Trusted computing vs. Advanced persistent threats: Can a defender win this game?

Proceedings - IEEE 10th International Conference on Ubiquitous Intelligence and Computing, UIC 2013 and IEEE 10th International Conference on Autonomic and Trusted Computing, ATC 2013

Volumn , Issue , 2013, Pages 396-403

  Virvilis, Nikos ^a   Gritzalis, Dimitris ^a   Apostolopoulos, Theodoros ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Advanced Persistent Threat; Duqu; Flame; MiniDuke; Red October; Stuxnet; Trusted Computing

Indexed keywords

EID: 84894112637     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/UIC-ATC.2013.80     Document Type: Conference Paper

References (36)

1. Fisher, D.: Threatpost. [Online] 15 June 2012 [Cited: 01 02 2013] https://threatpost.com/en-us/blogs/what-have-welearned-flame-malware-061512
2. Chen, T., Abu-Nimeh, S.: 2011. Lessons from Stuxnet. Computer 44, 4 (April 2011), 91-93. http://dx.doi.org/10.1109/MC.2011.115
3. Larimer, J.: An inside look at Stuxnet, IBM, 2010.
4. Falliere, N., Murchu, L., Chien, E., W32.Stuxnet Dossier, Symantec, February 2011.
5. Matrosov, A., Rodionov, E., Harley, D., Malcho, J., Stuxnet Under the Microscope, ESET, 2011.
6. Symantec, W32.Duqu-The precursor to the next Stuxnet, Symantec, 2011.
7. Bencsath, B., Pek, G., Buttyan, L., Felegyhazi, M., "Duqu: Analysis, detection, and lessons learned", in Proc. of the 2nd ACM European Workshop on System Security, 2012.
8. Bencsath, B., Pek G., Buttyan L., Felegyhazi M., "The Cousins of Stuxnet: Duqu, Flame, and Gauss", in Proc. of Future Internet, 2012.
9. Kaspersky Labs. [Online] 28 May 2012 [Cited: 01 January 2013] http://www.securelist.com/en/blog?weblogid=208193522
10. Kaspersky Labs. "Red October" Diplomatic Cyber Attacks Investigation. [Online] 14 01 2013 [Cited: 15 01 2013] http://www.securelist. com/en/analysis/204792262/Red-Octo ber-Diplomatic-Cyber-Attacks-Investigation
11. Tivadar, M., Balazs, B., Istrate, C., A closer look at Miniduke. [Online] [Cited: 20 05 2013] http://labs. bitdefend-er.com/wp-content/uploads/downloads/ 2013/04/ MiniDuke- Paper-Final.pdf
12. Raiu, C., Soumenkov, I., Baumgartner, K., Kamluk V., "The MiniDuke Mystery" [Online] [Cited: 10 05 2013] https://www.securelist.com/en/ downloads/vlpdfs/themystery ofthepdf0-dayassemblermicrobackdoor.pdf
13. Binde, E., McRee, R., O'Connor, T., "Assessing Outbound Traffic to Uncover Advanced Persistent Threat", SANS Institute. Online] 2011 [Cited: 21 12 2012] http://www.sans.edu/ student-files/projects/JWP-Binde-McRee-OConnor. pdf
14. Virvilis N., Gritzalis D., "The Big Four-What we did wrong in protecting critical ICT infrastructures from Advanced Persistent Threat detection?", in Proc. of the 8th International Conference on Availability, Reliability &Security, pp. 248-254, IEEE, 2013.
15. Gajek, S., "Compartmented security for browsers-or how to thwart a phisher with trusted computing", in Proc. of the 2nd International Conference on Availability, Reliability and Security, p. 120-127, 2007
16. Kuhlmann, D., Landfermann, R., Ramasamy, H., Schunter, M., Ramunno, G., Vernizzi, D., "An open trusted computing architecture-Secure virtual machines enabling user-defined policy enforcement", Web Page: http://www. opentc.net/acti vities/otc-HighLevelOverview/OTC, 2006.
17. Litty, L., Lie, D., "Manitou: a layer-below approach to fighting malware", in Proc. of the 1st Workshop on architectural and system support for improving software dependability, pp. 6-11, ACM, 2006.
18. Oppliger, R., Rytz, R., "Does trusted computing remedy computer security problems?", Security &Privacy, IEEE, 3(2), 16-19, 2005.
19. Mylonas, A., Tsoumas, B., Dritsas, S., Gritzalis, D., "Smartphone security evaluation: The malware attack case", in Proc. of the 8th International Conference on Security and Cryptography, pp. 25-36, SciTekPress, 2011.
20. Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D., "On the feasibility of malware attacks in smartphone platforms", Security and Cryptography, pp. 217-232, Springer (CCIS-314), 2012.
21. Gritzalis, D., "Embedding privacy in IT applications development", Information Management &Computer Security, vol. 12, no. 1, pp. 8-26, 2004.
22. Lemos, R., Infoworld. [Online] 19 January 2011 [Cited: 02 February 2013] http://www.infoworld.com/t/malware/stux net-attack-more-effective-bombs-888
23. Symantec, Stuxnet 0.5: The missing link, Symantec, 2013.
24. Kaspersky Labs. [Online] 11 June 2012. [Cited: 3 February 2013.] http://www.kaspersky.com/about/news/virus/2012/Re source-207-Kaspersky-Lab- Research-Proves-that- Stuxnet -and-Flame-Developers-are-Connected
25. Field, S., An introduction to kernel patch protection. [Online] 12 August 2006. [Cited: 08 February 2013.] http://blogs.msdn.com/b
26. Microsoft: [Online] [Cited: 11 02 2013.] http://office.microsoft.com/en- 001/excel-help/what-isprotected-view-HA010355931.aspx.
27. Schneier, B., www.schneier.com. [Online] 19 June 2012. [Cited: 6 February 2013.] http://www.schneier.com /blog/archives/2012/06/the-failure-of-3.html.
28. Cohen, F., Computer Viruses, ASP Press, 1986.
29. Denault, M., Gritzalis, D., Karagiannis, D., Spirakis, P., "Intrusion detection: Evaluation and performance issues of the SECURENET system", Computers &Security, vol. 13, no. 6, pp. 495-508, 1994.
30. Lagadec P., "Diode réseau et ExeFilter: 2 projects pour des interconnexions sécurisées", in Proc. of SSTIC06, pp. 1-15, 2006.
31. Alexa Top Sites-http://www.alexa.com/topsites
32. Doumas, A., Mavroudakis, K., Gritzalis, D., Katsikas, S., "Design of a neural network for recognition and classification of computer viruses", Computers &Security, vol. 14, no. 5, pp. 435-448, October 1995.
33. Gritzalis, D., "Enhancing security and improving interoperability in healthcare information systems", Informatics for Health and Social Care, vol. 23, no. 4, pp. 309-324, 1998.
34. Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D., "An Insider Threat Prediction Model", in Proc. of the 7th International Conference on Trust, Privacy, and Security in Digital Business, pp. 26-37, Springer (LNCS 6264), 2010.
35. Katsikas, S., Spyrou, T., Gritzalis, D., Darzentas, J., "Model for network behaviour under viral attack", Computer Communications, vol. 19, no. 2, pp. 124-132, 1996.
36. Katsikas, S., Gritzalis, D., Spirakis, P., "Attack Modeling in Open Network Environments", in Proc. of the 2nd Communications and Multimedia Security Conference, pp. 268-277, Chapman &Hall, 1997.