Detecting manipulated remote call streams

Proceedings of the 11th USENIX Security Symposium

Volumn , Issue , 2002, Pages

  Giffin, Jonathon T ^a   Jha, Somesh ^a   Miller, Barton P ^a  

^a University of Wisconsin Madison   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; EFFICIENCY;

BINARY ANALYSIS; BINARY PROGRAMS; FINITE STATE MACHINE MODEL; JOB EXECUTION; MOBILE CODE SECURITY; PROGRAM TRANSFORMATIONS; REMOTE EXECUTION; REMOTE MACHINES;

STATIC ANALYSIS;

EID: 85084162795     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (40)

1. A.D. Alexandrov, M. Ibel, K.E. Schauser, and C.J. Scheiman, “SuperWeb: Towards a Global Web-Based Parallel Computing Infrastructure”, 11th IEEE International Parallel Processing Symposium, Geneva, Switzerland, April 1997.
2. K. Anstreicher, N. Brixius, J.-P. Goux, and J. Linderoth, “Solving Large Quadratic Assignment Problems on Computational Grids”, 17th International Symposium on Mathematical Programming, Atlanta, Georgia, August 2000.
3. A.W. Appel and D.B. MacQueen, “Standard ML of New Jersey”, Third International Symposium on Programming Language Implementation and Logic Programming, Passau, Germany, August 1991. Also appears in J. Maluszynski and M. Wirsing, eds., Programming Language Implementation and Logic Programming, Lecture Notes in Computer Science #528, pp. 1-13, Springer-Verlag, New York (1991).
4. T. Ball and J.R. Larus, “Optimally Profiling and Tracing Programs”, ACM Transactions on Programming Languages and Systems 16, 3, pp. 1319-1360, July 1994.
5. B. Barak, O. Goldreich, R. Impagaliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, “On the (Im)possibility of Obfuscating Programs”, 21st Annual International Cryptography Conference, Santa Barbara, California, August 2001. Also appears in J. Kilian, ed., Advances in Cryptology - CRYPTO 2001, Lecture Notes in Computer Science #2139, pp. 1-18, Springer-Verlag, New York (2001).
6. E. Belani, A. Vahdat, T. Anderson, and M. Dahlin, “The CRISIS Wide Area Security Architecture”, Seventh USENIX Security Symposium, San Antonio, Texas, January 1998.
7. S. Chow, Y. Gu, H. Johnson, and V.A. Zakharov, “An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs”, Information Security Conference ‘01, Malaga, Spain, October 2001.
8. C. Collberg, C. Thomborson, and D. Low, “Breaking Abstractions and Unstructuring Data Structures”, IEEE International Conference on Computer Languages, Chicago, Illinois, May 1998.
9. D.E. Denning and P.J. Neumann, Requirements and Model for IDES–A Real-Time Intrusion Detection System, Technical Report, SRI International, August 1985.
10. J. Esparza, D. Hansel, P. Rossmanith, and S. Schwoon, “Efficient Algorithms for Model Checking Pushdown Systems”, 12th Conference on Computer Aided Verification, Chicago, Illinois, July 2000.
11. Also appears in E.A. Emerson and A.P. Sistla, eds., Computer Aided Verification, Lecture Notes in Computer Science #1855, pp. 232-247, Springer-Verlag, New York (2000).
12. G.E. Fagg, K. Moore, and J.J. Dongarra, “Scalable Networked Information Processing Environment (SNIPE)”, Supercomputing ‘97, San Jose, California, November 1997.
13. S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longstaff, “A Sense of Self for Unix Processes”, 1996 IEEE Symposium on Research in Security and Privacy, Oakland, California, May 1996.
14. I. Foster and C. Kesselman, “Globus: A Metacomputing Infrastructure Toolkit”, The International Journal of Supercomputer Applications and High Performance Computing 11, 2, pp. 115-129, Summer 1997.
15. I. Foster and C. Kesselman, eds., The Grid: Blueprint for a New Computing Infrastructure, Morgan Kaufmann, San Francisco (1998).
16. A.K. Ghosh, A. Schwartzbard, and M. Schatz, “Learning Program Behavior Profiles for Intrusion Detection”, 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999.
17. J.T. Giffin and H. Lin, “Exploiting Trusted Applet-Server Communication”, Unpublished Manuscript, 2001. Available at http://www.cs.wisc.edu/~giffin/.
