A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors

Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003

Volumn , Issue , 2003, Pages 25-34

  Chinchani, R ^a   Upadhyaya, S ^a   Kwiat, K ^b  

^a UNIVERSITY AT BUFFALO   (United States)

^b AIR FORCE RESEARCH LABORATORY   (United States)

Author keywords

Availability; Computer displays; Computer network management; Computer science; Fault detection; Fault tolerance; Laboratories; Redundancy; Security; Voting

Indexed keywords

AVAILABILITY; COMPUTER NETWORKS; COMPUTER SCIENCE; FAULT TOLERANCE; GRAPH THEORY; LABORATORIES; MAGNETIC DISK STORAGE; PROCESS CONTROL; REDUNDANCY;

COMPUTER DISPLAY; DETECTION OF ATTACKS; KERNEL BASED APPROACH; PERFORMANCE IMPACT; REDUNDANCY TECHNIQUES; SECURITY; SENSE OF SECURITY; VOTING;

FAULT DETECTION;

EID: 84942244236     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IWIAS.2003.1192456     Document Type: Conference Paper

References (36)

1. Linux security modules, http://lsm.immunix.org/.
2. Trusted computer security evaluation criteria. DOD 5200.28-STD, 1985.
3. Freebsd problem report kern/29741, http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/29741, April 2002.
4. G. Aggrawal and P. Jalote. An efficient protocol for voting in distributed systems. In Proc. 12th IEEE International Conference on Distributed Computing Systems, pages 640-647. Yokohama, Japan, 1992.
5. Y. Amir, D. Dolev, S. Kramer, and D. Malki. Transis: A communication sub-system for high avaliablity. In FTCS-22, pages 76-84, 1992.
6. B. W. Arden and H. Lee. Analysis of chordal ring network. IEEE Trans. Computers, 30:291-295, April 1981.
7. A. Avizienis. The n-version approach to fault tolerant software. IEEE Transactions on Software Engineering, 11(12):1491-1501, December 1985.
8. M. Bishop and M. Dilger. Checking for race conditions in file accesses. Computing Systems, 9(2):131-152, Spring 1996.
9. J. B. Brown. Standard error classification to support software reliability assessment. In AFIPS Conference Proceedings, 1980 National Computer Conference, pages 697-705, 1980.
10. L. Chen and A. Avizienis. N-version programming: A fault tolerance approach to reliability of software operation. In 8th International Symposium on Fault Tolerant Computing Systems, 1978.
11. A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler. An empirical study of operating systems errors. In Symposium on Operating Systems Principles (SOSP), pages 73-88. Chateau Lake Louise, Banff, Alberta, Canada, October 2001.
12. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference and Expo (DISCEX). Hilton Head Island, SC, January 2002.
13. D. Denning. An intrusion detection model. IEEE Transactions of Software Engineering, 13(2):222-232, February 1987.
14. A. Endres. An analysis of errors and their causes in system programs. IEEE Transactions on Software Engineering, SE-1(2):140-149, June 1975.
15. U. Eriksson. Daemon watcher, http://siag.nu/dwatch/.
16. L. E. M. et al. Totem: A fault-tolerant multicast group communication system. Communications of the ACM, 39(12):54-63, 1996.
17. J. Fox. Argus, http://staff.washington.edu/fox/argus/.
18. T. Fraser, L. Badger, and M. Feldman. Hardening of cots software with generic software wrappers. In Symposium on Security and Privacy, 1999.
19. D. K. Gifford. Weighted voting for replicated data. In 7th ACM Symposium on Operating Systems, pages 150-162, December 1979.
20. K. Jain and R. Sekar. A user level infrastructure for system call interception: A platform for intrusion detection and confinement. In Network and Distributed Systems Security Symposium (NDSS), 2000.
21. P. Jalote. Fault Tolerance in Distributed Systems. Prentice Hall PTR, Englewood Cliffs, NJ 07632, 1994.
22. Z. Kalbarczyk, R. K. Iyer, S. Bagchi, and K. Whisnant. Chameleon: A software infrastructure for adaptive fault tolerance. IEEE Transactions on Parallel and Distributed Systems, 10(6):560-579, 1999.
23. L. Lamport, R. Shostak, and M.Pease. The byzantine generals problem. ACM Tans. on Prog. Lang. and Syst., 4:382-401, 1982.
24. J. Lemon. Kqueue: A generic and scalable event notification facility for freebsd. In BSDCon 2000. Monterey, CA, 2000.
25. P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and John F. Farrell (National Security Agency). The inevitability of failure: The flawed assumption of security in modern computing environments. In 21st National Information Systems Security Conference, pages 303-314, October 1998.
26. T. Mitchum, R. Lu, and R. O'Brien. Using kernel hypervisors to secure applications. In Annual Computer Security Conference, December 1997.
27. G. C. Necula and P. Lee. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 106-119. Paris, January 1997.
28. U. Nerurkar. Security analysis & design: A strategy that's both practical and generic. Dr. Dobbs Journal, featuring Computer Security, November 2000.
29. T. Onabuta, T. Inoue, and M. Asaka. A protection mechanism for an intrusion detection system based on mandatory access control. Information Processing Society of Japan, 42(8), August 2001.
30. J. M. Peha and F. A. Tobagi. Analyzing the fault tolerance of double-loop networks. IEEE/ACM Transactions on Networking (TON), 2(4), August 1994.
31. D. K. Pradhan. Fault-Tolerant Computer System Design. Prentice Hall PTR, Upper Saddle River, New Jersey, 1996.
32. C. S. Raghavendra and M. Gerla. Optimal loop topologies for distributed systems. In Seventh Data Communications Symposium, pages 218-223. Mexico City, Mexico, October 27-29 1981.
33. R. Sekar, C. R. Ramakrishnan, I. V. Ramakrishnan, and S. A. Smolka. Model-carrying code (mcc): A new paradigm for mobile-code security. In New Security Paradigms Workshop (NSPW'01). Cloudcroft, New Mexico, September 2001.
34. M. Sobirey. Intrusion detection systems (a repertoire of known intrusion detection systems), http://wwwrnks.informatik.tu-cottbus.de/sobirey/ids.html, 2000.
35. A. Somayaji and S. Forrest. Automated response using system call delays. In Usenix Security Symposium, 2000.
36. R. H. Thomas. A majority consensus approach to concurrency control for multiple copy databases. ACM Trans. on Database Systems, 4(2):180-209, June 1979.