Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652116
Sui Song, C. Manikopoulos
Flooding-based distributed denial-of-service (DoS) attack presents a very serious threat to the stability of the Internet. However, current intrusion detection is unreliable and may have high false-positives. Rate-limiting is a better-suited response than complete filtering. Filtering out all the traffic to the victim would greatly damage misclassified flows, whereas rate-limiting still allows some packets to reach the destination and thus keeps connection alive. Allowing some attack packets through is acceptable, since the attack's overall impact depends on the volume of the attack packets. Moreover, if the flow-rate of low-priority is reduced, the high-priority flow would get more chances to access the server they share, which eventually reduce the congestion and improve the throughput of the high-priority flow. Based on tie concept of flow aggregation management architecture (Sui Song, et al., April 2006), we present a flow-based congestion control (FCC) architecture that consists of a flow-based quality-of-service (FQoS) regulator and PID controller. The whole system adopts a control-theoretic approach to adjust the traffic rate of every link (or server) so as to maintain the traffic rates at their desired level. In order to provide more fine-grained differentiated services (or flows) with different weight and maximally limit malicious services (or flows), we propose multilevel packet classification structure. Moreover, in order maximally to block flooding, the flow-based network intrusion detection (Sui Song, et al., April 2006) is used to classify each flow in the network into different priority classes and give different treatment to the flow-rates belonging to different classes. The architecture is shown to be highly flexible service differentiation and robust against different types of flooding attacks, and traditional network traffic control can be implemented using one common framework. This system has been evaluated by using simulated test-bed data. Results showed the success that the system mitigates bandwidth flooding attacks
基于洪水的分布式拒绝服务(DoS)攻击对互联网的稳定造成了严重的威胁。然而,目前的入侵检测是不可靠的,可能有很高的误报。速率限制是比完全滤波更合适的响应。将所有流量过滤到受害者将极大地破坏错误分类的流,而限速仍然允许一些数据包到达目的地,从而保持连接存活。允许一些攻击数据包通过是可以接受的,因为攻击的总体影响取决于攻击数据包的数量。此外,如果降低低优先级流的流量速率,高优先级流将有更多的机会访问它们共享的服务器,最终减少拥塞,提高高优先级流的吞吐量。基于流聚合管理架构的概念(Sui Song, et al., April 2006),我们提出了一种基于流的拥塞控制(FCC)架构,该架构由基于流的服务质量(FQoS)调节器和PID控制器组成。整个系统采用控制理论的方法来调整各链路(或服务器)的流量速率,使流量速率保持在理想的水平。为了提供更细粒度、不同权重的差异化服务(或流),最大限度地限制恶意服务(或流),我们提出了多级包分类结构。此外,为了最大限度地阻断洪水,采用了基于流量的网络入侵检测(Sui Song, et al., 2006),将网络中的每条流划分为不同的优先级,并对属于不同级别的流量率进行不同的处理。该体系结构具有高度灵活的服务差异化和对不同类型洪水攻击的鲁棒性,传统的网络流量控制可以使用一个通用框架来实现。利用模拟试验台数据对该系统进行了评估。结果表明,该系统能够有效缓解带宽泛滥攻击
{"title":"A Control Theoretical Approach for Flow Control to Mitigate Bandwidth Attacks","authors":"Sui Song, C. Manikopoulos","doi":"10.1109/IAW.2006.1652116","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652116","url":null,"abstract":"Flooding-based distributed denial-of-service (DoS) attack presents a very serious threat to the stability of the Internet. However, current intrusion detection is unreliable and may have high false-positives. Rate-limiting is a better-suited response than complete filtering. Filtering out all the traffic to the victim would greatly damage misclassified flows, whereas rate-limiting still allows some packets to reach the destination and thus keeps connection alive. Allowing some attack packets through is acceptable, since the attack's overall impact depends on the volume of the attack packets. Moreover, if the flow-rate of low-priority is reduced, the high-priority flow would get more chances to access the server they share, which eventually reduce the congestion and improve the throughput of the high-priority flow. Based on tie concept of flow aggregation management architecture (Sui Song, et al., April 2006), we present a flow-based congestion control (FCC) architecture that consists of a flow-based quality-of-service (FQoS) regulator and PID controller. The whole system adopts a control-theoretic approach to adjust the traffic rate of every link (or server) so as to maintain the traffic rates at their desired level. In order to provide more fine-grained differentiated services (or flows) with different weight and maximally limit malicious services (or flows), we propose multilevel packet classification structure. Moreover, in order maximally to block flooding, the flow-based network intrusion detection (Sui Song, et al., April 2006) is used to classify each flow in the network into different priority classes and give different treatment to the flow-rates belonging to different classes. The architecture is shown to be highly flexible service differentiation and robust against different types of flooding attacks, and traditional network traffic control can be implemented using one common framework. This system has been evaluated by using simulated test-bed data. Results showed the success that the system mitigates bandwidth flooding attacks","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"220 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131611622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652125
