Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

S
SP
1997
1997 IEEE Symposium on Security and Privacy
Abstract - Execution monitoring of security-critical programs in distributed systems: a Specification-based approach

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by C. Ko Articles by M. Ruschitzka Articles by K. Levitt

1997 IEEE Symposium on Security and Privacy

Oakland, CA

May 04-May 07

ISBN: 0-8186-7828-3

	ASCII Text	x
	C. Ko, M. Ruschitzka, K. Levitt, "Execution monitoring of security-critical programs in distributed systems: a Specification-based approach," Security and Privacy, IEEE Symposium on, pp. 0175, 1997 IEEE Symposium on Security and Privacy, 1997.

	BibTex	x
	@article{ 10.1109/SECPRI.1997.601332, author = {C. Ko and M. Ruschitzka and K. Levitt}, title = {Execution monitoring of security-critical programs in distributed systems: a Specification-based approach}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {1997}, issn = {1540-7993}, pages = {0175}, doi = {http://doi.ieeecomputersociety.org/10.1109/SECPRI.1997.601332}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Execution monitoring of security-critical programs in distributed systems: a Specification-based approach SN - 1540-7993 SP EP A1 - C. Ko, A1 - M. Ruschitzka, A1 - K. Levitt, PY - 1997 KW - system monitoring; security-critical program execution monitoring; distributed systems; specification-based approach; program vulnerabilities; security specifications; audit trails; formal framework; real-time intrusion detection system; Unix setuid root programs; system attack detection; security violations; synchronization VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

C. Ko, Trusted Inf. Syst. Inc., Mountain View, CA, USA

M. Ruschitzka, Trusted Inf. Syst. Inc., Mountain View, CA, USA

K. Levitt, Trusted Inf. Syst. Inc., Mountain View, CA, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SECPRI.1997.601332

Abstract: We describe a specification-based approach to detect exploitations of vulnerabilities in security-critical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and implementation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifications for 15 Unix setuid root programs. Our system detects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses attacks that exploit previously unknown vulnerabilities in security-critical programs.

Index Terms:

system monitoring; security-critical program execution monitoring; distributed systems; specification-based approach; program vulnerabilities; security specifications; audit trails; formal framework; real-time intrusion detection system; Unix setuid root programs; system attack detection; security violations; synchronization

Citation:

C. Ko, M. Ruschitzka, K. Levitt, "Execution monitoring of security-critical programs in distributed systems: a Specification-based approach," sp, pp.0175, 1997 IEEE Symposium on Security and Privacy, 1997

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.