Search For:

Displaying 1-50 out of 62 total
Cloud Verifier: Verifiable Auditing Service for IaaS Clouds
Found in: 2013 IEEE World Congress on Services (SERVICES)
By Joshua Schiffman,Yuqiong Sun,Hayawardh Vijayakumar,Trent Jaeger
Issue Date:June 2013
pp. 239-246
Cloud computing has commoditized compute, storage, and networking resources creating an on-demand utility. Despite the attractiveness of this new paradigm, its adoption has been stymied by cloud platform's lack of transparency, which leaves customers unsur...
 
Lessons from VAX/SVS for High-Assurance VM Systems
Found in: IEEE Security & Privacy
By Steve Lipner,Trent Jaeger,Mary Ellen Zurko
Issue Date:November 2012
pp. 26-35
The authors take a look back at VAX/SVS, a high-assurance virtual machine monitor (VMM) project from the 1980s, extracting its most pertinent lessons, including reference monitor architectural principles, approaches to verifiable and tamperproof access con...
 
A Rose by Any Other Name or an Insane Root? Adventures in Name Resolution
Found in: 2011 Seventh European Conference on Computer Network Defense (EC2ND)
By Hayawardh Vijayakumar,Joshua Schiffman,Trent Jaeger
Issue Date:September 2011
pp. 1-8
Namespaces are fundamental to computing systems. Each namespace maps the names that clients use to retrieve resources to the actual resources themselves. However, the indirection that namespaces provide introduces avenues of attack through the name resolut...
 
Network-Based Root of Trust for Installation
Found in: IEEE Security and Privacy
By Joshua Schiffman, Thomas Moyer, Trent Jaeger, Patrick McDaniel
Issue Date:January 2011
pp. 40-48
Administrators of large datacenters often require network installation mechanisms, such as disk cloning over the network, to manage the integrity of their machines. However, network-based installation is vulnerable to a variety of attacks, including compro...
 
A logical specification and analysis for SELinux MLS policy
Found in: ACM Transactions on Information and System Security (TISSEC)
By Boniface Hicks, Luke St.Clair, Luke St.Clair, Patrick McDaniel, Patrick McDaniel, Sandra Rueda, Sandra Rueda, Trent Jaeger, Trent Jaeger
Issue Date:July 2010
pp. 1-31
The SELinux mandatory access control (MAC) policy has recently added a multilevel security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of the SELinux MLS model makes it...
     
Outlook: Cloudy with a Chance of Security Challenges and Improvements
Found in: IEEE Security and Privacy
By Trent Jaeger, Joshua Schiffman
Issue Date:January 2010
pp. 77-80
Cloud computing presents an opportunity to offload computing to third party resources, but this business model isn't without security risks. Customers must determine if running their computing on a base system managed by a third party is better than runnin...
 
Scalable Web Content Attestation
Found in: Computer Security Applications Conference, Annual
By Thomas Moyer, Kevin Butler, Joshua Schiffman, Patrick McDaniel, Trent Jaeger
Issue Date:December 2009
pp. 95-104
The web is a primary means of information sharing for most organizations and people. Currently, a recipient of web content knows nothing about the environment in which that information was generated other than the specific server from whence it came (and e...
 
Justifying Integrity Using a Virtual Machine Verifier
Found in: Computer Security Applications Conference, Annual
By Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, Patrick McDaniel
Issue Date:December 2009
pp. 83-92
Emerging distributed computing architectures, such as grid and cloud computing, depend on the high integrity execution of each system in the computation. While integrity measurement enables systems to generate proofs of their integrity to remote parties, w...
 
Designing System-Level Defenses against Cellphone Malware
Found in: Reliable Distributed Systems, IEEE Symposium on
By Liang Xie, Xinwen Zhang, Ashwin Chaugule, Trent Jaeger, Sencun Zhu
Issue Date:September 2009
pp. 83-90
Cellphones are increasingly becoming attractive targets of various malware, which not only cause privacy leakage, extra charges, and depletion of battery power, but also introduce malicious traffic into networks. In this work, we seek system-level solution...
 