L. Laribee, D.S. Barnes, N. Rowe, C.H. Martell
The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems with information gained from social interactions is one form of social engineering (K. Mitnick, et al. 2002). It can be much easier to do than targeting the complex technological protections of systems (J. McDermott, Social engineering - the weakest link in information security). In an effort to formalize social engineering for cyberspace, we are building models of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering
信息安全链中最薄弱的环节往往是用户,因为人们可能被操纵。利用从社会互动中获得的信息攻击计算机系统是社会工程的一种形式(K. Mitnick, et al. 2002)。这比瞄准系统的复杂技术保护要容易得多(J. McDermott,社会工程——信息安全中最薄弱的环节)。为了使网络空间的社会工程正式化,我们正在建立信任和攻击的模型。模型有助于理解可以采用的令人眼花缭乱的不同策略。社会工程攻击可能很复杂,有多种手段和目标;我们的模型作为子例程发挥作用,这些子例程被多次调用,以在协调的计划中完成攻击目标。模型使我们能够推断出针对社会工程的良好对策
{"title":"Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems","authors":"L. Laribee, D.S. Barnes, N. Rowe, C.H. Martell","doi":"10.1109/IAW.2006.1652125","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652125","url":null,"abstract":"The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems with information gained from social interactions is one form of social engineering (K. Mitnick, et al. 2002). It can be much easier to do than targeting the complex technological protections of systems (J. McDermott, Social engineering - the weakest link in information security). In an effort to formalize social engineering for cyberspace, we are building models of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132383175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652119
A. D. Arnold, B. M. Hyla, N. Rowe
Our goal was to collect data from the myriad computer vulnerability notices that exist on the World Wide Web and to mine it for interesting information and patterns. Surprisingly, no single database currently brings together all the various kinds of data from the vulnerability sites. Of particular interest to us was author and discoverer information since this provides valuable information about who is active in information security and occasionally might indicate the authors of exploits; current databases do not connect this to other relevant information. We found that the searchable parameters of the existing vulnerability databases were limited and inconsistent. Consequently, it is very difficult to get complete information about computer vulnerabilities by searching Web sites. Our approach was to bring together this information into a composite database. We did automated data collection from the existing Web vulnerability databases by creating Web bots that traversed Web sites and retrieved selected information from them, then imported the collected Web data into a relational database. A browser provides Web-based access to this database. (J. Steffan, et al., March 2002) and (R. Iyer, et al., Oct. 2003) shows how such information can be used to build models of attacks in the form of graphs, trees, and finite-state machines, and thereby develop methods for system protection
我们的目标是从万维网上存在的无数计算机漏洞通知中收集数据,并从中挖掘出有趣的信息和模式。令人惊讶的是,目前还没有一个数据库汇集了来自漏洞站点的所有不同类型的数据。我们特别感兴趣的是作者和发现者信息,因为这提供了关于谁在信息安全领域活跃的有价值的信息,有时可能会指出漏洞利用的作者;当前的数据库没有将其与其他相关信息连接起来。我们发现现有漏洞数据库的可搜索参数有限且不一致。因此,通过搜索网站来获得有关计算机漏洞的完整信息是非常困难的。我们的方法是将这些信息整合到一个复合数据库中。我们通过创建Web机器人从现有的Web漏洞数据库中自动收集数据,这些机器人遍历Web站点并从中检索选定的信息,然后将收集到的Web数据导入到关系数据库中。浏览器提供对该数据库的基于web的访问。(J. Steffan, et al., 2002年3月)和(R. Iyer, et al., 2003年10月)展示了如何使用这些信息以图、树和有限状态机的形式构建攻击模型,从而开发系统保护方法
{"title":"Automatically Building an Information-Security Vulnerability Database","authors":"A. D. Arnold, B. M. Hyla, N. Rowe","doi":"10.1109/IAW.2006.1652119","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652119","url":null,"abstract":"Our goal was to collect data from the myriad computer vulnerability notices that exist on the World Wide Web and to mine it for interesting information and patterns. Surprisingly, no single database currently brings together all the various kinds of data from the vulnerability sites. Of particular interest to us was author and discoverer information since this provides valuable information about who is active in information security and occasionally might indicate the authors of exploits; current databases do not connect this to other relevant information. We found that the searchable parameters of the existing vulnerability databases were limited and inconsistent. Consequently, it is very difficult to get complete information about computer vulnerabilities by searching Web sites. Our approach was to bring together this information into a composite database. We did automated data collection from the existing Web vulnerability databases by creating Web bots that traversed Web sites and retrieved selected information from them, then imported the collected Web data into a relational database. A browser provides Web-based access to this database. (J. Steffan, et al., March 2002) and (R. Iyer, et al., Oct. 2003) shows how such information can be used to build models of attacks in the form of graphs, trees, and finite-state machines, and thereby develop methods for system protection","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114286103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652122
