Introducing Reference Flow Control for Detecting Intrusion Symptoms at the OS Level

Jacob Zimmermann, Ludovic Mé and Christophe Bidan

View Related Documents

Book Chapter
Using Attack Trees to Identify Malicious Attacks from Authorized Insiders
Indrajit Ray and Nayot Poolsapassit
Lecture Notes in Computer Science, 2005, Volume 3679, Computer Security – ESORICS 2005, Pages 231-246
- Download PDF (403.4 KB)
Book Chapter
A Novel Online Technique to Characterize and Mitigate DoS Attacks using EPSD and Honeypots
Anjali Sardana, Bhavana Gandhi and Ramesh Joshi
2007, Innovative Algorithms and Techniques in Automation, Industrial Electronics and Telecommunications, Pages 49-54
- Download PDF (332.9 KB)
Book Chapter
Using Contextual Security Policies for Threat Response
Hervé Debar, Yohann Thomas, Nora Boulahia-Cuppens and Frédéric Cuppens
Lecture Notes in Computer Science, 2006, Volume 4064, Detection of Intrusions and Malware & Vulnerability Assessment, Pages 109-128
- Download PDF (462.1 KB)
Book Chapter
Formal Reasoning About Intrusion Detection Systems
Tao Song, Calvin Ko, Jim Alves-Foss, Cui Zhang and Karl Levitt
Lecture Notes in Computer Science, 2004, Volume 3224, Recent Advances in Intrusion Detection, Pages 278-295
- Download PDF (218.5 KB)
Book Chapter
A Distributed Intrusion Detection Approach for Secure Software Architecture
Paola Inverardi and Leonardo Mostarda
Lecture Notes in Computer Science, 2005, Volume 3527, Software Architecture, Pages 168-184
- Download PDF (191.9 KB)
Book Chapter
Models of Distributed Secure Computing
Paulo Veríssimo and Luís Rodrigues
Advances in Distributed Computing and Middleware, 1, Volume 1, Distributed Systems for System Architects, Part IV, Pages 427-486
- Download PDF (7.1 MB)
Journal Article
Enabling automated threat response through the use of a dynamic security policy
Hervé Debar, Yohann Thomas, Frédéric Cuppens and Nora Cuppens-Boulahia
Journal in Computer Virology, 2007, Volume 3, Number 3, Pages 195-210
- Download PDF (354.1 KB)
Book Chapter
A Quick SSH Implementation
2006, Pro OpenSSH, Part 1, Pages 17-34
- Download PDF (305.3 KB)
Book Chapter
Dynamic Specifications in Norm-Governed Open Computational Societies
Dimosthenis Kaponis and Jeremy Pitt
Lecture Notes in Computer Science, 2007, Volume 4457, Engineering Societies in the Agents World VII, Pages 265-283
- Download PDF (406.1 KB)
Book Chapter
Towards a Global Security Architecture for Intrusion Detection and Reaction Management
Renaud Bidou, Julien Bourgeois and Francois Spies
Lecture Notes in Computer Science, 2004, Volume 2908, Information Security Applications, Pages 1769-1785
- Download PDF (319.3 KB)

Abstract

This paper presents a novel approach to policy-based detection of “attacks by delegation”. By exploiting unpredictable behaviour such as unknown side-effects, race-conditions, buffer overflows, confused deputies etc., these attacks aim at achieving their goals (i.e. executing some illegal operation) as legal consequences of other legitimate operations. The proposed approach enforces restrictions on whether an operation can be executed as a consequence of another, in order to detect that kind of attacks. We propose a proof-of-concept application to a Unix system and show its ability to detect novel attack scenarii that seek the same intrusion goals.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Introducing Reference Flow Control for Detecting Intrusion Symptoms at the OS Level

View Related Documents

Abstract

Fulltext Preview