Ostia: A Delegating Architecture for Secure System Call Interposition

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2004

Volumn , Issue , 2004, Pages

  Garfinkel, Tal ^a   Pfaff, Ben ^a   Rosenblum, Mendel ^a  

^a Stanford University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER ARCHITECTURE; NETWORK ARCHITECTURE;

'CURRENT; CRITICAL PROPERTIES; ERROR LIMITS; ERROR PRONES; EXECUTION ENVIRONMENTS; IMPLEMENTATION ERROR; PROPERTY; SANDBOXING SYSTEMS; SECURE SYSTEM; SYSTEM CALL INTERPOSITION;

NETWORK SECURITY;

EID: 85180406262     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (39)

1. Subterfugue: strace meets expect. http://subterfugue.org/.
2. A. Acharya and M. Raje. MAPbox: Using parameterized behavior classes to confine untrusted applications. In Proc. 9th USENIX Security Symposium, Aug. 2000.
3. A. Alexandrov, P. Kmiec, and K. Schauser. Consh: A confined execution environment for internet computations. http://www.cs.ucsb.edu/berto/papers/99-usenix-consh.ps, 1998.
4. A. Berman, V. Bourassa, and E. Selberg. TRON: Process-specific file protection for the UNIX operating system. In Proceedings of the Winter USENIX Conference, 1995.
5. M. Bernaschi, E. Gabrielli, and L. V. Mancini. Remus: a security-enhanced operating system. ACM Trans. Information and System Security (TISSEC), 5(1):36–61, 2002.
6. B. N. Bershad and C. B. Pinkerton. Watchdogs: Extending the UNIX file system. In USENIX Conference Proceedings, pages 267–75, Dallas, TX, Winter 1988.
7. M. Bishop and M. Dilger. Checking for race conditions in file accesses. Computing Systems, 9(2):131–152, Spring 1996.
8. CERT. Vulnerability note VU#176888, Linux kernel contains race condition via ptrace/procfs/execve. may 2002.
9. H. Chen, D. Wagner, and D. Dean. Setuid demystified. In Proc. 11th USENIX Security Symposium, August 2002.
10. C. Cowan, S. Beattie, G. Kroach-Hartman, C. Pu, P. Wagle, and V. Gligor. Subdomain: Parsimonious server security. In Proc. Systems Administration Conference, Dec. 2000.
11. A. Cox. CAN-2003-0127, Linux kernel ptrace() flaw lets local users gain root privileges. March 2003.
12. A. Dan, A. Mohindra, R. Ramaswami, and D. Sitaram. Chakravyuha (CV): A sandbox operating system environment for controlled execution of alien code. Technical Report 20742, IBM T.J. Watson Research Center, Sept. 1997.
13. Entercept Security Technologies. System call interception whitepaper. http://www.entercept.com/whitepaper/systemcalls/.
14. Erlingsson and Schneider. SASI enforcement of security policies: A retrospective. In WNSP: New Security Paradigms Workshop. ACM Press, 2000.
15. T. Fraser, L. Badger, and M. Feldman. Hardening COTS software with generic software wrappers. In IEEE Symposium on Security and Privacy, pages 2–16, 1999.
16. T. Garfinkel. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proc. Network and Distributed Systems Security Symposium, February 2003.
17. D. P. Ghormley, D. Petrou, S. H. Rodrigues, and T. E. Anderson. SLIC: An extensibility system for commodity operating systems. In Proc. USENIX Annual Technical Conference, pages 39–52, June 1998.
18. I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A secure environment for untrusted helper applications. In Proc. 6th USENIX Security Symposium, July 1996.
19. D. B. Golub, R. W. Dean, A. Forin, and R. F. Rashid. UNIX as an application program. In USENIX Summer, pages 87–95, 1990.
20. S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3):151–180, 1998.
21. K. Jain and R. Sekar. User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. In Proc. Network and Distributed Systems Security Symposium, 2000.
22. M. B. Jones. Interposition agents: Transparently interposing user code at the system interface. In Symposium on Operating Systems Principles, pages 80–93, 1993.
23. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, August 2002.
24. C. Ko, T. Fraser, L. Badger, and D. Kilpatrick. Detecting and countering system intrusions using software wrappers. In Proc. 9th USENIX Security Symposium, August 2000.
25. M. Accetta et al. Mach: A new kernel foundation for UNIX development. In Proc. USENIX Summer Conference, 1986.
26. B. Marick. lc. ftp://ftp.qucis.queensu.ca/pub/software-eng/software/Cmetrics/lc. tar.gz%.
27. M. K. McKusick, K. Bostic, M. J. Karels, and J. S. Quarter-man. The Design and Implementation of the 4.4 BSD Operating System, pages 112–114. Addison-Wesley, 1996.
28. T. Mitchem, R. Lu, and R. O’Brien. Using kernel hypervisors to secure applications. In Proc. 13th Annual Computer Security Applications Conference, December 1997.
29. V. Nakra. Architecture study: Janus—a practical tool for application sandboxing.
30. D. S. Peterson, M. Bishop, and R. Pandey. A flexible containment mechanism for executing untrusted code. In Proc. 11th USENIX Security Symposium, August 2002.
31. N. Provos. Improving host security with system call policies. In Proc. 12th USENIX Security Symposium, pages 257–272, august 2003.
32. K. Scott and J. Davidson. Safe virtual execution using software dynamic translation. In Proc. Annual Computer Security Applications Conference, 2002.
33. Steve Bellovin. Shifting the Odds, Writing More Secure Software. http://www.research.att.com/~smb/talks/odds.ps.
34. Teso Security Advisory. LIDS Linux Intrusion Detection System vulnerability. http://www.team-teso.net/advisories/teso-advisory-012.txt.
35. J. Viega and G. McGraw. Building Secure Software, pages 209–229. Addison-Wesley, 2002.
36. D. A. Wagner. Janus: An approach for confinement of untrusted applications. Technical Report CSD-99-1056, University of California, Berkeley, 12, 1999.
37. K. M. Walker, D. F. S. anad M. L. Badger, M. J. Petkac, D. L. Shermann, and K. A. Oostendorp. Confining root programs with domain and type enforcement. In Proceedings of the sixth USENIX Security Symposium, July 1996.
38. B. Welch and J. Ousterhout. Pseudo devices: User-level extensions to the Sprite file system. In Summer 1988 USENIX Conference, pages 37–49, San Francisco, CA, 1988.
39. A. Wespi, M. Dacier, and H. Debar. Intrusion detection using variable length audit trail patterns. In RAID 2000, pages 110–129, 2000.