Xiangdong Li, L. Leung, A. Kwan, Xiaowen Zhang, D. Kahanda, M. Anshel
If an eavesdropper Eve is equipped with quantum computers, she can easily break the public key exchange protocols used today. In this paper we discuss the post-quantum Diffie-Hellman key exchange and private key exchange protocols
{"title":"Post-Quantum Diffie-Hellman and Symmetric Key Exchange Protocols","authors":"Xiangdong Li, L. Leung, A. Kwan, Xiaowen Zhang, D. Kahanda, M. Anshel","doi":"10.1109/IAW.2006.1652122","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652122","url":null,"abstract":"If an eavesdropper Eve is equipped with quantum computers, she can easily break the public key exchange protocols used today. In this paper we discuss the post-quantum Diffie-Hellman key exchange and private key exchange protocols","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123596912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652109
David Raymond, Randy Marchany, M. Brownfield, Scott Midkiff
As wireless platforms get less expensive and more powerful, the promise of wide-spread use for everything from health monitoring to military sensing continues to increase. Like other networks, sensor networks are vulnerable to malicious attack, however, the hardware simplicity of these devices makes defense mechanisms designed for traditional networks infeasible. This paper explores the denial-of-sleep attack, in which a sensor node's power supply is targeted. Attacks of this type can reduce sensor lifetime from years to days and have a devastating impact on a sensor network. This paper classifies sensor network denial-of-sleep attacks in terms of an attacker's knowledge of the MAC layer protocol and ability to bypass authentication and encryption protocols. Attacks from each classification are then modeled to show the impacts on three sensor network MAC protocols: S-MAC, T-MAC, and G-MAC. A framework for preventing denial-of-sleep attacks in sensor networks is also introduced. With full protocol knowledge and an ability to penetrate link-layer encryption, all wireless sensor network MAC protocols are susceptible to a full domination attack which reduces network lifetime to the minimum possible by maximizing the power consumption of the nodes' radio subsystem. Even without the ability to penetrate encryption, subtle attacks can be launched that reduce network lifetime by orders of magnitude. If sensor networks are to live up to current expectations, they must be robust in the face of network attacks, to include denial-of-sleep
{"title":"Effects of Denial of Sleep Attacks on Wireless Sensor Network MAC Protocols","authors":"David Raymond, Randy Marchany, M. Brownfield, Scott Midkiff","doi":"10.1109/IAW.2006.1652109","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652109","url":null,"abstract":"As wireless platforms get less expensive and more powerful, the promise of wide-spread use for everything from health monitoring to military sensing continues to increase. Like other networks, sensor networks are vulnerable to malicious attack, however, the hardware simplicity of these devices makes defense mechanisms designed for traditional networks infeasible. This paper explores the denial-of-sleep attack, in which a sensor node's power supply is targeted. Attacks of this type can reduce sensor lifetime from years to days and have a devastating impact on a sensor network. This paper classifies sensor network denial-of-sleep attacks in terms of an attacker's knowledge of the MAC layer protocol and ability to bypass authentication and encryption protocols. Attacks from each classification are then modeled to show the impacts on three sensor network MAC protocols: S-MAC, T-MAC, and G-MAC. A framework for preventing denial-of-sleep attacks in sensor networks is also introduced. With full protocol knowledge and an ability to penetrate link-layer encryption, all wireless sensor network MAC protocols are susceptible to a full domination attack which reduces network lifetime to the minimum possible by maximizing the power consumption of the nodes' radio subsystem. Even without the ability to penetrate encryption, subtle attacks can be launched that reduce network lifetime by orders of magnitude. If sensor networks are to live up to current expectations, they must be robust in the face of network attacks, to include denial-of-sleep","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121826295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652087
Barbara E. Endicott-Popovsky, D. Frincke
