Computer Security and Cryptography Seminar:
November 2004 Events

This talk is based on the paper by Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher and Mendel Rosenblum, appeared in the 2004 USENIX Security Symposium. In this talk I will discuss what data lifetime problem is and how it relates to potential security (especially privacy and secrecy) risks. Then I present the whole system simulation approach used to analyzing data lifetime issue. Pros and cons of the approach is also discussed.

This is an informal presentation, so discussions and comments are more than welcome.

This is an informal talk presenting a paper by S. Hofmeyr, S. Forrest, and A. Somayaji, published in the Journal of Computer Security Vol. 6, pp. 151-180 (1998). Come ready to critique and brainstorm.

A method is introduced for detecting intrusions at the level of privileged processes. Evidence is given that short sequences of system calls executed by running programs are a good discriminator between normal and abnormal operating characteristics of several common UNIX programs. Normal behavior is collected in two ways: Synthetically, by exercising as many normal modes of usage of a program as possible, and in a live user environment by tracing the actual execution of the program. In the former case several types of intrusive behavior were studied; in the latter case, we analyze results were analyzed for false positives.

The original paper can be found at http://www.cs.unm.edu/~forrest/papers.html.