Filters








28,270 Hits in 6.6 sec

SIDAN: A tool dedicated to software instrumentation for detecting attacks on non-control-data

Jonathan-Christofer Demay, Eric Totel, Frederic Tronel
2009 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009)  
We propose in this article an approach that focuses on the detection of non-control-data attacks.  ...  But even then, attacks that target non-control-data may be missed and attacks on control-data may be adapted to bypass the detection mechanism using evasion techniques.  ...  The use of the static analysis framework Frama-C has led to the creation of a tool that instruments software in order to detect non-control-data attacks.  ... 
doi:10.1109/crisis.2009.5411977 dblp:conf/crisis/DemayTT09 fatcat:u7quyodmwfgxnd5xjyq5fhk564

Detecting Illegal System Calls Using a Data-Oriented Detection Model [chapter]

Jonathan-Christofer Demay, Frédéric Majorczyk, Eric Totel, Frédéric Tronel
2011 IFIP Advances in Information and Communication Technology  
The most common anomaly detection mechanisms at application level consist in detecting a deviation of the control-flow of a program.  ...  However, such methods do not detect mimicry attacks or attacks against the integrity of the system call parameters.  ...  We also present SIDAN 1 (Software Instrumentation for the Detection of Attacks on Non-control-data) [13] , a tool we have developed that implements our detection model.  ... 
doi:10.1007/978-3-642-21424-0_25 fatcat:fe3jaczhmzfe7e5bkfh2tktziq

SecureD: A Secure Dual Core Embedded Processor [article]

Roshan G. Ragel, Jude A. Ambrose, Sri Parameswaran
2015 arXiv   pre-print
In the past, a number of countermeasures, both hardware- and software-based, were proposed individually against these two types of attacks.  ...  Therefore, this paper, for the first time, proposes a hardware/software based countermeasure against both code-injection attacks and power analysis based side-channel attacks in a dual core embedded system  ...  There exist a number of individual detection mechanisms for these two attacks in both software and architecture domains.  ... 
arXiv:1511.01946v1 fatcat:rxtdftx74jgpxen2m4uxhewqgy

IMPRES: integrated monitoring for processor reliability and security

R.G. Ragel, S. Parameswaran
2006 Proceedings - Design Automation Conference  
This paper presents a novel hardware/software technique at the granularity of micro-instructions to reduce overheads considerably.  ...  Security is often compromised by code injection attacks, jeopardizing even 'trusted software'.  ...  The ultimate goal of security attacks is to gain control of the system and destroy system integrity by altering information which is in the form of software and data.  ... 
doi:10.1109/dac.2006.229268 fatcat:aev57qwrhjaphprqrhyczamp7i

IMPRES

Roshan G. Ragel, Sri Parameswaran
2006 Proceedings of the 43rd annual conference on Design automation - DAC '06  
This paper presents a novel hardware/software technique at the granularity of micro-instructions to reduce overheads considerably.  ...  Security is often compromised by code injection attacks, jeopardizing even 'trusted software'.  ...  The ultimate goal of security attacks is to gain control of the system and destroy system integrity by altering information which is in the form of software and data.  ... 
doi:10.1145/1146909.1147041 dblp:conf/dac/RagelP06 fatcat:tjitfpl3njazzi7rrelcpksnpq

Vigilante

Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham
2005 ACM SIGOPS Operating Systems Review  
Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection.  ...  When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software.  ...  We thank Eric Traut for discussions about Virtual PC. We thank Rene Wilhelm and Henk Uijterwaal for access to the RIPE data. We thank Jacob Gorm Hansen for implementing the Windows NX detector.  ... 
doi:10.1145/1095809.1095824 fatcat:escf5e6zrvamnnyzy2ddn2sndi

Vigilante

Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham
2005 Proceedings of the twentieth ACM symposium on Operating systems principles - SOSP '05  
Hosts run instrumented software to detect worms and broadcast self-certifying alerts (SCAs) upon worm detection.  ...  When hosts receive an SCA, they generate filters that block infection by analysing the SCA-guided execution of the vulnerable software.  ...  We thank Eric Traut for discussions about Virtual PC. We thank Rene Wilhelm and Henk Uijterwaal for access to the RIPE data. We thank Jacob Gorm Hansen for implementing the Windows NX detector.  ... 
doi:10.1145/1095810.1095824 dblp:conf/sosp/CostaCCRZZB05 fatcat:pimh3utfrfcg3evkboc6os5htq

ProbeGuard

Koustubha Bhat, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida
2019 Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS '19  
This has led researchers to question the value of information hiding in real-world software security.  ...  While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security.  ...  This paper reflects only the authors' view. The funding agencies are not responsible for any use that may be made of the information it contains.  ... 
doi:10.1145/3297858.3304073 dblp:conf/asplos/BhatKBG19 fatcat:fcz37f3swngdhndkrkanxtlszq

Software Cruising: A New Technology for Building Concurrent Software Monitor [chapter]

