By Topic

20th Annual Computer Security Applications Conference

6-10 Dec. 2004

Filter Results

Displaying Results 1 - 25 of 51
  • Proceedings. 20th Annual Computer Security Applications Conference

    Publication Year: 2004
    Request permission for commercial reuse | PDF file iconPDF (31 KB)
    Freely Available from IEEE
  • [Title page]

    Publication Year: 2004, Page(s):i - iv
    Request permission for commercial reuse | PDF file iconPDF (66 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2004, Page(s):v - xii
    Request permission for commercial reuse | PDF file iconPDF (56 KB)
    Freely Available from IEEE
  • Message from the Conference Chair

    Publication Year: 2004, Page(s): xiii
    Request permission for commercial reuse | PDF file iconPDF (18 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Committee

    Publication Year: 2004, Page(s): xiv
    Request permission for commercial reuse | PDF file iconPDF (946 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2004, Page(s): xviii
    Request permission for commercial reuse | PDF file iconPDF (23 KB)
    Freely Available from IEEE
  • Tutorial Committee

    Publication Year: 2004, Page(s): xix
    Request permission for commercial reuse | PDF file iconPDF (21 KB)
    Freely Available from IEEE
  • list-reviewer

    Publication Year: 2004, Page(s): xx
    Request permission for commercial reuse | PDF file iconPDF (33 KB)
    Freely Available from IEEE
  • Speaker biographies

    Publication Year: 2004, Page(s):xxiii - xxiv
    Request permission for commercial reuse | PDF file iconPDF (75 KB)
    Freely Available from IEEE
  • The trustworthy computing security development lifecycle

    Publication Year: 2004, Page(s):2 - 13
    Cited by:  Papers (32)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (7624 KB) | HTML iconHTML

    This paper discusses the trustworthy computing security development lifecycle (or simply the SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process. These activities and deliv... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An intrusion detection tool for AODV-based ad hoc wireless networks

    Publication Year: 2004, Page(s):16 - 27
    Cited by:  Papers (54)  |  Patents (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (320 KB) | HTML iconHTML

    Mobile ad hoc network routing protocols are highly susceptible to subversion. Previous research in securing these protocols has typically used techniques based on encryption and redundant transmission. These techniques prevent a range of attacks against routing protocols but are expensive to deploy on energy-constrained wireless devices. Experience in securing wired networks has demonstrated that,... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic generation and analysis of NIDS attacks

    Publication Year: 2004, Page(s):28 - 38
    Cited by:  Papers (22)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (248 KB) | HTML iconHTML

    A common way to elude a signature-based NIDS is to transform an attack instance that the NIDS recognizes into another instance that it misses. For example, to avoid matching the attack payload to a NIDS signature, attackers split the payload into several TCP packets or hide it between benign messages. We observe that different attack instances can be derived from each other using simple transforma... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reasoning about complementary intrusion evidence

    Publication Year: 2004, Page(s):39 - 48
    Cited by:  Papers (6)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (264 KB) | HTML iconHTML

    This paper presents techniques to integrate and reason about complementary intrusion evidence such as alerts generated by intrusion detection systems (IDSs) and reports by system monitoring or vulnerability scanning tools. To facilitate the modeling of intrusion evidence, this paper classifies intrusion evidence into either event-based evidence or state-based evidence. Event-based evidence refers ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards secure design choices for implementing graphical passwords

    Publication Year: 2004, Page(s):50 - 60
    Cited by:  Papers (19)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (200 KB) | HTML iconHTML

    We study the impact of selected parameters on the size of the password space for "Draw-A-Secret" (DAS) graphical passwords. We examine the role of and relationships between the number of composite strokes, grid dimensions, and password length in the DAS password space. We show that a very significant proportion of the DAS password space depends on the assumption that users will choose long passwor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Visualizing and identifying intrusion context from system calls trace

    Publication Year: 2004, Page(s):61 - 70
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (544 KB) | HTML iconHTML

    Anomaly-based intrusion detection (AID) techniques are useful for detecting novel intrusions without known signatures. However, AID techniques suffer from higher false alarm rate compared to signature-based intrusion detection techniques. In this paper, the concept of intrusion context identification is introduced to address the problem. The identification of the intrusion context can help to sign... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Visualizing enterprise-wide security (VIEWS)

