首页 > 最新文献

21st Annual Computer Security Applications Conference (ACSAC'05)最新文献

英文 中文
Survivability architecture of a mission critical system: the DPASA example 关键任务系统的生存能力架构:DPASA示例
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.54
Jennifer Chong, P. Pal, M. Atighetchi, P. Rubel, F. Webber
Many techniques and mechanisms exist today, some COTS, others less mature research products that can be used to deflect, detect, or even recover from specific types of cyber attacks. None of them individually is sufficient to provide an all around defense for a mission critical distributed system. A mission critical system must operate despite sustained attacks throughout the mission cycle, which in the case of military systems, can range from hours to days. A comprehensive survivability architecture, where individual security tools and defense mechanisms are used as building blocks, is required to achieve this level of survivability. We have recently designed a survivability architecture, which combined elements of protection, detection, and adaptive reaction; and applied it to a DoD information system. The resulting defense-enabled system was first evaluated internally, and then deployed for external Red Team exercise. In this paper we describe the survivability architecture of the system, and explain the rationale that motivated the design
目前存在许多技术和机制,一些是COTS,另一些是不太成熟的研究产品,可用于转移、检测甚至从特定类型的网络攻击中恢复。它们中的任何一个单独都不足以为任务关键型分布式系统提供全面的防御。关键任务系统必须在整个任务周期内运行,尽管持续的攻击,在军事系统的情况下,可能从数小时到数天不等。实现这种级别的生存能力需要一个全面的生存能力体系结构,其中单个安全工具和防御机制被用作构建块。我们最近设计了一个生存能力架构,它结合了保护、检测和适应性反应的元素;并将其应用于国防部信息系统。最终的防御启用系统首先在内部进行评估,然后部署到外部红队演习中。在本文中,我们描述了系统的生存性架构,并解释了激发设计的基本原理
{"title":"Survivability architecture of a mission critical system: the DPASA example","authors":"Jennifer Chong, P. Pal, M. Atighetchi, P. Rubel, F. Webber","doi":"10.1109/CSAC.2005.54","DOIUrl":"https://doi.org/10.1109/CSAC.2005.54","url":null,"abstract":"Many techniques and mechanisms exist today, some COTS, others less mature research products that can be used to deflect, detect, or even recover from specific types of cyber attacks. None of them individually is sufficient to provide an all around defense for a mission critical distributed system. A mission critical system must operate despite sustained attacks throughout the mission cycle, which in the case of military systems, can range from hours to days. A comprehensive survivability architecture, where individual security tools and defense mechanisms are used as building blocks, is required to achieve this level of survivability. We have recently designed a survivability architecture, which combined elements of protection, detection, and adaptive reaction; and applied it to a DoD information system. The resulting defense-enabled system was first evaluated internally, and then deployed for external Red Team exercise. In this paper we describe the survivability architecture of the system, and explain the rationale that motivated the design","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131266363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Highlights from the 2005 New Security Paradigms Workshop 2005年新安全范例研讨会要点
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.29
S. Foley, Abe Singer, M. Locasto, Stelios Sidiroglou, A. Keromytis, J. McDermott, Julie Thorpe, P. V. Oorschot, Anil Somayaji, R. Ford, M. Bush, Alex Boulatov
This panel highlights a selection of the most interesting and provocative papers from the 2005 New Security Paradigms Workshop. This workshop was held September 2005 - the URL for more information is http://www.nspw.org. The panel consists of authors of the selected papers, and the session is moderated by the workshop's general chairs. We present selected papers focusing on exciting major themes that emerged from the workshop. These are the papers that will provoke the most interesting discussion at ACSAC.