New Side Channels Targeted at Passwords
Found in: Computer Security Applications Conference, Annual
By Albert Tannous, Jonathan Trostle, Mohamed Hassan, Stephen E. McLaughlin, Trent Jaeger
Issue Date:December 2008
pp. 45-54
Side channels are typically viewed as attacks that leak cryptographic keys during cryptographic algorithm processing, by observation of system side effects. In this paper, we present new side channels that leak password information during X Windows keyboar...
 
PinUP: Pinning User Files to Known Applications
Found in: Computer Security Applications Conference, Annual
By William Enck, Patrick McDaniel, Trent Jaeger
Issue Date:December 2008
pp. 55-64
Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet.
 
Establishing and Sustaining System Integrity via Root of Trust Installation
Found in: Computer Security Applications Conference, Annual
By Luke St. Clair, Joshua Schiffman, Trent Jaeger, Patrick McDaniel
Issue Date:December 2007
pp. 19-29
Integrity measurements provide a means by which dis- tributed systems can assess the trustability of potentially compromised remote hosts. However, current measurement techniques simply assert the identity of software, but pro- vide no indication of the on...
 
Mining Security-Sensitive Operations in Legacy Code Using Concept Analysis
Found in: Software Engineering, International Conference on
By Vinod Ganapathy, David King, Trent Jaeger, Somesh Jha
Issue Date:May 2007
pp. 458-467
his paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the obser- vation that security-sensitive operations performed by a server are characterized by idiomatic ...
 
Shamon: A System for Distributed Mandatory Access Control
Found in: Computer Security Applications Conference, Annual
By Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, Reiner Sailer
Issue Date:December 2006
pp. 23-32
We define and demonstrate an approach to securing dis- tributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor ...
 
Retrofitting Legacy Code for Authorization Policy Enforcement
Found in: Security and Privacy, IEEE Symposium on
By Vinod Ganapathy, Trent Jaeger, Somesh Jha
Issue Date:May 2006
pp. 214-229
Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic and practical considerations. Instead, security mechanisms...
 
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
Found in: Computer Security Applications Conference, Annual
By Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramon Caceres, Ronald Perez, Stefan Berger, John Linwood Griffin, Leendert van Doorn
Issue Date:December 2005
pp. 276-285
We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioriti...
 
The SawMill Framework for Virtual Memory Diversity
Found in: Australasian Computer Systems Architecture Conference
By M. Aron, Jochen Liedtke, Kevin Elphinstone, Yoonho Park, Trent Jaeger, Luke Deller
Issue Date:January 2001
pp. 3
We present a framework that allows applications to build and customize VM services on the L4 microkernel. While the L4 microkernel?s abstractions are quite powerful, using these abstractions effectively requires higher-level paradigms. We propose the datas...
 
Access Control in a Virtual University
Found in: Enabling Technologies, IEEE International Workshops on
By Trent Jaeger, Tony Michailidis, Roy Rada
Issue Date:June 1999
pp. 135
We present a role-based access control model that enables the management of access control policy for the courses in a virtual university. Of particular interest, the model enables the specification of policy once for all courses, the distribution of role ...
 
Flexible Access Control using IPC Redirection
Found in: Hot Topics in Operating Systems, Workshop on
By Trent Jaeger, Kevin Elphinstone, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park
Issue Date:March 1999
pp. 191
We present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at user-level, so IPC is the only means of communication between...
 
How to Schedule Unlimited Memory Pinning of Untrusted Processes or Provisional Ideas about Service-Neutrality
Found in: Hot Topics in Operating Systems, Workshop on
By Jochen Liedtke, Volkmar Uhlig, Kevin Elphinstone, Trent Jaeger, Yoonho Park
Issue Date:March 1999
pp. 153
About This PaperYou can read it as a paper that treats a concrete problem motivated in Section 1: How can we permit untrusted user processes to pin their virtual pages in memory most flexibly and as unlimited as possible? From this point of view, the paper...
 
A Flexible Security System for Using Internet Content
Found in: IEEE Software
By Nayeem Islam, Rangachari Anand, Trent Jaeger, Josyula R. Rao
Issue Date:September 1997
pp. 52-59
The Web has made it easy for users to download content directly, which not only decreases the software stored on users' machines but lets content providers customize applications by combining different vendors' content. However, this ease and flexibility h...
 
Preserving Integrity in Remote File Location and Retrieval
Found in: Network and Distributed System Security, Symposium on
By Trent Jaeger, Avi Rubin
Issue Date:February 1996
pp. 53
We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in geographically remote locations to share files using an untrusted netw...
 
Pitfalls in the automated strengthening of passwords
Found in: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC '13)
By David Schmidt, Trent Jaeger
Issue Date:December 2013
pp. 129-138
Passwords are the most common form of authentication for computer systems, and with good reason: they are simple, intuitive and require no extra device for their use. Unfortunately, users often choose weak passwords that are easy to guess. Various methods ...
     
Process firewalls: protecting processes during resource access
Found in: Proceedings of the 8th ACM European Conference on Computer Systems (EuroSys '13)
By Hayawardh Vijayakumar, Trent Jaeger
Issue Date:April 2013
pp. 57-70
Processes retrieve a variety of resources from the operating system in order to execute properly, but adversaries have several ways to trick processes into retrieving resources of the adversaries' choosing. Such resource access attacks use name resolution,...
     
Transforming commodity security policies to enforce Clark-Wilson integrity
Found in: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12)
By Divya Muthukumaran, Hayawardh Vijayakumar, Jason Teutsch, Nirupama Talele, Sandra Rueda, Trent Jaeger
Issue Date:December 2012
pp. 269-278
Modern distributed systems are composed from several off-the-shelf components, including operating systems, virtualization infrastructure, and application packages, upon which some custom application software (e.g., web application) is often deployed. Whil...
     
Leveraging "choice" to automate authorization hook placement
Found in: Proceedings of the 2012 ACM conference on Computer and communications security (CCS '12)
By Divya Muthukumaran, Trent Jaeger, Vinod Ganapathy
Issue Date:October 2012
pp. 145-156
When servers manage resources on behalf of multiple, mutually-distrusting clients, they must mediate access to those resources to ensure that each client request complies with an authorization policy. This goal is typically achieved by placing authorizatio...
     
Cut me some security
Found in: Proceedings of the 3rd ACM workshop on Assurable and usable security configuration (SafeConfig '10)
By Divya Muthukumaran, Hayawardh Vijayakumar, Sandra Rueda, Trent Jaeger
Issue Date:October 2010
pp. 75-78
Computer security is currently fraught with fine-grained access control policies, in operating systems, applications and even programming languages. All this policy configuration means that too many decisions are left to administrators, developers and even...
     
Seeding clouds with trust anchors
Found in: Proceedings of the 2010 ACM workshop on Cloud computing security workshop (CCSW '10)
By Hayawardh Vijayakumar, Joshua Schiffman, Patrick McDaniel, Thomas Moyer, Trent Jaeger
Issue Date:October 2010
pp. 43-46
Customers with security-critical data processing needs are beginning to push back strongly against using cloud computing. Cloud vendors run their computations upon cloud provided VM systems, but customers are worried such host systems may not be able to pr...
     
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Found in: Proceedings of the 16th ACM conference on Computer and communications security (CCS '09)
By Machigar Ongtang, Michael Lin, Patrick McDaniel, Patrick Traynor, Thomas La Porta, Trent Jaeger, Vikhyath Rao
Issue Date:November 2009
pp. 223-234
The vast expansion of interconnectivity with the Internet and the rapid evolution of highly-capable but largely insecure mobile devices threatens cellular networks. In this paper, we characterize the impact of the large scale compromise and coordination of...
     
Analysis of virtual machine system policies
Found in: Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT '09)
By Hayawardh Vijayakumar, Sandra Rueda, Trent Jaeger
Issue Date:June 2009
pp. 1-22
The recent emergence of mandatory access (MAC) enforcement for virtual machine monitors (VMMs) presents an opportunity to enforce a security goal over all its virtual machines (VMs). However, these VMs also have MAC enforcement, so to determine whether the...
     
Dynamic mandatory access control for multiple stakeholders
Found in: Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT '09)
By Trent Jaeger, Vikhyath Rao
Issue Date:June 2009
pp. 1-22
In this paper, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging open cell phone system environment, many devices run software whose access permissions ...
     
Effective blame for information-flow violations
Found in: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering (SIGSOFT '08/FSE-16)
By Dave King, Sanjit A. Seshia, Somesh Jha, Trent Jaeger
Issue Date:November 2008
pp. 1-2
Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining th...
     
Flexible security configuration for virtual machines
Found in: Proceedings of the 2nd ACM workshop on Computer security architectures (CSAW '08)
By Sandra Rueda, Trent Jaeger, Yogesh Sreenivasan
Issue Date:October 2008
pp. 1-10
Virtual machines are widely accepted as a promising basis for building secure systems. However, while virtual machines offer effective mechanisms to create isolated environments, mechanisms that offer controlled interaction among VMs are immature. Some VM ...
     
Measuring integrity on mobile phone systems
Found in: Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT '08)
By Anuj Sawani, Brian M. Jung, Divya Muthukumaran, Joshua Schiffman, Trent Jaeger
Issue Date:June 2008
pp. 1-1
Mobile phone security is a relatively new field that is gathering momentum in the wake of rapid advancements in phone system technology. Mobile phones are now becoming sophisticated smart phones that provide services beyond basic telephony, such as support...
     
A systematic approach for cell-phone worm containment
Found in: Proceeding of the 17th international conference on World Wide Web (WWW '08)
By Hui Song, Liang Xie, Sencun Zhu, Trent Jaeger
Issue Date:April 2008
pp. 1-7
Cell phones are increasingly becoming attractive targets of various worms, which cause the leakage of user privacy, extra service charges and depletion of battery power. In this work, we study propagation of cell-phone worms, which exploit Multimedia Messa...
     
A logical specification and analysis for SELinux MLS policy
Found in: Proceedings of the 12th ACM symposium on Access control models and technologies (SACMAT '07)
By Boniface Hicks, Luke St.Clair, Patrick McDaniel, Sandra Rueda, Trent Jaeger
Issue Date:June 2007
pp. 91-100
The SELinux mandatory access control (MAC) policy has recently added a multi-level security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The problem is that the richness of this policy makes it impracti...
     
Managing the risk of covert information flows in virtual machine systems
Found in: Proceedings of the 12th ACM symposium on Access control models and technologies (SACMAT '07)
By Reiner Sailer, Trent Jaeger, Yogesh Sreenivasan
Issue Date:June 2007
pp. 81-90
Flexible mandatory access control (MAC) enforcement is now available for virtual machine systems. For example, the sHype MAC system for the Xen virtual machine monitor is part of the mainline Xen distribution. Such systems offer the isolation of VM systems...
     
The case for analysis preserving language transformation
Found in: Proceedings of the 2006 international symposium on Software testing and analysis (ISSTA'06)
By Guillaume Marceau, Larry Koved, Liangzhao Zeng, Marco Pistoia, Sam Weber, Trent Jaeger, Xiaolan Zhang
Issue Date:July 2006
pp. 191-202
Static analysis has gained much attention over the past few years in applications such as bug finding and program verification. As software becomes more complex and componentized, it is common for software systems and applications to be implemented in mult...
     
PRIMA: policy-reduced integrity measurement architecture
Found in: Proceedings of the eleventh ACM symposium on Access control models and technologies (SACMAT '06)
By Reiner Sailer, Trent Jaeger, Umesh Shankar
Issue Date:June 2006
pp. 19-28
We propose an integrity measurement approach based on information flow integrity,which we call the Policy-Reduced Integrity Measurement Architecture (PRIMA).The recent availability of secure hardware has made it practical for a system to measure its own in...
     
Automatic placement of authorization hooks in the linux security modules framework
Found in: Proceedings of the 12th ACM conference on Computer and communications security (CCS '05)
By Somesh Jha, Trent Jaeger, Vinod Ganapathy
Issue Date:November 2005
pp. 330-339
We present a technique for automatic placement of authorization hooks, and apply it to the Linux security modules (LSM) framework. LSM is a generic framework which allows diverse authorization policies to be enforced by the Linux kernel. It consists of a k...
     
