Operating system enhancements to prevent the misuse of system calls

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Operating system enhancements to prevent the misuse of system calls

Full text

Pdf (413 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 7th ACM conference on Computer and communications security table of contents

Athens, Greece

Pages: 174 - 183

Year of Publication: 2000

ISBN:1-58113-203-4

Authors

Massimo Bernaschi	IAC-CNR, Viale del Policlinico, 137, 00161 Rome, Italy
Emanuele Gabrielli	IAC-CNR, Viale del Policlinico, 137, 00161 Rome, Italy
Luigi V. Mancini	Dip. Scienze Informazione, Univ. di Roma "La Sapienza", 00198 Rome, Italy

Sponsors

Greek Com Soc : Greek Computer Society
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Athens U of Econ & Business : Athens University of Economics and Business

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 16, Downloads (12 Months): 65, Citation Count: 15

Additional Information:

references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/352600.352624 What is a DOI?

Warning: The download time has expired please click on the item to try again.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Aleph One,\Smashing The Stack For Fun And Pro~t", Phrack Mag., V. 7, N. 49, 1996.
	2	Ames S.R., Gasser M., Schell, R.R., \Security Kernel Design and Implementation: An Introduction", IEEE Computer, Vol. 16, N. 7, 14-22, 1983.
	3	L. Badger , D. F. Sterne , D. L. Sherman , K. M. Walker , S. A. Haghighat, Practical Domain and Type Enforcement for UNIX, Proceedings of the 1995 IEEE Symposium on Security and Privacy, p.66, May 08-10, 1995
	4	William R. Cheswick , Steven M. Bellovin, Firewalls and Internet security: repelling the wily hacker, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1994
	5	Bernaschi M., Gabrielli E., Mancini L.V.,\A Reference Monitor Patch toLinux Kernel", ftp://ftp.iac.rm.cnr.it/pub/BufOverP/
	6	Bulba and Kil3R, \Bypassing StackGuard and Stackshield", Phrack Mag., V. 10, N. 56, 2000.
	7	Douglas E. Comer , David L. Stevens, Internetworking with TCP/IP: volume III: client-server programming and applications (Windows sockets version), Prentice-Hall, Inc., Upper Saddle River, NJ, 1997
	8	Conover M., and the w00w00 Security Team, \w00w00 on Heap Over ows", http://www.w00w00.org
	9	Cowan C., et al., \Bu~er Over ows: Attacks and Defenses for the Vulnerability of the Decade", http://www.cse.ogi.edu/DISC/projects/immunix.
	10	Cowan C. et al., \StackGuard: Automatic Adaptive Detection and Prevention of Bu~er-Over ow Attacks", 7 th USENIX UNIX Security Symposium, San Antonio, TX, Januar 1998. http://www.cse.ogi.edu/DISC/projects/immunix/
	11	GNU Software, \Patch utility", http://prep.ai.mit.edu/software/patch/patch.html
	12	Goldberg I. et al., \ASecure Environment for Untrusted Helper Applications", Proceedings of the 6 th USENIX UNIX Security Symposium, San Jose, CA, July 1996.
	13	Hastings R. and Joyce B., \Purify: Fast Detection of Memory Leaks and Access Errors", Proceedings of the Winter USENIX Conference, 1992, http://www.rational.com/support/techpapers/fast detection
	14	Jones R. and Kelly P., \Bounds Checking for C", http://www ala.doc.ic.ac.uk/phjk/BoundsChecking.html
	15	Mudge, \How to write Bu~er Over ows", http://www.l0pht.com/advisories/bufero.html
	16	OpenBSD Team, \OpenBSD Operating System", http://www.openbsd.org
	17	R. Sekar , Thomas F. Bowen , Mark E. Segal, On Preventing Intrusions by Process Behavior Monitoring, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, p.29-40, April 09-12, 1999
	18	Solar Designer, \Non-Executable User Stack" http://www.openwall.com/linux
	19	W. Richard Stevens, UNIX network programming, Prentice-Hall, Inc., Upper Saddle River, NJ, 1990
	20	Aurobindo Sundaram, An introduction to intrusion detection, Crossroads, v.2 n.4, p.3-7, Apr. 1996 [doi>10.1145/332159.332161]
	21	Vendicator, \Stack Shield: A Stack Smashing Tecnique protection tool for Linux", http://www.angel~re.com/sk/stackshield
	22	Wojtczuk R., \Defeating Solar Designer Non-Executable Stack Patch". Bugtraq mailing list: January 30 1998, http://www.securityfocus.com/bugtraq

CITED BY 15

	Yao-Wen Huang , Shih-Kun Huang , Tsung-Po Lin , Chung-Hung Tsai, Web application security assessment by fault injection and behavior monitoring, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary
	Massimo Bernaschi , Emanuele Gabrielli , Luigi V. Mancini, Remus: a security-enhanced operating system, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.36-61, February 2002
	Network-based Intrusion Detection-Modeling for a Larger Picture, Proceedings of the 16th USENIX conference on System administration, November 03-08, 2002, Philadelphia, PA
	Paul Dourish , David Redmiles, An approach to usable security based on event monitoring and visualization, Proceedings of the 2002 workshop on New security paradigms, September 23-26, 2002, Virginia Beach, Virginia
	Marc L. Corliss , E. Christopher Lewis , Amir Roth, DISE: a programmable macro engine for customizing applications, ACM SIGARCH Computer Architecture News, v.31 n.2, May 2003
	Gaurav Tandon , Philip Chan , Debasis Mitra, MORPHEUS: motif oriented representations to purge hostile events from unlabeled sequences, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
	Milena Milenković , Aleksandar Milenković , Emil Jovanov, Using instruction block signatures to counter code injection attacks, ACM SIGARCH Computer Architecture News, v.33 n.1, March 2005
	Zhiqiang Lin , Chao Wang , Bing Mao , Li Xie, A policy flexible architecture for secure operating system, ACM SIGOPS Operating Systems Review, v.39 n.3, p.24-33, July 2005
	Rogério de Paula , Xianghua Ding , Paul Dourish , Kari Nies , Ben Pillet , David F. Redmiles , Jie Ren , Jennifer A. Rode , Roberto Silva Filho, In the eye of the beholder: a visualization-based approach to information system security, International Journal of Human-Computer Studies, v.63 n.1-2, p.5-24, July 2005
	Yao-Wen Huang , Chung-Hung Tsai , Tsung-Po Lin , Shih-Kun Huang , D. T. Lee , Sy-Yen Kuo, A testing framework for Web application security assessment, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.48 n.5, p.739-761, 5 August 2005
	Fu-Hau Hsu , Fanglu Guo , Tzi-cker Chiueh, Scalable network-based buffer overflow attack detection, Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems, December 03-05, 2006, San Jose, California, USA
	Xiaolan Zhang , Leendert van Doorn , Trent Jaeger , Ronald Perez , Reiner Sailer, Secure coprocessor-based intrusion detection, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	C. M. Linn , M. Rajagopalan , S. Baker , C. Collberg , S. K. Debray , J. H. Hartman, Protecting against unexpected system calls, Proceedings of the 14th conference on USENIX Security Symposium, p.16-16, July 31-August 05, 2005, Baltimore, MD
	M. Laureano , C. Maziero , E. Jamhour, Protecting host-based intrusion detectors through virtual machines, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.5, p.1275-1283, April, 2007
	Fabrizio Baiardi , Dario Maggiari , Daniele Sgandurra , Francesco Tamberi, Transparent Process Monitoring in a Virtual Environment, Electronic Notes in Theoretical Computer Science (ENTCS), 236, p.85-100, April, 2009