Execution monitoring of security-critical programs in distributed systems: a specification-based approach

Execution monitoring of security-critical programs in distributed systems: a specification-based approach. Ko, C., Ruschitzka, M., & Levitt, K. Proceedings. 1997 IEEE Symposium on Security and Privacy Cat. No.97CB36097, IEEE Comput. Soc. Press, 1997.

Paper doi abstract bibtex

This paper describes a specification-based approach to detect exploitations of vulnerabdities in security- critical programs. The approach utilizes security spe- cifications that describe the intended behavior of pro- grams and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and imple- mentation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifica- tions for 15 Unix setuid root programs. Our system de- tects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses at- tacks that exploit previously unknown vulnerabilities in security-critical programs.

@article{Koa,
   abstract    = {This paper describes a specification-based approach to detect
                  exploitations of vulnerabdities in security- critical
                  programs. The approach utilizes security spe- cifications that
                  describe the intended behavior of pro- grams and scans audit
                  trails for operations that are in violation of the
                  specifications. We developed a formal framework for specifying
                  the security-relevant behavior of programs, on which we based
                  the design and imple- mentation of a real-time intrusion
                  detection system for a distributed system. Also, we wrote
                  security specifica- tions for 15 Unix setuid root programs.
                  Our system de- tects attacks caused by monitored programs,
                  including security violations caused by improper
                  synchronization in distributed programs. Our approach
                  encompasses at- tacks that exploit previously unknown
                  vulnerabilities in security-critical programs.},
   author      = {Ko, C. and Ruschitzka, M. and Levitt, K.},
   doi         = {10.1109/SECPRI.1997.601332},
   file        = {:media/extstor2/knobase/papers/Ko, Ruschitzka,
                  Levitt/Proceedings. 1997 IEEE Symposium on Security and
                  Privacy Cat. No.97CB36097/Ko, Ruschitzka, Levitt - Execution
                  monitoring of security-critical programs in distributed
                  systems a specification-based approach - Unknown.pdf:pdf},
   isbn        = {0-8186-7828-3},
   journal     = {Proceedings. 1997 IEEE Symposium on Security and Privacy Cat.
                  No.97CB36097},
   pages       = {175--187},
   publisher   = {IEEE Comput. Soc. Press},
   title       = {{Execution monitoring of security-critical programs in
                  distributed systems: a specification-based approach}},
   url         = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332},
   year        = {1997}
}

Downloads: 0

{"_id":{"_str":"5418dbd3ffe14fcc4f000fd8"},"__v":0,"authorIDs":[],"author_short":["Ko, C.","Ruschitzka, M.","Levitt, K."],"bibbaseid":"ko-ruschitzka-levitt-executionmonitoringofsecuritycriticalprogramsindistributedsystemsaspecificationbasedapproach-1997","bibdata":{"bibtype":"article","type":"article","abstract":"This paper describes a specification-based approach to detect exploitations of vulnerabdities in security- critical programs. The approach utilizes security spe- cifications that describe the intended behavior of pro- grams and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and imple- mentation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifica- tions for 15 Unix setuid root programs. Our system de- tects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses at- tacks that exploit previously unknown vulnerabilities in security-critical programs.","author":[{"propositions":[],"lastnames":["Ko"],"firstnames":["C."],"suffixes":[]},{"propositions":[],"lastnames":["Ruschitzka"],"firstnames":["M."],"suffixes":[]},{"propositions":[],"lastnames":["Levitt"],"firstnames":["K."],"suffixes":[]}],"doi":"10.1109/SECPRI.1997.601332","file":":media/extstor2/knobase/papers/Ko, Ruschitzka, Levitt/Proceedings. 1997 IEEE Symposium on Security and Privacy Cat. No.97CB36097/Ko, Ruschitzka, Levitt - Execution monitoring of security-critical programs in distributed systems a specification-based approach - Unknown.pdf:pdf","isbn":"0-8186-7828-3","journal":"Proceedings. 1997 IEEE Symposium on Security and Privacy Cat. No.97CB36097","pages":"175--187","publisher":"IEEE Comput. Soc. Press","title":"Execution monitoring of security-critical programs in distributed systems: a specification-based approach","url":"http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332","year":"1997","bibtex":"@article{Koa,\n abstract = {This paper describes a specification-based approach to detect\n exploitations of vulnerabdities in security- critical\n programs. The approach utilizes security spe- cifications that\n describe the intended behavior of pro- grams and scans audit\n trails for operations that are in violation of the\n specifications. We developed a formal framework for specifying\n the security-relevant behavior of programs, on which we based\n the design and imple- mentation of a real-time intrusion\n detection system for a distributed system. Also, we wrote\n security specifica- tions for 15 Unix setuid root programs.\n Our system de- tects attacks caused by monitored programs,\n including security violations caused by improper\n synchronization in distributed programs. Our approach\n encompasses at- tacks that exploit previously unknown\n vulnerabilities in security-critical programs.},\n author = {Ko, C. and Ruschitzka, M. and Levitt, K.},\n doi = {10.1109/SECPRI.1997.601332},\n file = {:media/extstor2/knobase/papers/Ko, Ruschitzka,\n Levitt/Proceedings. 1997 IEEE Symposium on Security and\n Privacy Cat. No.97CB36097/Ko, Ruschitzka, Levitt - Execution\n monitoring of security-critical programs in distributed\n systems a specification-based approach - Unknown.pdf:pdf},\n isbn = {0-8186-7828-3},\n journal = {Proceedings. 1997 IEEE Symposium on Security and Privacy Cat.\n No.97CB36097},\n pages = {175--187},\n publisher = {IEEE Comput. Soc. Press},\n title = {{Execution monitoring of security-critical programs in\n distributed systems: a specification-based approach}},\n url = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332},\n year = {1997}\n}\n\n\n","author_short":["Ko, C.","Ruschitzka, M.","Levitt, K."],"key":"Koa","id":"Koa","bibbaseid":"ko-ruschitzka-levitt-executionmonitoringofsecuritycriticalprogramsindistributedsystemsaspecificationbasedapproach-1997","role":"author","urls":{"Paper":"http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332"},"downloads":0},"bibtype":"article","biburl":"https://dl.dropboxusercontent.com/u/14215034/bibs/bibs/thesis-bb.bib","creationDate":"2014-09-17T00:54:43.515Z","downloads":0,"keywords":[],"search_terms":["execution","monitoring","security","critical","programs","distributed","systems","specification","based","approach","ko","ruschitzka","levitt"],"title":"Execution monitoring of security-critical programs in distributed systems: a specification-based approach","year":1997,"dataSources":["bWAYKFgHdvrrBcfMA"]}