Toward Online Verification of Client Behavior in Distributed Applications

20th Annual Network and Distributed System Security Symposium, NDSS 2013

Volumn , Issue , 2013, Pages

  Cochran, Robert A ^a   Reiter, Michael K ^a  

^a University of North Carolina   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BANDWIDTH CONSUMPTION; CLIENT /SERVER; CLIENT BEHAVIOUR; COMPUTATIONAL EXPENSE; CONFIGURATION VERIFICATION; DISTRIBUTED APPLICATIONS; GAMEPLAY; NOVEL METHODS; ON-LINE VERIFICATIONS; VERIFICATION TECHNIQUES;

EID: 85080713142     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (34)

1. S. Anand, P. Godefroid, and N. Tillmann. Demand-driven compositional symbolic execution. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, volume 4963 of Lecture Notes in Computer Science, pages 367-381. Mar. 2008.
2. D. Bethea, R. A. Cochran, and M. K. Reiter. Server-side verification of client behavior in online games. ACM Transactions on Information and System Security, 14(4), Dec. 2011.
3. R. S. Boyer, B. Elspas, and K. N. Levitt. SELECT - a formal system for testing and debugging programs by symbolic execution. In International Conference on Reliable Software, pages 234-245, 1975.
4. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards automatic generation of vulnerability-based signatures. In IEEE Symposium on Security and Privacy, May 2006.
5. J. Caballero, Z. Liang, P. Poosankam, and D. Song. Towards generating high coverage vulnerability-based signatures with protocol-level constraint-guided exploration. In Recent Advances in Intrusion Detection, 12th International Symposium, RAID 2009, volume 5758 of Lecture Notes in Computer Science, pages 161-181. 2009.
6. C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In 8th USENIX Symposium on Operating Systems Design and Implementation, Dec. 2008.
7. C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. R. Engler. EXE: Automatically generating inputs of death. In 13th ACM Conference on Computer and Communications Security, Nov. 2006.
8. V. Chipounov, V. Kuznetsov, and G. Candea. S2E: a platform for in-vivo multi-path analysis of software systems. In 16th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 265-278, 2011.
9. S. Chong, J. Liu, A. C. Myers, X. Qi, N. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In 21st ACM Symposium on Operating Systems Principles, pages 31-44, Oct. 2007.
10. M. DeLap, B. Knutsson, H. Lu, O. Sokolsky, U. Sammapun, I. Lee, and C. Tsarouchis. Is runtime verification applicable to cheat detection? In 3rd ACM SIGCOMM Workshop on Network and System Support for Games, Aug. 2004.
11. W. Feng, E. Kaiser, and T. Schluessler. Stealth measurements for cheat detection in on-line games. In 7th ACM Workshop on Network and System Support for Games, pages 15-20, Oct. 2008.
12. J. T. Giffin, S. Jha, and B. P. Miller. Detecting manipulated remote call streams. In 11th USENIX Security Symposium, Aug. 2002.
13. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In 2005 ACM Conference on Programming Language Design and Implementation, pages 213-223, June 2005.
14. A. Guha, S. Krishnamurthi, and T. Jim. Using static analysis for Ajax intrusion detection. In 18th International World Wide Web Conference, pages 561-570, Apr. 2009.
15. G. Hoglund and G. McGraw. Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional, 2007.
16. E. Kaiser, W. Feng, and T. Schluessler. Fides: Remote anomaly-based cheat detection using client emulation. In 16th ACM Conference on Computer and Communications Security, Nov. 2009.
17. Y. Lyhyaoui, A. Lyhyaoui, and S. Natkin. Online games: Categorization of attacks. In International Conference on Computer as a Tool (EUROCON), Nov. 2005.
18. C. Mönch, G. Grimen, and R. Midtstraum. Protecting online games against cheating. In 5th ACM Workshop on Network and System Support for Games, Oct. 2006.
19. J. Mulligan and B. Patrovsky. Developing Online Games: An Insider's Guide. New Riders Publishing, 2003.
20. T. Schluessler, S. Goglin, and E. Johnson. Is a bot at the controls? Detecting input data attacks. In 6th ACM Workshop on Network and System Support for Games, pages 1-6, Sept. 2007.
21. K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for C. SIGSOFT Software Engineering Notes, 30:263-272, Sept. 2005.
22. K. Tan, J. McHugh, and K. Killourhy. Hiding intrusions: From the abnormal to the normal and beyond. In Information Hiding, 5th International Workshop, IH 2002, pages 1-17, 2003.
23. N. Tillmann and J. D. Halleux. Pex: White box test generation for.NET. In 2nd International Conference on Tests and Proofs, pages 134-153, 2008.
24. E. Ukkonen. Algorithms for approximate string matching. Information and Control, 64(1-3), Mar. 1985.
25. K. Vikram, A. Prateek, and B. Livshits. Ripley: Automatically securing Web 2.0 applications through replicated execution. In 16th ACM Conference on Computer and Communications Security, Nov. 2009.
26. W. Visser, J. Geldenhuys, and M. B. Dwyer. Green: reducing, reusing and recycling constraints in program analysis. In 20th ACM International Symposium on the Foundations of Software Engineering, FSE, pages 58:1-11, 2012.
27. W. Visser, C. S. Păsăreanu, and S. Khurshid. Test input generation with Java PathFinder. SIGSOFT Software Engineering Notes, 29:97-107, July 2004.
28. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In 9th ACM Conference on Computer and Communications Security, Nov. 2002.
29. M. Ward. Warcraft game maker in spying row, Oct. 2005. http://news.bbc.co.uk/2/hi/technology/4385050.stm.
30. S. Webb and S. Soh. A survey on network game cheats and P2P solutions. Australian Journal of Intelligent Information Processing Systems, 9(4):34-43, 2008.
31. J. Yan and B. Randell. A systematic classification of cheating in online games. In 4th ACM Workshop on Network and System Support for Games, Oct. 2005.
32. J. Yang, C. Sar, P. Twohey, C. Cadar, and D. Engler. Automatically generating malicious disks using symbolic execution. In IEEE Symposium on Security and Privacy, May 2006.
33. D. Yuan, H. Mai, W. Xiong, L. Tan, Y. Zhou, and S. Pasupathy. SherLog: Error diagnosis by connecting clues from run-time logs. In 15th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 143-154, Mar. 2010.
34. C. Zamfir and G. Candea. Execution synthesis: a technique for automated software debugging. In 5th European Conference on Computer Systems, pages 321-334, Apr. 2010.