Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bob Gilber, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara RAID 2011,9 報告者:張逸文 1.

Published byProsper Holland Modified over 9 years ago

Similar presentations

Presentation on theme: "Bob Gilber, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara RAID 2011,9 報告者:張逸文 1."— Presentation transcript:

1 Bob Gilber, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara RAID 2011,9 報告者:張逸文 1

2 Outline Introduction System Overview System Implementation Applications for DYMO Evaluation Security Analysis Related Work Conclusions 2

3 Introduction ( #1 ) Access control : user-based authorization Code identity Measurements of a process DYMO, a system that provides a dynamic code identity primitive Identity label Network access 3

4 Introduction ( #2 ) Track the run-time integrity of a process DYMO Extending DYMO to label network packets Experimental results 4

5 System Overview ( #1 ) System requirements Precise Secure Efficient System Design Computing cryptographic hash of each code section as the process’ identity Precise Label computation 5

6 System Overview ( #2 ) Handling Dynamically Generated Code Don’t hash dynamic code regions directly dynamically generated code only in certain known parts Secure Label Computation runs at a higher privilege Inside a VMM / as part of the OS Efficient Label Computation Modify Windows memory management routines The label is computed incrementally 6

7 System Implementation ( #1 ) Problems Load DLLs during run-time Arbitrary memory regions DLL reloading System Initialization 1. Register for kernel-provided callbacks 2. Hook the NT kernel system services 3. Hook the page fault handler 4. Use Data Execution Prevention(DEP)DEP 7

8 System Implementation ( #2 ) Identity Label Generation Image hash + region hash = identity label Image Hashes 1. Build process profile 2. Locate the code segment 3. Modify page protection 4. DEP exception 5. Page fault handler 8

9 System Implementation ( #3 ) Region Hashes 1. hook NtAllocateVirtualMemory, NtMapViewOfSection, NtProtectVirtualMemory 2. check execute access These executable regions are for dynamic code generation Handling Dynamic Code Generation Allocator Writer Caller 9 region hash

10 System Implementation ( #4 ) Handling the PAGE_EXECUTE_READWRITE protection PAGE_EXECUTE_READWRITE => PAGE_READWRITE + PAGE_EXECUTE_READ Establishing Identity Strict matching policy Relaxed matching policy 10

11 Application for DYMO ( #1 ) Application-Based Access Control access control based on the identity global distribution mechanisms whitelist for all users DYMO Network Extension Inject network packet Label Size Optimization Huffman Split label over multiple packets 11

12 Application for DYMO ( #2 ) The injector : NDIS Intermediate Filter driver The Broker : TDI Filter driver 12 Connection ID TCP/IP transport driver Network Adapter broker Process identity label injector Modified packet

13 Evaluation ( #1 ) Label Precision Three experimental environment Training database 93% applications’ labels are precision Effect of Process Tampering Tampering by Malware Tampering by Exploits Performance Impact 13

14 Evaluation ( #2 ) 14

15 Evaluation ( #3 ) 15 PassMark AppTimer tool < 1 sec.

16 Security Analysis Create executable memory regions Add code to a trusted program Tamper with the data of a process Non-control-data attack 16

17 Related Work Local Identification Patagonix – a hypervisor-based system Patagonix Tripwire – static code identity Remote Identification Sailer ti al. Trusted Platform Module – identify applications for remote attestation Sailer ti al. Trusted Platform Module 17

18 Conclusion DYMO, a dynamic code identity primitive Extends DYMO to network packet An acceptable performance overhead Future work Extending DYMO to other platforms Sophisticated network-level policy enforcement mechanism 18

Download ppt "Bob Gilber, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara RAID 2011,9 報告者:張逸文 1."

Similar presentations

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
GridRPC Sources / Credits: IRISA/IFSIC IRISA/INRIA Thierry Priol et. al papers.

GridRPC Sources / Credits: IRISA/IFSIC IRISA/INRIA Thierry Priol et. al papers.
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science ©2002-2004 Matt Bishop.

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.

Topics in Advanced Network Security 1 Stateful Intrusion Detection for High Speed Networks Christopher Kruegel Fredrick Valeur Giovanni Vigna Richard Kemmerer.
Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr.

Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr.
Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s.

Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
CS533 Concepts of OS Class 16 ExoKernel by Constantia Tryman.

CS533 Concepts of OS Class 16 ExoKernel by Constantia Tryman.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Similar presentations

Ads by Google