本次专题讨论精选了2005年新安全范式研讨会上最有趣、最具争议性的论文。该研讨会于2005年9月举行-更多信息的URL是http://www.nspw.org。小组由选定论文的作者组成,会议由研讨会的总主席主持。我们将介绍精选的论文,重点关注研讨会中出现的令人兴奋的主要主题。这些论文将在ACSAC上引发最有趣的讨论。
{"title":"Highlights from the 2005 New Security Paradigms Workshop","authors":"S. Foley, Abe Singer, M. Locasto, Stelios Sidiroglou, A. Keromytis, J. McDermott, Julie Thorpe, P. V. Oorschot, Anil Somayaji, R. Ford, M. Bush, Alex Boulatov","doi":"10.1109/CSAC.2005.29","DOIUrl":"https://doi.org/10.1109/CSAC.2005.29","url":null,"abstract":"This panel highlights a selection of the most interesting and provocative papers from the 2005 New Security Paradigms Workshop. This workshop was held September 2005 - the URL for more information is http://www.nspw.org. The panel consists of authors of the selected papers, and the session is moderated by the workshop's general chairs. We present selected papers focusing on exciting major themes that emerged from the workshop. These are the papers that will provoke the most interesting discussion at ACSAC.","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131287414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Code security analysis of a biometric authentication system using automated theorem provers 使用自动定理证明器的生物识别认证系统的代码安全性分析
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.15
J. Jürjens
Understanding the security goals provided by cryptographic protocol implementations is known to be difficult, since security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the context of cryptographic interactions. A lot of research has been devoted to developing formal techniques to analyze abstract specifications of cryptographic protocols. Less attention has been paid to the analysis of cryptoprotocol implementations, for which a formal link to specifications is often not available. In this paper, we apply an approach to determine security goals provided by a C implementation to an industrially-strength biometric authentication system. Our approach is based on control flow graphs and automated theorem provers for first-order logic
众所周知,理解加密协议实现提供的安全目标是很困难的,因为诸如数据的保密性、完整性和真实性等安全需求是非常难以确定的,特别是在加密交互的上下文中。许多研究都致力于开发形式化技术来分析加密协议的抽象规范。对加密协议实现的分析关注较少,因为通常没有与规范的正式链接。在本文中,我们应用了一种方法来确定由C实现提供的工业强度生物识别认证系统的安全目标。我们的方法是基于控制流图和一阶逻辑的自动定理证明
{"title":"Code security analysis of a biometric authentication system using automated theorem provers","authors":"J. Jürjens","doi":"10.1109/CSAC.2005.15","DOIUrl":"https://doi.org/10.1109/CSAC.2005.15","url":null,"abstract":"Understanding the security goals provided by cryptographic protocol implementations is known to be difficult, since security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the context of cryptographic interactions. A lot of research has been devoted to developing formal techniques to analyze abstract specifications of cryptographic protocols. Less attention has been paid to the analysis of cryptoprotocol implementations, for which a formal link to specifications is often not available. In this paper, we apply an approach to determine security goals provided by a C implementation to an industrially-strength biometric authentication system. Our approach is based on control flow graphs and automated theorem provers for first-order logic","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129375558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Design and implementation of an extrusion-based break-in detector for personal computers 一种基于挤压的个人电脑闯入探测器的设计与实现
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.19
Weidong Cui, R. Katz, Wai-tian Tan
An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. In this paper, we tackle the problem of automated detection of break-ins caused by unknown malware targeting personal computers. We develop a host based system, BINDER (Break-IN DEtectoR), to detect break-ins by capturing user unintended malicious outbound connections (referred to as extrusions). To infer user intent, BINDER correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. Thus BINDER can detect a large class of unknown malware such as worms, spyware and adware without requiring signatures. We have successfully used BINDER to detect real world spyware on daily used computers and email worms on a controlled testbed with very small false positives
越来越多的恶意软件,如蠕虫、间谍软件和广告软件,威胁着个人和商业计算。被入侵系统的远程控制机器人网络正在迅速增长。在本文中,我们解决了针对个人电脑的未知恶意软件入侵的自动检测问题。我们开发了一个基于主机的系统BINDER(入侵检测器),通过捕获用户无意的恶意出站连接(称为挤出)来检测入侵。为了推断用户意图,BINDER在流程级别将出站连接与用户驱动的输入关联起来,假设用户驱动的输入隐含了用户意图。因此,BINDER可以检测大量未知的恶意软件,如蠕虫,间谍软件和广告软件,而不需要签名。我们已经成功地使用BINDER在日常使用的计算机上检测真实世界的间谍软件,并在受控的测试台上检测电子邮件蠕虫,假阳性非常小
