Preventing privilege escalation

Proceedings of the 12th USENIX Security Symposium

Volumn , Issue , 2003, Pages 231-241

  Provos, Niels ^a   Friedl, Markus ^b   Honeyman, Peter ^a  

^a UNIVERSITY OF MICHIGAN   (United States)

^b GeNUA ^*

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION;

APPLICATION CONFINEMENT; GENERIC APPROACH; INTERNAL STATE; OR APPLICATIONS; PROGRAMMING ERRORS; SECURITY VULNERABILITIES; SUPERUSER; SYSTEM SERVICES;

SEPARATION;

EID: 85048404745     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (31)

1. Lee Badger, Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, and Sheila A. Haghighat. A Domain and Type Enforcement UNIX Prototype. In Proceedings of the 5th USENIX Security Symposium, pages 127-140, June 1995.
2. Mark E. Carson. Sendmail without the Superuser. In Proceedings of the 4th USENIX Security Symposium, October 1993.
3. CERT/CC. CERT AdvisoryCA-2002-07 Double Free Bug in zlib Compression Library. http://www.cert.org/advisories/CA-2002-07.html, March 2002.
4. CERT/CC. CERT AdvisoryCA-2002-18 OpenSSH Vulnerabilities in Challenge Response Handling. http://www.cert.org/advisories/CA-2002-18.html, June 2002.
5. Silvio Cesare. FreeBSD SecurityAdvisoryFreeBSD-SA-02:38.signed-error. http://archives.neohapsis.com/archives/freebsd/2002-08/0094.html, August 2002.
6. Solar Designer. Design Goals for popa3d. http://www.openwall.com/popa3d/DESIGN.
7. P. Deutsch. DEFLATE Compressed Data Format Specification version 1.3. RFC 1951, 1996.
8. P. Deutsch and J-L. Gailly. ZLIB Compressed Data Format Specification version 3.3. RFC 1950, 1996.
9. Chris Evans. Comments on the Overall Architecture of Vsftpd, from a Security Stand point. http://vsftpd.beasts.org/, February 2001.
10. Markus Friedl, Niels Provos, and William A. Simpson. Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol. Internet Draft, January 2002. Work in progress.
11. Li Gong, Marianne Mueller, Hemma Prafullchandra, and Roland Schemers. Going Beyond the Sandbox: An Overview of the New SecurityArchitecture in the Java Development Kit 1.2. USENIX Symposium on Internet Technologies and Systems, pages 103-112, 1997.
12. Douglas Kilpatrick. Privman: A Library for Partitioning Applications. In Proceedings of the USENIX 2003 Annual Technical Conference, FREENIX track, June 2003.
13. David Larochelle and David Evans. Statically Detecting Likely Buffer Overflow Vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, August 2001.
14. Jochen Liedtke. On μ-Kernel Construction. In Proceedings of the Symposium on Operating Systems Principles, pages 237-250, 1995.
15. Theodore A. Linden. Operating System Structures to Support Securityand Reliable Software. ACM Computing Surveys, 8(4):409-445, 1976.
16. Sun Microsystems. XDR: External Data Representation. RFC 1014, June 1987.
17. Todd C. Miller and Theo de Raadt. strlcpyand strl-cat - Consistent, Safe, String Copyand Concatenation. In Proceedings of the 1999 USENIX Technical Conference, FREENIX track, June 1999.
18. David S. Peterson, Matt Bishop, and Raju Pandey. A Flexible Containment Mechanism for Executing Untrusted Code. In Proceedings of the 11th USENIX Security Symposium, pages 207-225, August 2002.
19. Joost Pol. OpenSSH Channel Code Off-By-One Vulnerability. http://online.securityfocus.com/bid/4241, March 2002.
20. Niels Provos. OpenBSD Security Advisory: Select Boundary Condition. http://monkey.org/openbsd/archive/misc/0208/msg00482.html, August 2002.
21. Niels Provos. Improving Host Securitywith System Call Policies. In Proceedings of the 12th USENIX Security Symposium, August 2003.
22. Jerome H. Saltzer. Protection and the Control of Information in Multics. Communications of the ACM, 17(7):388-402, July 1974.
23. Jerome H. Saltzer and Michael D. Schroeder. The Protection of Information in Computer Systems. In Proceedings of the IEEE 69, number 9, pages 1278-1308, September 1975.
24. Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In Proceedings of the 10th USENIX Security Symposium, August 2001.
25. W. Richard Stevens. Advanced Programming in the UNIX Environment. Addison-Wesley, 1992.
26. Wietse Venema. Postfix Overview. http://www.postfix.org/motivation.html.
27. David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. In Proceedings of the ISOC Symposium on Network and Distributed System Security, pages 3-17, February 2000.
28. David A. Wagner. Janus: an Approach for Confinement of Untrusted Applications. Technical Report CSD-99-1056, University of California, Berkeley, 12, 1999.
29. Kenneth M. Walker, Daniel F. Sterne, M. Lee Badger, Michael J. Petkac, David L. Shermann, and Karen A. Oostendorp. Confining Root Programs with Domain and Type Enforcement (DTE). In Proceedings of the 6th Usenix Security Symposium, July 1996.
30. Dan S. Wallach, Dirk Balfanz, Drew Dean, and Edward W. Felten. Extensible Security Architectures for Java. 16h Symposium on Operating System Principles, pages 116-128, 1997.
31. Michal Zalewski. Remote Vulnerabilityin SSH Daemon CRC32 Compensation Attack Detector. http://razor.bindview.com/publish/advisories/adv-ssh1crc.html, February 2001.