When incident responders collect network forensic data, they must often decide between expending resources collecting forensically sound data, and restoring the network as quickly as possible. Organizational network forensic readiness has emerged as a discipline to support these choices, with suggested checklists, procedures and tools. This paper proposes a life cycle methodology for "operationalizing" organizational network forensic readiness. The methodology, and the theoretical analysis that led to its development, are offered as a conceptual framework for creating more efficient, proactive approaches to digital forensics on networks
{"title":"Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations","authors":"Barbara E. Endicott-Popovsky, D. Frincke","doi":"10.1109/IAW.2006.1652087","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652087","url":null,"abstract":"When incident responders collect network forensic data, they must often decide between expending resources collecting forensically sound data, and restoring the network as quickly as possible. Organizational network forensic readiness has emerged as a discipline to support these choices, with suggested checklists, procedures and tools. This paper proposes a life cycle methodology for \"operationalizing\" organizational network forensic readiness. The methodology, and the theoretical analysis that led to its development, are offered as a conceptual framework for creating more efficient, proactive approaches to digital forensics on networks","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"82 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126023279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652094
A. Volynkin, V. Skormin, D. Summerville, J. Moronski
This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis
{"title":"Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware","authors":"A. Volynkin, V. Skormin, D. Summerville, J. Moronski","doi":"10.1109/IAW.2006.1652094","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652094","url":null,"abstract":"This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122694264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652115
S. Qing, Qingni Shen, Qingguang Ji, Yeping He
Trusted systems typically include trusted processes which possess special privileges. Such privileges can circumvent certain security checks but should be used in a controlled manner. This paper proposes a privilege control policy called DMPC (dynamically modified privilege control). It has two components: a hybrid privilege control model and a new POSIX (portable operating system interface) capability inheritance algorithm. The privilege control model in DMPC is a combination of role based access control (RBAC), domain and type enforcement (DTE) and POSIX capability mechanism while the capability inheritance algorithm serves as an engine to effectively enforce the hybrid privilege control model on a secure operating system. The DMPC's design has given a high priority to supporting least privilege to a finer level of granularity on trusted systems. Additional (sub-) goals for the DMPC policy are: realizing separation of duties among privileged users, achieving separation of trusted functions from untrusted ones and providing a flexible and dynamically mediated capability mechanism. We show that RBAC alone is insufficient to enforce the principle of least privilege in a dynamic context, and that DTE and POSIX capability mechanism can successfully be conjugated with RBAC for this purpose. We also describe an implementation of the DMPC policy on a real system and report on experimental results
{"title":"A Dynamically Modified Privilege Control Policy","authors":"S. Qing, Qingni Shen, Qingguang Ji, Yeping He","doi":"10.1109/IAW.2006.1652115","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652115","url":null,"abstract":"Trusted systems typically include trusted processes which possess special privileges. Such privileges can circumvent certain security checks but should be used in a controlled manner. This paper proposes a privilege control policy called DMPC (dynamically modified privilege control). It has two components: a hybrid privilege control model and a new POSIX (portable operating system interface) capability inheritance algorithm. The privilege control model in DMPC is a combination of role based access control (RBAC), domain and type enforcement (DTE) and POSIX capability mechanism while the capability inheritance algorithm serves as an engine to effectively enforce the hybrid privilege control model on a secure operating system. The DMPC's design has given a high priority to supporting least privilege to a finer level of granularity on trusted systems. Additional (sub-) goals for the DMPC policy are: realizing separation of duties among privileged users, achieving separation of trusted functions from untrusted ones and providing a flexible and dynamically mediated capability mechanism. We show that RBAC alone is insufficient to enforce the principle of least privilege in a dynamic context, and that DTE and POSIX capability mechanism can successfully be conjugated with RBAC for this purpose. We also describe an implementation of the DMPC policy on a real system and report on experimental results","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127580767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652110
