Implementing secure dependencies over a network by designing a distributed security subsystem

d’Ausbourg, Bruno

doi:10.1007/3-540-58618-0_68

Cited by 11 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this work, we restrict the time window to two consecutive actions performed by a single user identified by its session id (see Figure 4). Using the notion of causal dependencies as defined in [13]…”

Section: A Reducing the Set Of Variablesmentioning

confidence: 99%

Detecting attacks against data in web applications

Ludinard

Totel

Tronel

et al. 2012

2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)

View full text Add to dashboard Cite

Abstract-RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system for applications implemented with the Ruby on Rails framework. It is aimed at detecting attacks against data in the context of web applications. This anomaly based IDS focuses on the modeling of the application profile in the absence of attacks (called normal profile) using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

show abstract

Section: A Reducing the Set Of Variablesmentioning

confidence: 99%

Detecting attacks against data in web applications

Ludinard

Totel

Tronel

et al. 2012

2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)

View full text Add to dashboard Cite

show abstract

“…Furthermore, it constitutes a subset of the data being influenced by user inputs, which we call tainted data. The notion of influence between two or more data can be formally defined by the notion of causal dependency [8,19,7]. Denoting (o,t) the content of the data object o (a byte or a variable depending on the level of granularity) at time t, we may then denote (o',t') → (o,t), with t ≤ t the causal dependency of (o,t) in relation to (o',t').…”

Section: Intrusion Sensitive Data Setmentioning

confidence: 99%

Building an Application Data Behavior Model for Intrusion Detection

Sarrouy

Totel

Jouga

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. Application level intrusion detection systems usually rely on the immunological approach. In this approach, the application behavior is compared at runtime with a previously learned application profile of the sequence of system calls it is allowed to emit. Unfortunately, this approach cannot detect anything but control flow violation and thus remains helpless in detecting the attacks that aim pure application data. In this paper, we propose an approach that would enhance the detection of such attacks. Our proposal relies on a data oriented behavioral model that builds the application profile out of dynamically extracted invariant constraints on the application data items.

show abstract

“…To achieve that, we propose to use the concept of causal dependencies [10,19]. In an information flow, a point (o, t) references an object o at the instant time t. The set of points in the information flow is denoted P .…”

Section: Generated Languages' Randomizationmentioning

confidence: 99%

Automated Instruction-Set Randomization for Web Applications in Diversified Redundant Systems

Majorczyk

Demay

2009

2009 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

The use of diversity and redundancy in the security domain is an interesting approach to prevent or detect intrusions. Many researchers have proposed architectures based on those concepts where diversity is either natural or artificial. These architectures are based on the architecture of N-version programming and were often instantiated for web servers without taking into account the web application(s) running on those. In this article, we present a solution to protect the web applications running on this kind of architectures in order to detect and tolerate code injection intrusions. Our solution consists in creating diversity in the web application scripts by randomizing the language understood by the interpreter so that an injected code can not be executed by all the servers. We also present the issues related to the automatization of our solution and present some solutions to tackle these issues.

show abstract

Implementing secure dependencies over a network by designing a distributed security subsystem

Cited by 11 publications

References 5 publications

Detecting attacks against data in web applications

Detecting attacks against data in web applications

Building an Application Data Behavior Model for Intrusion Detection

Automated Instruction-Set Randomization for Web Applications in Diversified Redundant Systems

Contact Info

Product

Resources

About