{"title":"Design and implementation of an extrusion-based break-in detector for personal computers","authors":"Weidong Cui, R. Katz, Wai-tian Tan","doi":"10.1109/CSAC.2005.19","DOIUrl":"https://doi.org/10.1109/CSAC.2005.19","url":null,"abstract":"An increasing variety of malware, such as worms, spyware and adware, threatens both personal and business computing. Remotely controlled bot networks of compromised systems are growing quickly. In this paper, we tackle the problem of automated detection of break-ins caused by unknown malware targeting personal computers. We develop a host based system, BINDER (Break-IN DEtectoR), to detect break-ins by capturing user unintended malicious outbound connections (referred to as extrusions). To infer user intent, BINDER correlates outbound connections with user-driven input at the process level under the assumption that user intent is implied by user-driven input. Thus BINDER can detect a large class of unknown malware such as worms, spyware and adware without requiring signatures. We have successfully used BINDER to detect real world spyware on daily used computers and email worms on a controlled testbed with very small false positives","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117323005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 51
Securing email archives through user modeling 通过用户建模保护电子邮件存档
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.50
Yiru Li, Anil Somayaji
Online email archives are an under-protected yet extremely sensitive information resource. Email archives can store years worth of personal and business email in an easy-to-access form, one that is much easier to compromise than messages being transmitted "on the wire." Most email archives, however, are protected by reusable passwords that are often weak and can be easily compromised. To protect such archives, we propose a novel user-specific design for an anomaly-based email archive intrusion detection system. As a first step towards building such a system, we have developed a simple probabilistic model of user email behavior that correlates email senders and a user's disposition of emails. In tests using data gathered from three months of observed user behavior and synthetic models of attacker behavior, this model exhibits a low rate of false positives (generally one false alarm every few weeks) while still detecting most attacks. These results suggest that anomaly detection is a feasible strategy for securing email archives, one that does not require changes in user authentication or access behavior
在线电子邮件档案是一种保护不足但极其敏感的信息资源。电子邮件档案可以以一种易于访问的形式存储多年的个人和商业电子邮件,这种形式比“在网上”传输的信息更容易被破坏。然而,大多数电子邮件档案都是由可重复使用的密码保护的,这些密码通常很弱,很容易被攻破。为了保护这些档案,我们提出了一种新的基于用户的基于异常的电子邮件档案入侵检测系统设计。作为建立这样一个系统的第一步,我们开发了一个简单的用户电子邮件行为的概率模型,该模型将电子邮件发送者和用户的电子邮件处理联系起来。在使用从三个月观察到的用户行为和攻击者行为的合成模型收集的数据进行的测试中,该模型显示出低误报率(通常每隔几周出现一次假警报),同时仍然检测到大多数攻击。这些结果表明,异常检测是保护电子邮件存档的可行策略,不需要更改用户身份验证或访问行为
{"title":"Securing email archives through user modeling","authors":"Yiru Li, Anil Somayaji","doi":"10.1109/CSAC.2005.50","DOIUrl":"https://doi.org/10.1109/CSAC.2005.50","url":null,"abstract":"Online email archives are an under-protected yet extremely sensitive information resource. Email archives can store years worth of personal and business email in an easy-to-access form, one that is much easier to compromise than messages being transmitted \"on the wire.\" Most email archives, however, are protected by reusable passwords that are often weak and can be easily compromised. To protect such archives, we propose a novel user-specific design for an anomaly-based email archive intrusion detection system. As a first step towards building such a system, we have developed a simple probabilistic model of user email behavior that correlates email senders and a user's disposition of emails. In tests using data gathered from three months of observed user behavior and synthetic models of attacker behavior, this model exhibits a low rate of false positives (generally one false alarm every few weeks) while still detecting most attacks. These results suggest that anomaly detection is a feasible strategy for securing email archives, one that does not require changes in user authentication or access behavior","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"328 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132584770","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Stealth breakpoints 隐形断点
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.52
Amit Vasudevan, R. Yerraballi
