Execution monitoring of security-critical programs in distributed systems: a specification-based approach. Ko, C., Ruschitzka, M., & Levitt, K. Proceedings. 1997 IEEE Symposium on Security and Privacy Cat. No.97CB36097, IEEE Comput. Soc. Press, 1997.
Paper doi abstract bibtex This paper describes a specification-based approach to detect exploitations of vulnerabdities in security- critical programs. The approach utilizes security spe- cifications that describe the intended behavior of pro- grams and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and imple- mentation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifica- tions for 15 Unix setuid root programs. Our system de- tects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses at- tacks that exploit previously unknown vulnerabilities in security-critical programs.
@article{Koa,
abstract = {This paper describes a specification-based approach to detect
exploitations of vulnerabdities in security- critical
programs. The approach utilizes security spe- cifications that
describe the intended behavior of pro- grams and scans audit
trails for operations that are in violation of the
specifications. We developed a formal framework for specifying
the security-relevant behavior of programs, on which we based
the design and imple- mentation of a real-time intrusion
detection system for a distributed system. Also, we wrote
security specifica- tions for 15 Unix setuid root programs.
Our system de- tects attacks caused by monitored programs,
including security violations caused by improper
synchronization in distributed programs. Our approach
encompasses at- tacks that exploit previously unknown
vulnerabilities in security-critical programs.},
author = {Ko, C. and Ruschitzka, M. and Levitt, K.},
doi = {10.1109/SECPRI.1997.601332},
file = {:media/extstor2/knobase/papers/Ko, Ruschitzka,
Levitt/Proceedings. 1997 IEEE Symposium on Security and
Privacy Cat. No.97CB36097/Ko, Ruschitzka, Levitt - Execution
monitoring of security-critical programs in distributed
systems a specification-based approach - Unknown.pdf:pdf},
isbn = {0-8186-7828-3},
journal = {Proceedings. 1997 IEEE Symposium on Security and Privacy Cat.
No.97CB36097},
pages = {175--187},
publisher = {IEEE Comput. Soc. Press},
title = {{Execution monitoring of security-critical programs in
distributed systems: a specification-based approach}},
url = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332},
year = {1997}
}
Downloads: 0
{"_id":{"_str":"5418dbd3ffe14fcc4f000fd8"},"__v":0,"authorIDs":[],"author_short":["Ko, C.","Ruschitzka, M.","Levitt, K."],"bibbaseid":"ko-ruschitzka-levitt-executionmonitoringofsecuritycriticalprogramsindistributedsystemsaspecificationbasedapproach-1997","bibdata":{"bibtype":"article","type":"article","abstract":"This paper describes a specification-based approach to detect exploitations of vulnerabdities in security- critical programs. The approach utilizes security spe- cifications that describe the intended behavior of pro- grams and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and imple- mentation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifica- tions for 15 Unix setuid root programs. Our system de- tects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses at- tacks that exploit previously unknown vulnerabilities in security-critical programs.","author":[{"propositions":[],"lastnames":["Ko"],"firstnames":["C."],"suffixes":[]},{"propositions":[],"lastnames":["Ruschitzka"],"firstnames":["M."],"suffixes":[]},{"propositions":[],"lastnames":["Levitt"],"firstnames":["K."],"suffixes":[]}],"doi":"10.1109/SECPRI.1997.601332","file":":media/extstor2/knobase/papers/Ko, Ruschitzka, Levitt/Proceedings. 1997 IEEE Symposium on Security and Privacy Cat. No.97CB36097/Ko, Ruschitzka, Levitt - Execution monitoring of security-critical programs in distributed systems a specification-based approach - Unknown.pdf:pdf","isbn":"0-8186-7828-3","journal":"Proceedings. 1997 IEEE Symposium on Security and Privacy Cat. No.97CB36097","pages":"175--187","publisher":"IEEE Comput. Soc. Press","title":"Execution monitoring of security-critical programs in distributed systems: a specification-based approach","url":"http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332","year":"1997","bibtex":"@article{Koa,\n abstract = {This paper describes a specification-based approach to detect\n exploitations of vulnerabdities in security- critical\n programs. The approach utilizes security spe- cifications that\n describe the intended behavior of pro- grams and scans audit\n trails for operations that are in violation of the\n specifications. We developed a formal framework for specifying\n the security-relevant behavior of programs, on which we based\n the design and imple- mentation of a real-time intrusion\n detection system for a distributed system. Also, we wrote\n security specifica- tions for 15 Unix setuid root programs.\n Our system de- tects attacks caused by monitored programs,\n including security violations caused by improper\n synchronization in distributed programs. Our approach\n encompasses at- tacks that exploit previously unknown\n vulnerabilities in security-critical programs.},\n author = {Ko, C. and Ruschitzka, M. and Levitt, K.},\n doi = {10.1109/SECPRI.1997.601332},\n file = {:media/extstor2/knobase/papers/Ko, Ruschitzka,\n Levitt/Proceedings. 1997 IEEE Symposium on Security and\n Privacy Cat. No.97CB36097/Ko, Ruschitzka, Levitt - Execution\n monitoring of security-critical programs in distributed\n systems a specification-based approach - Unknown.pdf:pdf},\n isbn = {0-8186-7828-3},\n journal = {Proceedings. 1997 IEEE Symposium on Security and Privacy Cat.\n No.97CB36097},\n pages = {175--187},\n publisher = {IEEE Comput. Soc. Press},\n title = {{Execution monitoring of security-critical programs in\n distributed systems: a specification-based approach}},\n url = {http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332},\n year = {1997}\n}\n\n\n","author_short":["Ko, C.","Ruschitzka, M.","Levitt, K."],"key":"Koa","id":"Koa","bibbaseid":"ko-ruschitzka-levitt-executionmonitoringofsecuritycriticalprogramsindistributedsystemsaspecificationbasedapproach-1997","role":"author","urls":{"Paper":"http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=601332"},"downloads":0},"bibtype":"article","biburl":"https://dl.dropboxusercontent.com/u/14215034/bibs/bibs/thesis-bb.bib","creationDate":"2014-09-17T00:54:43.515Z","downloads":0,"keywords":[],"search_terms":["execution","monitoring","security","critical","programs","distributed","systems","specification","based","approach","ko","ruschitzka","levitt"],"title":"Execution monitoring of security-critical programs in distributed systems: a specification-based approach","year":1997,"dataSources":["bWAYKFgHdvrrBcfMA"]}