A Tamper-Resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors

Get BibTex-formatted data

Author

Chinchani, Ramkumar; Upadhyaya, Shambhu

Entry type

article

Abstract

Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. In this paper, we provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We the-oretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principals of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.

Date

2003 – 09 – 03

URL

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1192456

Booktitle

Proceedings of the First IEEE International Workshop on Information Assurance

Key alpha

Chinchani

Organization

University of Buffalo

Publisher

IEEE Computer Society

Publication Date

2003-09-03

Copyright

2003 by IEEE Computer Society

Isbn

0-7695-1886

Price

$17.00

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Chinchani,
	title = "A Tamper-Resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors",
	author = "Chinchani, Ramkumar; Upadhyaya, Shambhu",
	year = "2003",
	month = "09",
	booktitle = "Proceedings of the First IEEE International Workshop on Information Assurance",
	organization = "University of Buffalo",
	publisher = "IEEE Computer Society",
	day = "03",
	abstract = "Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities.  This assumption may be unreasonable in the context of attacks and intrusions.  An intruder could compromise any number of the available copies of a service resulting in a false sense of security.  The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path.  In this paper, we provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts.  A framework that claims to provide such a feature must itself be tamper-resistant to attacks.  We the-oretically analyze and compare some relevant schemes and show their fallibility.  We propose our own framework that is based on some simple principals of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert.  We also present some preliminary results as a proof of concept. ",
	copyright = "2003 by IEEE Computer Society",
	isbn = "0-7695-1886",
	price = "$17.00",
	url = "http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1192456",
}