Microscopic analysis of malicious code (malware) requires the aid of a variety of powerful tools. Chief among them is a debugger that enables runtime binary analysis at an instruction level. One of the important services provided by a debugger is the ability to stop execution of code at an arbitrary point during runtime, using breakpoints. Software breakpoints support an unlimited number of breakpoint locations by changing the code being debugged so that it can be interrupted during runtime. Most, if not all, malware are very sensitive to code modification with self-modifying and/or self-checking (SM-SC) capabilities, rendering the use of software breakpoints limited in their scope. Hardware breakpoints supported by the underlying processor, on the other hand, use a subset of the processor register set and exception mechanisms to provide breakpoints that do not entail code modification. This makes hardware breakpoints the most powerful breakpoint mechanism for malware analysis. However, current processors provide a very limited number of hardware breakpoints (typically 2-4 locations). Thus, a serious restriction is imposed on the debugger to set a desired number of breakpoints without resorting to the limited alternative of software breakpoints. Also, with the ever evolving nature of malware, there are techniques being employed that prevent the use of hardware breakpoints. This calls for a new breakpoint mechanism that retains the features of hardware breakpoints while providing an unlimited number of breakpoints, which cannot be detected or countered. In this paper, we present the concept of stealth breakpoints and discuss the design and implementation of VAMPiRE, a realization of this concept. VAMPiRE cannot be detected or countered and provides unlimited number of breakpoints to be set on code, data, and I/O with the same precision as that of hardware breakpoints. It does so by employing a subtle combination of simple stealth techniques using virtual memory and hardware single-stepping mechanisms that are available on all processors, old and new. This technique makes VAMPiRE portable to any architecture, providing powerful breakpoint ability similar to hardware breakpoints for microscopic malware analysis
恶意代码的微观分析需要各种强大工具的帮助。其中最主要的是调试器,它支持在指令级别上进行运行时二进制分析。调试器提供的重要服务之一是能够使用断点在运行时的任意点停止代码的执行。软件断点通过更改正在调试的代码来支持无限数量的断点位置,以便在运行时中断代码。大多数(如果不是全部的话)恶意软件对具有自我修改和/或自检(SM-SC)功能的代码修改非常敏感,这使得软件断点的使用在其范围内受到限制。另一方面,底层处理器支持的硬件断点使用处理器寄存器集和异常机制的子集来提供不需要修改代码的断点。这使得硬件断点成为恶意软件分析中最强大的断点机制。然而,当前的处理器提供的硬件断点数量非常有限(通常为2-4个位置)。因此,对调试器施加了严格的限制,以设置所需数量的断点,而不诉诸于有限的软件断点替代方案。此外,随着恶意软件的不断发展,有一些技术被用来防止使用硬件断点。这就需要一种新的断点机制,既保留硬件断点的特性,又提供无限数量的断点,这些断点无法被检测或反击。在本文中,我们提出了隐身断点的概念,并讨论了吸血鬼的设计和实现,这是这一概念的实现。VAMPiRE不能被检测或反击,并提供无限数量的断点,可以在代码、数据和I/O上设置,其精度与硬件断点相同。它通过使用虚拟内存和硬件单步机制的简单隐身技术的巧妙组合来实现这一点,这些技术适用于所有处理器,无论新旧。这种技术使得VAMPiRE可以移植到任何架构中,提供强大的断点功能,类似于用于微观恶意软件分析的硬件断点
{"title":"Stealth breakpoints","authors":"Amit Vasudevan, R. Yerraballi","doi":"10.1109/CSAC.2005.52","DOIUrl":"https://doi.org/10.1109/CSAC.2005.52","url":null,"abstract":"Microscopic analysis of malicious code (malware) requires the aid of a variety of powerful tools. Chief among them is a debugger that enables runtime binary analysis at an instruction level. One of the important services provided by a debugger is the ability to stop execution of code at an arbitrary point during runtime, using breakpoints. Software breakpoints support an unlimited number of breakpoint locations by changing the code being debugged so that it can be interrupted during runtime. Most, if not all, malware are very sensitive to code modification with self-modifying and/or self-checking (SM-SC) capabilities, rendering the use of software breakpoints limited in their scope. Hardware breakpoints supported by the underlying processor, on the other hand, use a subset of the processor register set and exception mechanisms to provide breakpoints that do not entail code modification. This makes hardware breakpoints the most powerful breakpoint mechanism for malware analysis. However, current processors provide a very limited number of hardware breakpoints (typically 2-4 locations). Thus, a serious restriction is imposed on the debugger to set a desired number of breakpoints without resorting to the limited alternative of software breakpoints. Also, with the ever evolving nature of malware, there are techniques being employed that prevent the use of hardware breakpoints. This calls for a new breakpoint mechanism that retains the features of hardware breakpoints while providing an unlimited number of breakpoints, which cannot be detected or countered. In this paper, we present the concept of stealth breakpoints and discuss the design and implementation of VAMPiRE, a realization of this concept. VAMPiRE cannot be detected or countered and provides unlimited number of breakpoints to be set on code, data, and I/O with the same precision as that of hardware breakpoints. It does so by employing a subtle combination of simple stealth techniques using virtual memory and hardware single-stepping mechanisms that are available on all processors, old and new. This technique makes VAMPiRE portable to any architecture, providing powerful breakpoint ability similar to hardware breakpoints for microscopic malware analysis","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133278731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 70
Detecting intra-enterprise scanning worms based on address resolution 基于地址解析检测企业内部扫描蠕虫
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.20
D. Whyte, P. V. Oorschot, E. Kranakis
Signature-based schemes for detecting Internet worms often fail on zero-day worms, and their ability to rapidly react to new threats is typically limited by the requirement of some form of human involvement to formulate updated attack signatures. We propose an anomaly-based detection technique detailing a method to detect propagation of scanning worms within individual network cells, thus protecting internal networks from infection by internal clients. Our software implementation indicates that this technique is both accurate and rapid enough to enable automatic containment and suppression of worm propagation within a network cell. Our approach relies on an aggregate anomaly score, derived from the correlation of address resolution protocol (ARP) activity from individual network attached devices. Our preliminary analysis and prototype indicate that this technique can be used to rapidly detect zero-day worms within a very small number of scans
用于检测Internet蠕虫的基于签名的方案经常在零日蠕虫上失败,并且它们对新威胁的快速反应能力通常受到某种形式的人工参与来制定更新攻击签名的要求的限制。我们提出了一种基于异常的检测技术,详细介绍了一种检测单个网络细胞内扫描蠕虫传播的方法,从而保护内部网络免受内部客户端感染。我们的软件实现表明,这种技术既准确又快速,可以自动遏制和抑制网络单元内的蠕虫传播。我们的方法依赖于一个汇总的异常评分,该评分来源于来自各个网络连接设备的地址解析协议(ARP)活动的相关性。我们的初步分析和原型表明,这种技术可以在非常少量的扫描中快速检测到零日蠕虫
{"title":"Detecting intra-enterprise scanning worms based on address resolution","authors":"D. Whyte, P. V. Oorschot, E. Kranakis","doi":"10.1109/CSAC.2005.20","DOIUrl":"https://doi.org/10.1109/CSAC.2005.20","url":null,"abstract":"Signature-based schemes for detecting Internet worms often fail on zero-day worms, and their ability to rapidly react to new threats is typically limited by the requirement of some form of human involvement to formulate updated attack signatures. We propose an anomaly-based detection technique detailing a method to detect propagation of scanning worms within individual network cells, thus protecting internal networks from infection by internal clients. Our software implementation indicates that this technique is both accurate and rapid enough to enable automatic containment and suppression of worm propagation within a network cell. Our approach relies on an aggregate anomaly score, derived from the correlation of address resolution protocol (ARP) activity from individual network attached devices. Our preliminary analysis and prototype indicate that this technique can be used to rapidly detect zero-day worms within a very small number of scans","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121799583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Have the cake and eat it too - infusing usability into text-password based authentication systems 鱼与熊掌兼得——为基于文本密码的身份验证系统注入可用性
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.28
S. Jeyaraman, Umut Topkara
Text-password based authentication schemes are a popular means of authenticating users in computer systems. Standard security practices that were intended to make passwords more difficult to crack, such as requiring users to have passwords that "look random" (high entropy), have made password systems less usable and paradoxically, less secure. In this work, we address the need for enhancing the usability of existing text-password systems without necessitating any modifications to the existing password authentication infrastructure. We propose, develop and evaluate a system that automatically generates memorable mnemonics for a given password based on a text-corpus. Initial experimental results suggest that automatic mnemonic generation is a promising technique for making text-password systems more usable. Our system was able to generate mnemonics for 80.5% of six-character passwords and 62.7% of seven-character passwords containing lower-case characters (a-z), even when the text-corpus size is extremely small (1000 sentences)
基于文本密码的身份验证方案是计算机系统中常用的用户身份验证方法。标准的安全措施旨在使密码更难破解,例如要求用户的密码“看起来是随机的”(高熵),这使得密码系统的可用性降低,自相矛盾的是,安全性也降低了。在这项工作中,我们解决了增强现有文本密码系统可用性的需求,而无需对现有密码身份验证基础设施进行任何修改。我们提出,开发和评估一个系统,自动生成一个令人难忘的助记符基于文本语料库给定的密码。初步的实验结果表明,自动助记符生成是一种很有前途的技术,可以提高文本密码系统的可用性。我们的系统能够为80.5%的六字符密码和62.7%的包含小写字符(a-z)的七字符密码生成助记符,即使文本语料库大小非常小(1000个句子)也是如此。
