System Call Monitoring Using Authenticated System Calls

Rajagopalan, Mohan; Hiltunen, Matti; Jim, Trevor; Schlichting, Richard D.

doi:10.1109/tdsc.2006.41

Cited by 36 publications

(17 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By positioning the rewritten versions of these two functions at those addresses, the rewriter can encode overlapping pointers to them in the lookup table. With chunk size c = 16 and memory division d = 2 28 , a rewritten code base address of 2 24 (t & 0xF) + 2 16 t supports at least 15 two-pointer collisions and 1 three-pointer collision per rewritten code page-far more than we saw in any binary we studied.…”

Section: Code Conventionsmentioning

confidence: 73%

“…Past work [17,19,28] has shown that IRM systems are capable of enforcing more sophisticated temporal properties when equipped with more powerful event languages and responses to impending policy violations that go beyond mere program termination. Developing policy-enforcement libraries that implement such policies is therefore a logical next step toward applying our framework to interesting, practical security problems for these real-world systems.…”

Section: Other Future Workmentioning

confidence: 99%

See 1 more Smart Citation

Securing untrusted code via compiler-agnostic binary rewriting

Wartell

Mohan

Hamlen

et al. 2012

Proceedings of the 28th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Binary code from untrusted sources remains one of the primary vehicles for malicious software attacks. This paper presents REINS, a new, more general, and lighter-weight binary rewriting and inlining system to tame and secure untrusted binary programs. Unlike traditional monitors, REINS requires no cooperation from codeproducers in the form of source code or debugging symbols, requires no client-side support infrastructure (e.g., a virtual machine or hypervisor), and preserves the behavior of even complex, event-driven, x86 native COTS binaries generated by aggressively optimizing compilers. This makes it exceptionally easy to deploy. The safety of programs rewritten by REINS is independently machine-verifiable, allowing rewriting to be deployed as an untrusted third-party service. An implementation of REINS for Microsoft Windows demonstrates that it is effective and practical for a real-world OS and architecture, introducing only about 2.4% runtime overhead to rewritten binaries.

show abstract

Section: Code Conventionsmentioning

confidence: 73%

Section: Other Future Workmentioning

confidence: 99%

Securing untrusted code via compiler-agnostic binary rewriting

Wartell

Mohan

Hamlen

et al. 2012

Proceedings of the 28th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…In addition, they apply binary rewriting to assign unique names to call sites, to further curb nondeterminism in the monitor (an analogous technique, call-signing, is presented by Rajagopalan et. al [26]). Because invocations of xhr are, however, often deep within frameworks, signatures cannot be placed at invocations of that function; they must instead be "pushed up" the call chain to where the requests are really made.…”

Section: Related Workmentioning

confidence: 96%

“…Other systems use a model of calls constructed through static analysis [33,7,12,26]. These systems all address operating system monitoring, where the operating system (corresponding to our server), monitor, and application (corresponding to our browser client) all run on the same machine.…”

Section: Related Workmentioning

confidence: 99%

Using static analysis for Ajax intrusion detection

Guha

Krishnamurthi

Jim

2009

Proceedings of the 18th International Conference on World Wide Web

117

View full text Add to dashboard Cite

We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected client behavior as seen from the server, and build an intrusion-prevention proxy for the server: the proxy intercepts client requests and disables those that do not meet the expected behavior. We insert random asynchronous requests to foil mimicry attacks. Finally, we evaluate our technique against several real applications and show that it protects against an attack in a widely-used web application.

show abstract

“…A more usable MAC solution is described in [16]. A cryptographic-based MAC system is the authenticated system call work by Rajagopalan et al [22], which is closed in spirit to our A2 framework. The presented work in the authenticated system call is limited to providing identities (the HMAC) to individual function calls to system calls in an application.…”

Section: Related Workmentioning

confidence: 99%

Identifying native applications with high assurance

Almohri

Yao

Kafura

2012

Proceedings of the Second ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

Main stream operating system kernels lack a strong and reliable mechanism for identifying the running processes and binding them to the corresponding executable applications. In this paper, we address the identification problem by proposing a novel secure application identification model in which user-level applications are required to present identification proofs at run time to be authenticated to the kernel. In our model, applications are supplied with unique secret keys. The secret key of an application is registered with a trusted kernel at the installation time and is used to uniquely authenticate the application. We present a protocol for the secure authentication of applications. Additionally, we develop a system call monitoring architecture that uses our model to verify the identity of applications when making designated system calls. Our system call monitoring can be integrated with existing mandatory access control systems to enforce application-level access rights. We implement and evaluate a prototype of our monitoring architecture in Linux as device drivers with no modification of the kernel. The results from our extensive performance evaluation shows that our prototype incurs low overhead, indicating the feasibility of our approach for cryptographically identifying and authenticating applications in the operating system.

show abstract

System Call Monitoring Using Authenticated System Calls

Cited by 36 publications

References 22 publications

Securing untrusted code via compiler-agnostic binary rewriting

Securing untrusted code via compiler-agnostic binary rewriting

Using static analysis for Ajax intrusion detection

Identifying native applications with high assurance

Contact Info

Product

Resources

About