Computer Security and
Cryptography Reading Group
June 2003 List
Date & Location |
Reading |
4 June 2003
1304 CS
2:30 - 3:30 PM
|
Umesh Shankar, Vern Paxson
UC Berkeley / ICSI
Active Mapping: Resisting NIDS Evasion Without Altering Traffic
Proceedings of the 2003 IEEE Symposium on Security and Privacy
URL: http://www.cs.berkeley.edu/~ushankar/research/active/activemap.pdf
A critical problem faced by a Network
Intrusion Detection System (NIDS) is
that of ambiguity. The NIDS
cannot always determine what traffic
reaches a given host nor how that host
will interpret the traffic, and
attackers may exploit this ambiguity
to avoid detection or cause misleading
alarms. We present a lightweight
solution, Active Mapping, which
eliminates TCP/IP-based ambiguity in a
NIDS analysis with minimal runtime
cost. Active Mapping efficiently
builds profiles of the network
topology and the TCP/IP policies of
hosts on the network; a NIDS may then
use the host profiles to disambiguate
the interpretation of the network
traffic on a per-host basis. Active
Mapping avoids the semantic and
performance problems of traffic
normalization, in which traffic
streams are modified to remove
ambiguities. We have developed a
prototype implementation of Active
Mapping and modified a NIDS to use the
Active Mapping-generated profile
database in our tests. We found wide
variation across operating systems’
TCP/IP stack policies in real-world
tests (about 7,500 hosts),
underscoring the need for this sort of
disambiguation.
|
11 June 2003
1304 CS
2:30 - 3:30 PM
|
David Price, Algis Rudys, Dan S. Wallach
Rice
Garbage Collector Memory Accounting in Language-Based Systems
Proceedings of the 2003 IEEE Symposium on Security and Privacy
URL: http://www.cs.rice.edu/~arudys/papers/oakland2003.html
Language run-time systems are often
called upon to safely execute mutually
distrustful tasks within the same
runtime, protecting them from other
tasks' bugs or otherwise hostile
behavior. Well-studied access controls
exist in systems such as Java to
prevent unauthorized reading or
writing of data, but techniques to
measure and control resource usage are
less prevalent. In particular, most
language run-time systems include no
facility to account for and regulate
heap memory usage on a per-task
basis. This oversight can be exploited
by a misbehaving task, which might
allocate and hold live enough memory
to cause a denial-of-service attack,
crashing or slowing down other
tasks. In addition, tasks can
legitimately share references to the
same objects, and traditional
approaches that charge memory to its
allocator fail to properly account for
this sharing. We present a method for
modifying the garbage collector,
already present in most modern
language run-time systems, to measure
the amount of live memory reachable
from each task as it performs its
regular duties. Our system naturally
distinguishes memory shared across
tasks from memory reachable from only
a single task without requiring
incompatible changes to the semantics
of the programming language. Our
prototype implementation imposes
negligible performance overheads in a
variety of benchmarks, yet provides
enough information for the expression
of rich policies to express the limits
on a task's memory usage.
|
18 June 2003
1304 CS
2:30 - 3:30 PM
|
|
25 June 2003
1304 CS
2:30 - 3:30 PM
|
Recent paper
Lantian Zheng, S. Chong, A.C. Myers, S. Zdancewic
Cornell
Using replication and partitioning to build secure distributed systems
Proceedings of the 2003 IEEE Symposium on Security and Privacy
URL: http://ieeexplore.ieee.org/iel5/8543/27002/01199340.pdf?isNumber=27002&prod=CNF& arnumber=1199340&arNumber=1199340&arSt=+236&ared=+250&arAuthor=+Lantian+Zheng %3B++Chong%2C+S.%3B++Myers%2C+A.C.%3B++Zdancewic%2C+S.
A challenging unsolved security
problem is how to specify and
enforce system-wide security
policies; this problem is even more
acute in distributed systems with
mutual distrust. This paper
describes a way to enforce policies
for data confidentiality and
integrity in such an environment.
Programs annotated with security
specifications are statically
checked and then transformed by the
compiler to run securely on a
distributed system with untrusted
hosts. The code and data of the
computation are partitioned across
the available hosts in accordance
with the security specification. The
key contribution is automatic
replication of code and data to
increase assurance of integrity
without harming confidentiality, and
without placing undue trust in any
host. The compiler automatically
generates secure run-time protocols
for communication among the
replicated code partitions. Results
are given from a prototype
implementation applied to various
distributed programs.
Classic paper
John Dobson, Brian Randell
University of Newcastle upon Tyne
Building reliable secure computing systems out of unreliable insecure components
URL: http://www.acsac.org/2001/papers/142.pdf
Parallels are drawn between the
problems and techniques associated
with achieving high reliability, and
those associated with the provision
of security, in distributed
computing systems. Some limitations
of the concept of a Trusted
Computing Base are discussed, and an
alternative approach to the design
of highly secure computing systems
is put forward, based on fault
tolerance concepts and techniques.
|
|
< Back to the Sec & Crypto reading group page
|