    Publication Year: 2004, Page(s):71 - 79
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (200 KB) | HTML iconHTML

    This paper discusses VIEWS, a specification for building diagrams that describe the security features of systems. The authors' recent experience with providing security architecture and engineering support to organizations with large, distributed applications suggests that security architecture and assurance efforts could benefit by following other engineering disciplines, where using graphical mo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors)

    Publication Year: 2004, Page(s):82 - 90
    Cited by:  Papers (18)  |  Patents (13)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB) | HTML iconHTML

    Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the program to write beyond the bounds of an allocated memory block to corrupt other data structures. The standard way to exploit a buffer overflow vulnerability involves a request that is too large for the buffer intended to hold it. The buffer overflow error causes the program to write part of the re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting kernel-level rootkits through binary analysis

    Publication Year: 2004, Page(s):91 - 100
    Cited by:  Papers (41)  |  Patents (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (248 KB) | HTML iconHTML

    A rootkit is a collection of tools used by intruders to keep the legitimate users and administrators of a compromised machine unaware of their presence. Originally, root-kits mainly included modified versions of system auditing programs (e.g., ps or netstat on a Unix system). However, for operating systems that support loadable kernel modules (e.g., Linux and Solaris), a new type of rootkit has re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detecting exploit code execution in loadable kernel modules

    Publication Year: 2004, Page(s):101 - 110
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (192 KB) | HTML iconHTML

    In current extensible monolithic operating systems, loadable kernel modules (LKM) have unrestricted access to all portions of kernel memory and I/O space. As a result, kernel-module exploitation can jeopardize the integrity of the entire system. In this paper, we analyze the threat that comes from the implicit trust relationship between the operating system kernel and loadable kernel modules. We t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Relationship of System & Product Specifications and Evaluations

    Publication Year: 2004, Page(s):112 - 113
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (70 KB)

    This panel will address present and future approaches to these determinations. Following panelist's opening statements the moderator will ask important provocative questions and accept questions from the audience. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using predators to combat worms and viruses: a simulation-based study

    Publication Year: 2004, Page(s):116 - 125
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (648 KB) | HTML iconHTML

    Large-scale attacks generated by fast-spreading or stealthy malicious mobile code, such as flash worms and e-mail viruses, demand new approaches to patch management and disinfection. Currently popular centralized approaches suffer from distribution bottlenecks which cannot be solved by merely increasing the number of servers, as the number of servers required to eliminate all bottlenecks is imprac... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • High-fidelity modeling of computer network worms

    Publication Year: 2004, Page(s):126 - 135
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (240 KB) | HTML iconHTML

    Abstract modeling, such as using epidemic models, has been the general method of choice for understanding and analyzing the high-level effects of worms. However, high-fidelity models, such as packet-level models, are indispensable for moving beyond aggregate effects, to capture finer nuances and complexities associated with known and future worms in realistic network environments. We first identif... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Worm detection, early warning and response based on local victim information

    Publication Year: 2004, Page(s):136 - 145
    Cited by:  Papers (25)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (480 KB) | HTML iconHTML

    Worm detection systems have traditionally focused on global strategies. In the absence of a global worm detection system, we examine the effectiveness of local worm detection and response strategies. This paper makes three contributions: (1) we propose a simple two-phase local worm victim detection algorithm, DSC (Destination-Source Correlation), based on worm behavior in terms of both infection p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cozilet: transparent encapsulation to prevent abuse of trusted applets

    Publication Year: 2004, Page(s):146 - 155
    Cited by:  Papers (1)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (208 KB) | HTML iconHTML

    We have developed a mechanism which prevents abuse of trusted Java applets, such as digitally signed applets. A signed applet is usually permitted by a user to perform certain functions. However, an attacker may improperly recompose the signed applet to include malicious components and harm the user by abusing such functions of a signed applet. In this paper, we call this a malicious recomposition... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extracting attack manifestations to determine log data requirements for intrusion detection

    Publication Year: 2004, Page(s):158 - 167
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (176 KB) | HTML iconHTML

    Log data adapted for intrusion detection is a little explored research issue despite its importance for successful and efficient detection of attacks and intrusions. This paper presents a starting point in the search for suitable log data by providing a framework for determining exactly which log data that can reveal a specific attack, i.e. the attack manifestations. An attack manifestation consis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.