Dinghao Wu, Peng Liu, Qiang Zeng, Donghai Tian
2013 Secure Cloud Computing  
We believe the software cruising technology would result in a game-changing capability in security monitoring for the cloud-based and traditional computing and network systems.  ...  In the software cruising framework, one or more dedicated threads, called cruising threads, are running concurrently with the monitored user or kernel code, to constantly check, or cruise, for security  ...  In contrast, software cruising can be applied to detect control flow attacks by comparing linkages between canaries with the linkages between the corresponding kernel data structures.  ... 
doi:10.1007/978-1-4614-9278-8_14 fatcat:3goyj5eijzfgndwjii2jvow4y4

From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware

Haibo Chen, Xi Wu, Liwei Yuan, Binyu Zang, Pen-chung Yew, Frederic T. Chong
2008 2008 International Symposium on Computer Architecture  
Based on this observation, we propose SHIFT, a low-overhead, software-based dynamic information flow tracking system to detect a wide range of attacks.  ...  Moreover, by decoupling mechanisms for taint tracking from security policies, SHIFT can detect a wide range of exploits, including high-level semantic attacks.  ...  Acknowledgment The authors thank Frans Kaashoek and the anonymous reviewers for their insightful comments. This research was funded by China National 973 Plan under grant numbered 2005CB321905.  ... 
doi:10.1109/isca.2008.18 dblp:conf/isca/ChenWYZYC08 fatcat:yjpye3xdfncgljndzhmu3jm6n4

From Speculation to Security

Haibo Chen, Xi Wu, Liwei Yuan, Binyu Zang, Pen-chung Yew, Frederic T. Chong
2008 SIGARCH Computer Architecture News  
Based on this observation, we propose SHIFT, a low-overhead, software-based dynamic information flow tracking system to detect a wide range of attacks.  ...  Moreover, by decoupling mechanisms for taint tracking from security policies, SHIFT can detect a wide range of exploits, including high-level semantic attacks.  ...  Acknowledgment The authors thank Frans Kaashoek and the anonymous reviewers for their insightful comments. This research was funded by China National 973 Plan under grant numbered 2005CB321905.  ... 
doi:10.1145/1394608.1382156 fatcat:4rfuygu6vjgh5jmb5k7dt5ubmu

Detecting anomalies in metro systems

Marcellinus Hendro Adi Wibowo, Huaqun Guo, Wang Ling Goh
2018 2018 IEEE 4th World Forum on Internet of Things (WF-IoT)  
This attack can be detected by comparing the features extracted from the traffic happening to the heuristic and proper data set.  ...  Data that are compared in the analysis are the features of each instrument from the traffic which are number of command transfer, number of handshake transfer, and the ratio of command transfer to the  ...  NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate. The special thanks are also given to SMRT Trains Ltd for providing domain knowledge and technical support.  ... 
doi:10.1109/wf-iot.2018.8355146 dblp:conf/wf-iot/WibowoGG18 fatcat:g3s4cyeat5caxkyyekkcfbqzua

Exploit hijacking

Costin Raiciu, Mark Handley, David S. Rosenblum
2006 Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense - LSAD '06  
Recent advances in the defense of networked computers use instrumented binaries to track tainted data, and can detect attempted break-ins automatically.  ...  These techniques identify how the transfer of execution to the attacker takes place, allowing the automatic generation of defenses.  ...  Acknowledgement We would like to thank Jon Crowcroft and Manuel Costa for numerous insightful discussion on this topic and for providing us with simulation tools and data.  ... 
doi:10.1145/1162666.1162670 fatcat:inl5hmoamjalrccsg72c6rqxwy

Toward Taming the Overhead Monster for Data-Flow Integrity [article]

Lang Feng, Jiayi Huang, Jeff Huang, Jiang Hu
2021 arXiv   pre-print
Data-Flow Integrity (DFI) is a well-known approach to effectively detecting a wide range of software attacks.  ...  However, its real-world application has been quite limited so far because of the prohibitive performance overhead it incurs.  ...  Conclusions and Future Research Data-Flow Integrity (DFI) is potentially a very powerful security measure that can detect a large number of software attacks.  ... 
arXiv:2102.10031v1 fatcat:p3soagzyazdsff3vme6ynlcsru

Improving software security via runtime instruction-level taint checking

Jingfei Kong, Cliff C. Zou, Huiyang Zhou
2006 Proceedings of the 1st workshop on Architectural and system support for improving software dependability - ASID '06  
However, such architectures are not effective against non-control data attacks.  ...  We also demonstrate effective usages of our architecture to detect buffer overflow and format string attacks.  ...  However there are many cases that non-control data are also important for software security.  ... 
doi:10.1145/1181309.1181313 dblp:conf/asplos/KongZZ06 fatcat:wrw7fhtonba23igu4t3ii6vzrq
« Previous Showing results 1 — 15 out of 28,270 results