The Community for Technology Leaders
2011 44th Hawaii International Conference on System Sciences (2011)
Kauai, HI
Jan. 4, 2011 to Jan. 7, 2011
ISSN: 1530-1605
ISBN: 978-1-4244-9618-1
pp: 1-10
Security monitoring systems operate typically at the process level. Various authors have indicated that monitoring at a finer level of granularity than the process is highly desirable. In this paper, we introduce COMB, a framework for imposing policies to confine the behavior of applications. Unlike previous approaches, our technique is applied per component (functions, libraries, and/or plugins) while requiring only the availability of the binary executable form of the program. To demonstrate the feasibility of COMB, we report a case study on a real-world, representative program, the Firefox web browser. Two characteristics of Firefox permit possibly untrusted code to be executed. First, it provides an extensible architecture to allow third-party developers to extend its functionality, and second it makes use of more than 150 external libraries. Using a simple system-call monitoring policy applied to Firefox plugins, we show that COMB can provide protection with reasonable overhead.
authorisation, computerised monitoring, online front-ends, supervisory programs

R. Rajkumar, A. Wang, J. D. Hiser, A. Nguyen-Tuong, J. W. Davidson and J. C. Knight, "Component-Oriented Monitoring of Binaries for Security," 2011 44th Hawaii International Conference on System Sciences(HICSS), Kauai, Hawaii USA, 2011, pp. 1-10.
98 ms
(Ver 3.3 (11022016))