Scheduled System Maintenance
On Friday, October 20, IEEE Xplore will be unavailable from 9:00 PM-midnight ET. We apologize for the inconvenience.
Notice: There is currently an issue with the citation download feature. Learn more.

2005 IEEE Symposium on Security and Privacy (S&P'05)

8-11 May 2005

Filter Results

Displaying Results 1 - 24 of 24
  • [Cover]

    Publication Year: 2005, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (821 KB)
    Freely Available from IEEE
  • Proceedings. 2005 IEEE Symposium on Security and Privacy

    Publication Year: 2005
    Request permission for commercial reuse | PDF file iconPDF (76 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2005, Page(s):v - vi
    Request permission for commercial reuse | PDF file iconPDF (38 KB)
    Freely Available from IEEE
  • Message from the Program Chairs

    Publication Year: 2005, Page(s): vii
    Request permission for commercial reuse | PDF file iconPDF (29 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Organizers

    Publication Year: 2005, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (16 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2005, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (18 KB)
    Freely Available from IEEE
  • Language-based generation and evaluation of NIDS signatures

    Publication Year: 2005, Page(s):3 - 17
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (296 KB) | HTML iconHTML

    We present a methodology to automatically construct robust signatures whose accuracy is based on formal reasoning so it can be systematically evaluated. Our methodology is based on two formal languages that describe different properties of a given attack. The first language, called a session signature, describes temporal relations between the attack events. The second, called an attack invariant, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient intrusion detection using automaton inlining

    Publication Year: 2005, Page(s):18 - 31
    Cited by:  Papers (12)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (240 KB) | HTML iconHTML

    Host-based intrusion detection systems attempt to identify attacks by discovering program behaviors that deviate from expected patterns. While the idea of performing behavior validation on-the-fly and terminating errant tasks as soon as a violation is detected is appealing, existing systems exhibit serious shortcomings in terms of accuracy and/or efficiency. To gain acceptance, a number of technic... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Semantics-aware malware detection

    Publication Year: 2005, Page(s):32 - 46
    Cited by:  Papers (152)  |  Patents (31)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (288 KB) | HTML iconHTML

    A malware detector is a system that attempts to determine whether a program has malicious intent. In order to evade detection, malware writers (hackers) frequently use obfuscation to morph malware. Malware detectors that use a pattern-matching approach (such as commercial virus scanners) are susceptible to obfuscations used by hackers. The fundamental deficiency in the pattern-matching approach to... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed detection of node replication attacks in sensor networks

    Publication Year: 2005, Page(s):49 - 63
    Cited by:  Papers (190)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (696 KB) | HTML iconHTML

    The low-cost, off-the-shelf hardware components in unshielded sensor-network nodes leave them vulnerable to compromise. With little effort, an adversary may capture nodes, analyze and replicate them, and surreptitiously insert these replicas at strategic locations within the network. Such attacks may have severe consequences; they may allow the adversary to corrupt network data or even disconnect ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Detection of denial-of-message attacks on sensor network broadcasts

    Publication Year: 2005, Page(s):64 - 78
    Cited by:  Papers (54)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (296 KB) | HTML iconHTML

    So far sensor network broadcast protocols assume a trustworthy environment. However in safety and mission-critical sensor networks this assumption may not be valid and some sensor nodes might be adversarial. In these environments, malicious sensor nodes can deprive other nodes from receiving a broadcast message. We call this attack a denial-of-message attack (DoM). In this paper we model and analy... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Distributed proving in access-control systems

    Publication Year: 2005, Page(s):81 - 95
    Cited by:  Papers (16)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (408 KB) | HTML iconHTML

    We present a distributed algorithm for assembling a proof that a request satisfies an access-control policy expressed in a formal logic, in the tradition of Lampson et al. (1992). We show analytically that our distributed proof-generation algorithm succeeds in assembling a proof whenever a centralized prover utilizing remote certificate retrieval would do so. In addition, we show empirically that ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On safety in discretionary access control

    Publication Year: 2005, Page(s):96 - 109
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (296 KB) | HTML iconHTML

    An apparently prevailing myth is that safety is undecidable in discretionary access control (DAC); therefore, one needs to invent new DAC schemes in which safety analysis is decidable. In this paper we dispel this myth. We argue that DAC should not be equated with the Harrison-Ruzzo-Ullman (1976) access matrix scheme, in which safety is undecidable. We present an efficient (running time cubic in i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Seeing-is-believing: using camera phones for human-verifiable authentication