Attestation-based policy enforcement for remote access
Found in: Proceedings of the 11th ACM conference on Computer and communications security (CCS '04)
By Leendert van Doorn, Reiner Sailer, Trent Jaeger, Xiaolan Zhang
Issue Date:October 2004
pp. 308-317
Intranet access has become an essential function for corporate users. At the same time, corporation's security administrators have little ability to control access to corporate data once it is released to remote clients. At present, no confidentiality or i...
     
Runtime verification of authorization hook placement for the linux security modules framework
Found in: Proceedings of the 9th ACM conference on Computer and communications security (CCS '02)
By Antony Edwards, Trent Jaeger, Xiaolan Zhang
Issue Date:November 2002
pp. 225-234
We present runtime tools to assist the Linux community in verifying the correctness of the Linux Security Modules (LSM) framework. The LSM framework consists of a set of authorization hooks inserted into the Linux kernel to enable additional authorizations...
     
Secure coprocessor-based intrusion detection
Found in: Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC (EW10)
By Leendert van Doorn, Reiner Sailer, Ronald Perez, Trent Jaeger, Xiaolan Zhang
Issue Date:July 2002
pp. 239-242
The goal of an intrusion detection system (IDS) is to recognize attacks such that their exploitation can be prevented. Since computer systems are complex, there are a variety of places where detection is possible. For example, analysis of network traffic m...
     
Gaining and maintaining confidence in operating systems security
Found in: Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC (EW10)
By Antony Edwards, Trent Jaeger, Xiaolan Zhang
Issue Date:July 2002
pp. 201-204
Recently, there has been a lot of work in the verification of security properties in programs. Engler et al. use static analysis to find flaws in the implementation of Linux device drivers, such as the failure to release locks [4]. Edwards et al. use stati...
     
Making access control more usable
Found in: Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT '02)
By Elisa Bertino, Jonathan Moffett, Ravi Ravi, Slyvia Osborn, Trent Jaeger
Issue Date:June 2002
pp. 141-141
Scope: a variety of things are expressed under the heading of access control: permission assignments, constraints, activations, transition, hierarchies, ect. What things really need to be expressed?Concepts: What modeling concepts are available to express ...
     
Managing access control policies using access control spaces
Found in: Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT '02)
By Antony Edwards, Trent Jaeger, Xiaolan Zhang
Issue Date:June 2002
pp. 3-12
We present the concept of an access control space and investigate how it may be useful in managing access control policies. An access control space represents the permission assignment state of a subject. We identify subspaces that have meaningful semantic...
     
An access control model for simplifying constraint expression
Found in: Proceedings of the 7th ACM conference on Computer and communications security (CCS '00)
By Jonathon E. Tidswell, Trent Jaeger
Issue Date:November 2000
pp. 154-163
A fair exchange protocol allows two users to exchange items so that either each user gets the other's item or neither user does. In [2], verifiable encryption is introduced as a primitive that can be used to build extremely efficient fair exchange protocol...
     
Synchronous IPC over transparent monitors
Found in: Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system (EW 9)
By Alain Gefflaut, Jochen Liedtke, Jonathon E. Tidswell, Kevin J. Elphinstone, Trent Jaeger, Yoonho Park
Issue Date:September 2000
pp. 189-194
Interprocess (IPC) monitoring enables the examination of any IPC between a source and a destination. IPC monitoring is useful for a variety of purposes, including debugging, logging, and security. For example, a monitor may collect communication state for ...
     
The SawMill multiserver approach
Found in: Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system (EW 9)
By Alain Gefflaut, Jochen Liedtke, Jonathon E. Tidswell, Kevin J. Elphinstone, Lars Reuther, Luke Deller, Trent Jaeger, Volkmar Uhlig, Yoonho Park
Issue Date:September 2000
pp. 109-114
Multiserver systems, operating systems composed from a set of hardware-protected servers, initially generated significant interest in the early 1990's. If a monolithic operating system could be decomposed into a set of servers with well-defined interfaces ...
     
Integrated constraints and inheritance in DTAC
Found in: Proceedings of the fifth ACM workshop on Role-based access control (RBAC '00)
By Jonathon E. Tidswell, Trent Jaeger
Issue Date:July 2000
pp. 93-102
Inheritance and constraints are two common techniques for safely managing the complexity of large access control configurations. Inheritance is used to help factor the model, while constraints are used to help ensure that the complexity will not result in ...
     
 1  2 Next >>