M. Ponec
Internet services are increasingly abused by malicious scripts that try to mimic human users. Reverse Turing tests are challenges used to differentiate humans from computers. Visual reverse Turing tests use visual challenges, such as distorted character recognition tasks, that are easily solved by humans, while remaining too hard for automatic scripts. We demonstrate that the computational and development cost of a script breaking through some currently deployed visual reverse Turing tests is low, thus making them ineffective in protecting these services. We present two case studies of successful attacks on character-based tests that are currently used to protect two public Web services. Our attacks utilize image processing techniques and also exploit flaws in the test deployment
{"title":"Visual Reverse Turing Tests: A False Sense of Security","authors":"M. Ponec","doi":"10.1109/IAW.2006.1652110","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652110","url":null,"abstract":"Internet services are increasingly abused by malicious scripts that try to mimic human users. Reverse Turing tests are challenges used to differentiate humans from computers. Visual reverse Turing tests use visual challenges, such as distorted character recognition tasks, that are easily solved by humans, while remaining too hard for automatic scripts. We demonstrate that the computational and development cost of a script breaking through some currently deployed visual reverse Turing tests is low, thus making them ineffective in protecting these services. We present two case studies of successful attacks on character-based tests that are currently used to protect two public Web services. Our attacks utilize image processing techniques and also exploit flaws in the test deployment","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115233040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2006-06-21DOI: 10.1109/IAW.2006.1652101
C. Corbett, R. Beyah, John A Copeland
Computer networks have become increasingly ubiquitous. However, with the increase in networked applications, there has also been an increase in difficulty to manage and secure these networks. The proliferation of 802.11 wireless networks has heightened this problem by extending networks beyond physical boundaries. We propose the use of spectral analysis to identify the type of wireless network interface card (NIC). This mechanism can be applied to support the detection of unauthorized systems that use NICs which are different from that of a legitimate system. We focus on active scanning, a vaguely specified mechanism required by the 802.11 standard that is implemented in the hardware and software of the wireless NIC. We show that the implementation of this function influences the transmission patterns of a wireless stream that are observable through traffic analysis. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by active scanning. A stable spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that we can distinguish between NICs manufactured by different vendors using the spectral profile
{"title":"Using Active Scanning to Identify Wireless NICs","authors":"C. Corbett, R. Beyah, John A Copeland","doi":"10.1109/IAW.2006.1652101","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652101","url":null,"abstract":"Computer networks have become increasingly ubiquitous. However, with the increase in networked applications, there has also been an increase in difficulty to manage and secure these networks. The proliferation of 802.11 wireless networks has heightened this problem by extending networks beyond physical boundaries. We propose the use of spectral analysis to identify the type of wireless network interface card (NIC). This mechanism can be applied to support the detection of unauthorized systems that use NICs which are different from that of a legitimate system. We focus on active scanning, a vaguely specified mechanism required by the 802.11 standard that is implemented in the hardware and software of the wireless NIC. We show that the implementation of this function influences the transmission patterns of a wireless stream that are observable through traffic analysis. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by active scanning. A stable spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that we can distinguish between NICs manufactured by different vendors using the spectral profile","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122210467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: