ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Digital Library logoTake a look at the new version of this page: [ beta version ]. Tell us what you think.
AngeL: a tool to disarm computer systems
Full text PdfPdf (596 KB)
Source
New Security Paradigms Workshop archive
Proceedings of the 2001 workshop on New security paradigms table of contents
Cloudcroft, New Mexico
SESSION: Session 4: innovative solutions table of contents
Pages: 63 - 69  
Year of Publication: 2001
ISBN:1-58113-457-6
Authors
Danilo Bruschi  Università degli Studi di Milano, Via Comelico 39, 20135 Milano --- Italy
Emilia Rosti  Università degli Studi di Milano, Via Comelico 39, 20135 Milano --- Italy
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 2,   Downloads (12 Months): 6,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/508171.508182
What is a DOI?

ABSTRACT

In this paper we present a tool designed to intercept attacks at the host where they are launched so as to block them before they reach their targets. The tool works both for attacks targeted on the local host and on hosts connected to the network. In the current implementation it can detect and block more than 70 attacks as reported in the literature.The tool is based on the idea of improving the overall security of the Internet by connecting disarmed systems, i.e., hosts that cannot launch attacks against other hosts. Such a strategy was presented in [4]. Here we present an extended version of the tool that has been engineered to consider a wide variety of attacks and to run on various releases of the Linux kernel and the experience learned in building such a tool. A protection mechanism of the tool itself that prevents its removal is also implemented. Experimental results of the impact of the tool on system performance show that the overhead introduced by the tool is negligible from the user's perspective, thus it is not expected to be a hindrance to the successful deployment of the tool.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Anderson J., "Computer security technology planning study," U.S. Air Force Electronic System Division Technical Report 73-51, October 1972.
 
2
David A. Bandel, Linux Security Toolkit, John Wiley & Sons, Inc., New York, NY, 2000
 
3
D. Bruschi , L. Cavallaro , E. Rosti, Less harm, less worry or how to improve network security by bounding system offensiveness, Proceedings of the 16th Annual Computer Security Applications Conference, p.188, December 11-15, 2000
4
Danilo Bruschi , Emilia Rosti, Disarming offense to facilitate defense, Proceedings of the 2000 workshop on New security paradigms, p.69-75, September 18-21, 2000, Ballycotton, County Cork, Ireland  [doi>10.1145/366173.366192]
 
5
CERT-CC, "TCP SYN flooding attacks and IP Spoofing attacks," CERT Advisory CA-96.21, http://www.cert.org, 1996-98.
 
6
CERT-CC, "IP Denial of service attacks," CERT Advisory CA-97.28, http://www.cert.org, 1997-98.
 
7
Computer Security Institute, http://www.gocsi.com/prelea_00321.htm.
 
8
Cunningham R., Rieser A., "Detecting source code of attacks that increase privilege," presented at RAID 2000, available at http://www.raid-symposium.org/raid2000/Materials/Abstracts/53/53.pdf
 
9
Ulfar Erlingsson , Fred B. Schneider, IRM Enforcement of Java Stack Inspection, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.246, May 14-17, 2000
 
10
Fraser T., Badger L., Feldman M., "Hardening COTS software with generic software wrappers," Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.
 
11
Huegen C., "The latest in denial of service attacks: smurfing. Description and information to minimize effects," http://users.quadrunner.com/chuegen/smurf.cgi, last update Feb. 2000.
12
Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974  [doi>10.1145/775265.775268]
 
13
McHugh, J., et al., Discussion at NSPW2001, 2001.
 
14
Sekar R., Uppuluri P., "Synthesizing fast intrusion prevention/detection systems from high-level specifications," Proceedings of the Usenix Security Symposium, pp , 1999.
 
15
Vigna G., Eckmann S., Kemmerer R., "The STAT tool suite," Proceedings of DISCEX 2000, 2000.

CITED BY
Jamie Twycross , Matthew M. Williamson, Implementing and testing a virus throttle, Proceedings of the 12th conference on USENIX Security Symposium, p.20-20, August 04-08, 2003, Washington, DC

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Tools

  H. Information Systems
  H.3 INFORMATION STORAGE AND RETRIEVAL
      H.3.4 Systems and Software
          Subjects: Information networks
  H.4 INFORMATION SYSTEMS APPLICATIONS
      H.4.3 Communications Applications

          Nouns: Internet


General Terms:
Design, Experimentation, Performance, Security


Keywords:
attack, computer and network security, defense, disarm, monitor, offense

Collaborative Colleagues:
Danilo Bruschi: colleagues
Emilia Rosti: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player