VTechWorks staff will be away for the winter holidays starting Tuesday, December 24, 2024, through Wednesday, January 1, 2025, and will not be replying to requests during this time. Thank you for your patience, and happy holidays!
 

Identifying Native Applications with High Assurance

Simple item page
dc.contributor.authorAlmohri, Hussain M.J.en
dc.contributor.authorYao, Danfeng (Daphne)en
dc.contributor.authorKafura, Dennis G.en
dc.contributor.departmentComputer Scienceen
dc.date.accessioned2013-06-19T14:36:56Zen
dc.date.available2013-06-19T14:36:56Zen
dc.date.issued2011en
dc.description.abstractThe work described in this paper investigates the problem of identifying and deterring stealthy malicious processes on a host. We point out the lack of strong application iden- tication in main stream operating systems. We solve the application identication problem by proposing a novel iden- tication model in which user-level applications are required to present identication proofs at run time to be authenti- cated by the kernel using an embedded secret key. The se- cret key of an application is registered with a trusted kernel using a key registrar and is used to uniquely authenticate and authorize the application. We present a protocol for secure authentication of applications. Additionally, we de- velop a system call monitoring architecture that uses our model to verify the identity of applications when making critical system calls. Our system call monitoring can be integrated with existing policy specication frameworks to enforce application-level access rights. We implement and evaluate a prototype of our monitoring architecture in Linux as device drivers with nearly no modication of the ker- nel. The results from our extensive performance evaluation shows that our prototype incurs low overhead, indicating the feasibility of our model.en
dc.format.mimetypeapplication/pdfen
dc.identifierhttp://eprints.cs.vt.edu/archive/00001169/en
dc.identifier.sourceurlhttp://eprints.cs.vt.edu/archive/00001169/01/codaspy12.pdfen
dc.identifier.trnumberTR-11-20en
dc.identifier.urihttp://hdl.handle.net/10919/19408en
dc.language.isoenen
dc.publisherDepartment of Computer Science, Virginia Polytechnic Institute & State Universityen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectParallel computationen
dc.titleIdentifying Native Applications with High Assuranceen
dc.typeTechnical reporten
dc.type.dcmitypeTexten

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
codaspy12.pdf
Size:
504.25 KB
Format:
Adobe Portable Document Format
Download

Collections

Computer Science Technical Reports
Destination Area: Integrated Security (IS)