{"title":"Have the cake and eat it too - infusing usability into text-password based authentication systems","authors":"S. Jeyaraman, Umut Topkara","doi":"10.1109/CSAC.2005.28","DOIUrl":"https://doi.org/10.1109/CSAC.2005.28","url":null,"abstract":"Text-password based authentication schemes are a popular means of authenticating users in computer systems. Standard security practices that were intended to make passwords more difficult to crack, such as requiring users to have passwords that \"look random\" (high entropy), have made password systems less usable and paradoxically, less secure. In this work, we address the need for enhancing the usability of existing text-password systems without necessitating any modifications to the existing password authentication infrastructure. We propose, develop and evaluate a system that automatically generates memorable mnemonics for a given password based on a text-corpus. Initial experimental results suggest that automatic mnemonic generation is a promising technique for making text-password systems more usable. Our system was able to generate mnemonics for 80.5% of six-character passwords and 62.7% of seven-character passwords containing lower-case characters (a-z), even when the text-corpus size is extremely small (1000 sentences)","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131205682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 50
We need assurance! [assurance of computing quality, reliability, and safety] 我们需要保证![计算质量、可靠性和安全性的保证]
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.63
Brian D. Snow
When will we be secure? Nobody knows for sure - but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers' stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today's commercial security products and services. The author discusses paths to better assurance in operating systems, applications, and hardware through better development environments, requirements definition, systems engineering, quality certification, and legal/regulatory constraints. The author also gave some examples
我们什么时候才能安全?没有人知道确切的答案——但在商业安全产品和服务不仅拥有足够的功能来满足客户所陈述的需求,而且拥有足够的质量、可靠性、安全性和适用性保证之前,这是不可能发生的。当今大多数商业安全产品和服务都缺乏这样的保证。作者讨论了通过更好的开发环境、需求定义、系统工程、质量认证和法律/法规约束在操作系统、应用程序和硬件中获得更好保证的途径。作者还给出了一些例子
{"title":"We need assurance! [assurance of computing quality, reliability, and safety]","authors":"Brian D. Snow","doi":"10.1109/CSAC.2005.63","DOIUrl":"https://doi.org/10.1109/CSAC.2005.63","url":null,"abstract":"When will we be secure? Nobody knows for sure - but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers' stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today's commercial security products and services. The author discusses paths to better assurance in operating systems, applications, and hardware through better development environments, requirements definition, systems engineering, quality certification, and legal/regulatory constraints. The author also gave some examples","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133793004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Model checking an entire Linux distribution for security violations 模型检查整个Linux发行版的安全违规
Pub Date : 2005-12-05 DOI: 10.1109/CSAC.2005.39
Benjamin Schwarz, Hao Chen, D. Wagner, Jeremy Lin, Wei Tu, Geoff Morrison, Jacob West
Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we report our experiences with software model checking for security properties on an extremely large scale - an entire Linux distribution consisting of 839 packages and 60 million lines of code. To date, we have discovered 108 exploitable bugs. Our results indicate that model checking can be both a feasible and integral part of the software development process
软件模型检查已成为验证程序行为的一种流行工具。最近的结果表明,它对于快速发现和根除安全漏洞是可行的。然而,即使是最先进的模型检查器,当它们报告大量的误报时,或者当它们漫长的运行时间使其他软件开发过程相形见绌时,它们的使用也受到限制。在这篇论文中,我们报告了我们在一个极其大规模的软件模型安全属性检查方面的经验——整个Linux发行版由839个包和6000万行代码组成。到目前为止,我们已经发现了108个可利用的漏洞。我们的结果表明,模型检查可以是软件开发过程中一个可行的和不可分割的部分
{"title":"Model checking an entire Linux distribution for security violations","authors":"Benjamin Schwarz, Hao Chen, D. Wagner, Jeremy Lin, Wei Tu, Geoff Morrison, Jacob West","doi":"10.1109/CSAC.2005.39","DOIUrl":"https://doi.org/10.1109/CSAC.2005.39","url":null,"abstract":"Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we report our experiences with software model checking for security properties on an extremely large scale - an entire Linux distribution consisting of 839 packages and 60 million lines of code. To date, we have discovered 108 exploitable bugs. Our results indicate that model checking can be both a feasible and integral part of the software development process","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129824430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 71
期刊
21st Annual Computer Security Applications Conference (ACSAC'05)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1