - Practice and Experience, 23(6):589-616, 1993.
6. H. Agrawal and J. R. Horgan. Dynamic program slicing. In Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation, pages 246-256. ACM Press, 1990.
7. H. Agrawal and J. R. Horgan. Dynamic program slicing. In Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation, pages 246-256. ACM Press, 1990.
8. A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: principles, techniques, and tools. Addison-Wesley Longman Publishing Co., Inc., 1986.
9. P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. IEEE Transactions on Knowledge and Data Engineering, 14(5):1167-1185, September/October 2002.
10. M. J. Bach. The Design of the Unix Operating System. Prentice Hall PTR, 1986.
11. J.-F. Bergeretti and B. A. Carr. Information-flow and data-flow analysis of while-programs. ACM Transactions on Programming Languages and Systems (TOPLAS), 7(1):37-61, 1985.
12. M. Bishop. Unix security: Security in programming. SANS'96, 1996.
13. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. Revirt: enabling intrusion analysis through virtual-machine logging and replay. SIGOPS Oper. Syst. Rev., 36(SI):211-224, 2002.
14. J. Grizzard, E. Dodson, G. Conti, J. Levine, and H. Owen. Towards a trusted immutable kernel extension (tike) for self-healing systems: a virtual machine approach. In Proceedings of the Fifth IEEE Information Assurance Workshop (IAW), pages 444-446. IEEE, June 2004.
15. J. Grizzard, S. Krasser, G. C. Owen, and E. Dodson. Towards an approach for automatically repairing compromised network systems. In Proceedings of the IEEE Symposium on Network Computing and Application's Workshop on Trustworthy Network Computing (IEEE-NCA), August 2004.
16. T. Hoffner, M. Kamkar, and P. Fritzson. Evaluation of program slicing tools. In Proceedings of Automated and Algorithmic Debugging, pages 51-69, 1995.
17. S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. ACM Transactions on Programming Languages and Systems (TOPLAS), 12(1):26-60, 1990.
18. G. Kim. Advanced applications of tripwire for servers: Detecting intrusions, rootkits and more.. Whitepaper, Tripwire.
19. G. H. Kim and E. H. Spafford. The design and implementation of tripwire: A file system integrity checker. In Proceedings of ACM Conference on Computer and Communications Security, pages 18-29, 1994.
20. S. T. King and P. M. Chen. Backtracking intrusions. In Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 223-236. ACM Press, 2003.
21. S. T. King, Z. M. Mao, D. G. Lucchetti, and P. M. Chen. Enriching intrusion alerts through multi-host causality. In Proceedings of 2005 Network and Distributed System Security Symposium (NDSS) (to appear), 2005.
22. B. Korel and J. Laski. Dynamic slicing of computer programs. The Journal of Systems and Software, 13:187-195, 1990.
23. A. D. Lucia. Program slicing: Methods and applications. In Proceedings of the First IEEE International Workshop on Source Code Analysis and Manipulation, pages 142-149. IEEE Computer Society Press, Los Alamitos, California, USA, Nov 2001.
24. R. Manevich, M. Sridharan, S. Adams, M. Das, and Z. Yang. Pse: Explaining program failures via postmortem static analysis. In Proceedings of SIGSOFT'04/FSE-12. ACM Press, 2004.
25. K. J. Ottenstein and L. M. Ottenstein. The program dependence graph in a software development environment. In Proceedings of the first ACM SIGSOFT/SIGPLAN software engineering symposium on Practical software development environments, pages 177-184. ACM Press, 1984.
26. R. M. Stallman. Using and Porting GNU CC, Version 2.8.1. 1995.
27. R. M. Stallman. GDB Manual, Version 6.2.1. 2004.
28. F. Tip. A survey of program slicing techniques. Journal of programming languages, 3:121-189, 1995.
29. M. Weiser. Programmers use slices when debugging. Communications, ACM, 25(7):446-452, 1982.
30. M. Weiser. Program slicing. IEEE Transactions on Software Engineering, 10(4):352-357, 1984.
31. X. Zhang and R. Gupta. Cost effective dynamic program slicing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2004.
32. X. Zhang, R. Gupta, and Y. Zhang. Precise dynamic slicing algorithms. In Proceedings of the IEEE/ACM International Conference on Software Engineering, pages 319-329, May 2003.
33. N. Zhu and T. Chiueh. Design, implementation, and evaluation of repairable file service. Proceedings of The International Conference on Dependable Systems and Networks, June 2003.