    Publication Year: 2005, Page(s):110 - 124
    Cited by:  Papers (116)  |  Patents (36)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (368 KB) | HTML iconHTML

    Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze seeing-is-believing, a system that utilizes 2D barcodes and camera-telephones to implement a visual channel for authentication and demonstrative identification of devices. We apply this visual chan... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A generic attack on checksumming-based software tamper resistance

    Publication Year: 2005, Page(s):127 - 138
    Cited by:  Papers (23)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (184 KB) | HTML iconHTML

    Self-checking software tamper resistance mechanisms employing checksums, including advanced systems as recently proposed by Chang and Atallah (2002) and Horne et al. (2002) have been promoted as an alternative to other software integrity verification techniques. Appealing aspects include the promise of being able to verify the integrity of software independent of the external support environment, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards constant bandwidth overhead integrity checking of untrusted data

    Publication Year: 2005, Page(s):139 - 153
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (232 KB) | HTML iconHTML

    We present an adaptive tree-log scheme to improve the performance of checking the integrity of arbitrarily large untrusted data, when using only a small fixed-sized trusted state. Currently, hash trees are used to check the data. In many systems that use hash trees, programs perform many data operations before performing a critical operation that exports a result outside of the program's execution... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • BIND: a fine-grained attestation service for secure distributed systems

    Publication Year: 2005, Page(s):154 - 168
    Cited by:  Papers (72)  |  Patents (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB) | HTML iconHTML

    In this paper we propose BIND (binding instructions and data), a fine-grained attestation service for securing distributed systems. Code attestation has recently received considerable attention in trusted computing. However, current code attestation technology is relatively immature. First, due to the great variability in software versions and configurations, verification of the hash is difficult.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Relating symbolic and cryptographic secrecy

    Publication Year: 2005, Page(s):171 - 182
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB) | HTML iconHTML

    We investigate the relation between symbolic and cryptographic secrecy properties for cryptographic protocols. Symbolic secrecy of payload messages or exchanged keys is arguably the most important notion of secrecy shown with automated proof tools. It means that an adversary restricted to symbolic operations on terms can never get the entire considered object into its knowledge set. Cryptographic ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Low-cost traffic analysis of Tor

    Publication Year: 2005, Page(s):183 - 195
    Cited by:  Papers (99)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (384 KB) | HTML iconHTML

    Tor is the second generation onion router supporting the anonymous transport of TCP streams over the Internet. Its low latency makes it very suitable for common tasks, such as Web browsing, but insecure against traffic-analysis attacks by a global passive adversary. We present new traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are be... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Leap-frog packet linking and diverse key distributions for improved integrity in network broadcasts

    Publication Year: 2005, Page(s):196 - 207
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (712 KB) | HTML iconHTML

    We present two new approaches to improving the integrity of network broadcasts and multicasts with low storage and computation overhead. The first approach is a leapfrog linking protocol for securing the integrity of packets as they traverse a network during a broadcast, such as in the setup phase for link-state routing. This technique allows each router to gain confidence about the integrity of a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Remote physical device fingerprinting

    Publication Year: 2005, Page(s):211 - 225
    Cited by:  Papers (47)  |  Patents (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (10190 KB) | HTML iconHTML

    We introduce the area of remote physical device fingerprinting, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device's known cooperation. We accomplish this goal by exploiting small, microscopic deviations in device hardware: clock skews. Our techniques do not require any modification to the fingerprinted devices... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Polygraph: automatically generating signatures for polymorphic worms

    Publication Year: 2005, Page(s):226 - 241
    Cited by:  Papers (173)  |  Patents (85)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (256 KB) | HTML iconHTML

    It is widely believed that content-signature-based intrusion detection systems (IDS) are easily evaded by polymorphic worms, which vary their payload on every infection attempt. In this paper, we present Polygraph, a signature generation system that successfully produces signatures that match polymorphic worms. Polygraph generates signatures that consist of multiple disjoint content substrings. In... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Worm origin identification using random moonwalks

    Publication Year: 2005, Page(s):242 - 256
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (512 KB) | HTML iconHTML

    We propose a novel technique that can determine both the host responsible for originating a propagating worm attack and the set of attack flows that make up the initial stages of the attack tree via which the worm infected successive generations of victims. We argue that knowledge of both is important for combating worms: knowledge of the origin supports law enforcement, and knowledge of the causa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2005, Page(s): 257
    Request permission for commercial reuse | PDF file iconPDF (16 KB)
    Freely Available from IEEE