18. F. Hohl, “A Model of Attacks of Malicious Hosts Against Mobile Agents”, 4th ECOOP Workshop on Mobile Object Systems: Secure Internet Computations, Brussels, Belgium, July 1998.
19. J. Hopcroft, An n log n Algorithm for Minimizing States in a Finite Automaton, Theory of Machines and Computations, pp. 189-196, Academic Press, New York (1971).
20. J.E. Hopcroft, R. Motwani, and J.D. Ullman, Introduction to Automata Theory, Languages, and Computation, Addison Wesley, Boston (2001).
21. S. Horwitz and T. Reps, “The Use of Program Dependence Graphs in Software Engineering”, 14th International Conference on Software Engineering, Melbourne, Australia, May 1992.
22. N.D. Jones, C.K. Gomard, and P. Sestoft, Partial Evaluation and Automatic Program Generation, Prentice Hall International Series in Computer Science, Prentice Hall, Englewood Cliffs, New Jersey (1993).
23. C. Ko, G. Fink, and K. Levitt, “Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring”, 10th Annual Computer Security Applications Conference, Orlando, Florida, 1994.
24. C. Ko, “Logic Induction of Valid Behavior Specifications for Intrusion Detection”, 2000 IEEE Symposium on Security and Privacy, Oakland, California, 2000.
25. L. Lamport, R. Shostak, and M. Pease, “The Byzantine Generals Problem”, ACM Transactions on Programming Languages and Systems 4, 3, pp. 382-401, July 1982.
26. J.R. Larus and E. Schnarr, “EEL: Machine-Independent Executable Editing”, SIGPLAN ‘95 Conference on Programming Language Design and Implementation, La Jolla, California, June 1995.
27. M. Litzkow, M. Livny, and M. Mutka, “Condor–A Hunter of Idle Workstations”, 8th International Conference on Distributed Computer Systems, San Jose, California, June 1988.
28. B.P. Miller, M. Christodorescu, R. Iverson, T. Kosar, A. Mirgorodskii, and F. Popovici, “Playing Inside the Black Box: Using Dynamic Instrumentation to Create Security Holes”, Parallel Processing Letters 11, 2/3, pp. 267-280, June/September 2001. Also appears in the Second Los Alamos Computer Science Institute Symposium, Sante Fe, NM (October 2001).
29. T. Reps, “Program Analysis via Graph Reachability”, Information and Software Technology 40, 11/12, pp. 701-726, November/December 1998.
30. J.H. Saltzer, “Protection and the Control of Information Sharing in Multics”, Communications of the ACM 17, 7, pp. 388-402, July 1974.
31. T. Sander and C.F. Tschudin, “Protecting Mobile Agents Against Malicious Hosts”, in G. Vigna, ed., Mobile Agents and Security, Lecture Notes in Computer Science #1419, pp. 44-60, Springer-Verlag, New York (1998).
32. F.B. Schneider, “Towards Fault-tolerant and Secure Agentry”, 11th International Workshop on Distributed Algorithms, Saarbrucken, Germany, September 1997.
33. SETI@home: Search for Extraterrestrial Intelligence at Home, 23 January 2002, http://setiathome.ssl.berkeley.edu/.
34. Sun Microsystems, Java Virtual Machines, 11 May 2002, http://java.sun.com/j2se/1.4/docs/guide/vm/.
35. F. Tip, “A Survey of Program Slicing Techniques”, Journal of Programming Languages 3, 3, pp.121-189, September 1995.
36. A. Vahdat, T. Anderson, M. Dahlin, E. Belani, D. Culler, P. Eastham, and C. Yoshikawa, “WebOS: Operating System Services for Wide Area Applications”, Seventh International Symposium on High Performance Distributed Computing, Chicago, Illinois, July 1998.
37. D.A. Wagner, Static Analysis and Computer Security: New Techniques for Software Assurance, Ph.D. Dissertation, University of California at Berkeley, Fall 2000.
38. D. Wagner and D. Dean, “Intrusion Detection via Static Analysis”, 2001 IEEE Symposium on Security and Privacy, Oakland, California, May 2001.
39. C. Wang, J. Davidson, J. Hill, and J. Knight, “Protection of Software-based Survivability Mechanisms”, International Conference of Dependable Systems and Networks, Goteborg, Sweden, July 2001.
40. C. Warrender, S. Forrest, and B. Pearlmutter, “Detecting Intrusions Using System Calls: Alternative Data Models”, 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 1999.