Synthesizing fast intrusion prevention/detection systems from high-level specifications*

8th USENIX Security Symposium

Volumn , Issue , 1999, Pages

  Sekar, R ^a   Uppuluri, P ^a  

^a STONY BROOK UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTRUSION DETECTION; PATTERN MATCHING; SPECIFICATION LANGUAGES;

AFTER-THE-FACT; HIGH LEVEL SPECIFICATION; INTRUSION DETECTION METHOD; INTRUSION PREVENTION; NEW APPROACHES; OPERATING SYSTEM KERNEL; RUNTIME BEHAVIORS; SALIENT FEATURES;

SPECIFICATIONS;

EID: 85084163313     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (34)

1. A . V . Aho, Algorithms for Finding Patterns in Strings, Handbook of Theoretical Computer Science Vol A, Elsevier Science Publishers B.V., 1990.
2. A.V. Aho, B.W. Kernighan, and P.J. Weinberger, The AWK Programming Language, Addison-Wesley, Reading, MA, 1988.
3. D . Anderson, T . Lunt, H . Javitz, A . D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes, Next-generation In¬trusion Detection Expert System (NIDES): A Summary, SRI-CSL-95-07, SRI International, 1995..
4. G. Berry, P. Couronne and G. Gonthier, Synchronous Programming of Reactive Systems: An Introduction to Esterel, Technical Report 647, INRIA, Paris, 1987.
5. M. Bishop, M. Dilger, Checking for Race Con¬ditions in File Access. Computing Systems 9(2), 1996, pp. 131-152.
6. T. Bolognesi and E. Brinksma, Introduction to the ISO Specification Language LOTOS, The Formal Description Technique LOTOS. Ams¬terdam: North-Holland, 1989..
7. T. Bowen et al, Operating System Support for Application-Specific Security, under review for Symposium on Operating Systems Principles, 1999.
8. CERT Coordination Center Advisories 1988-1998, http://www.cert.org/advisories/index.html.
9. C. Cowan, C. Pu, D. Maier, J. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle and Q. Zhang, StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, 7th USENIX Security Sym¬posium, 1998..
10. D . Denning, An Intrusion Detection Model, IEEE Trans, on Software Engineering, Feb 1987.
11. S. Forrest, S. Hofmeyr and A. Somayaji, Com¬puter Immunology, Comm. of ACM 40(10), 1997.
12. K. Fox, R. Henning, J. Reed and R. Simo-nian, A Neural Network Approach Towards Intrusion Detection, National Computer Secu¬rity Conference, 1990I n t r u s i o n D e t e c t i o n, N a t i o n a l C o m p u t e r Secur i t y Conference, 1990.
13. T. Fraser, L. Badger, M. Feldman, Hardening COTS software with Generic Software Wrap¬pers, IEEE Symposium on Security and Pri¬vacy, 1999.
14. D. Ghormley, D. Petrou, S. Rodrigues, and D. Ghormley, D. Petrou, S. Rodrigues, and T. Anderson, SLIC: An Extensibility System for Commodity Operating Systems, USENIX Annual Technical Conference, 1998.
15. B. Guha and B. Mukherjee, Network Security via Reverse Engineering of TCP Code: Vulner¬ability Analysis and Proposed Solutions, Proc. of the IEEE Infocom, March 1996.
16. A . K . Ghosh, A. Schwartzbard and M. Schatz, Learning Program Behavior Profiles for I n - trusion Detection, 1st USENIX Workshop on Intrusion Detection and Network Monitoring, 1999.
17. I. Goldberg, D. Wagner, R. Thomas, and E. Brewer, A Secure Environment for Untrusted Helper Applications, USENIX Security Symposium, 1996.
18. C. Hoare, Communicating Sequential Pro¬cesses, Comm. of the ACM, 21(8), 1978.
19. M. Jones, Interposition Agents: Transparently Interposing User Code at the System Interface, 14th ACM Symposium on Operating Systems Principles, December 1993
20. C. Ko, Execution Monitoring of Security-Critical Programs in a Distributed System: A Specification-Based Approach, Ph.D. Thesis, Dept. Computer Science, University of Cali¬fornia at Davis, 1996..
21. S . Kumar, Classification and Detection of S. Kumar, Classification and Detection of Computer Intrusions, Ph.D Dissertation, De¬partment of Computer Science, Purdue Uni¬versity, 1995..
22. R. Kurshan, Computer Aided Verification R. Kurshan, Computer Aided Verification of Coordinating Processes: The Automata-Theoretic Approach, Princeton University Press, Princeton, NJ, 1994.
23. R.W. Lo, K.N. Levitt, R.A. Olsson, MCF: a Malicious Code Filter, Computers and Secu¬rity, Vol.14, No.6, 1995..
24. D. Luckham and J. Vera, An Event-Based A r - chitecture Definition Language, IEEE Transactions on Software Engineering, 21(9), 1995.
25. D. Luckham, D. Helmbold, S. Meldal, D. D. Luckham, D. Helmbold, S. Meldal, D. Bryan, and M. Haberler, Task Sequencing Language for Specifying Distributed Ada Sys¬tems: TSL-1, PARLE: Conf. on Parallel Archi¬tectures and Languages, LNCS 259-2, 1987.
26. T. Lunt et al, A Real-Time Intrusion Detec¬tion Expert System (IDES) - Final Report, SRI-CSL-92-05, SRI International, 1992.
27. R. McNaughton and H. Yamada, Regular ex¬pressions and state graphs for automata, IRE Trans, on Electronic Comput., EC-9(1), 1960..
28. T. Mitchem, R. Lu, R. O'Brien, Using Ker¬nel Hypervisors to Secure Applications, An¬nual Computer Security Application Confer¬ence, December 1997.
29. K. Ölender and L. Osterweil, Cecil: A Se¬quencing Constraint Language for Automatic Static Analysis Generation, IEEE Transac¬tions on Software Engineering, 16(3), 1990.
30. P. Porras and R. Kemmerer, Penetration State Transition Analysis:A Rule based Intrusion Detection Approach, Eighth Annual Com¬puter Security Applications Conference, 1992..
31. F. Schneider, Enforceable Security Policies, TR 98-1664, Department of Computer Science, Cornell University, Ithaca, N Y, 1998.
32. R. Sekar, Y. Cai and M. Segal, A Specification-Based Approach for Building Survivable Systems, NISSC, October 1998.
33. R. Sekar, T. Bowen and M. Segal, On Prevent¬ing Intrusions by Process Behavior Monitor¬ing, USENIX Intrusion Detection Workshop, 1999..
34. R. Sekar and P. Uppuluri, Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications, Technical Report 99-03, Department of Computer Science, Iowa State University, Ames, IA 50014.