21st Annual Computer Security Applications Conference (ACSAC'05)

5-9 Dec. 2005

Filter Results

Displaying Results 1 - 25 of 63
  • Proceedings. 21st Annual Computer Security Applications Conference

    Publication Year: 2005, Page(s): c1
    Request permission for reuse | PDF file iconPDF (37 KB)
    Freely Available from IEEE
  • 21st Annual Computer Security Applications Conference - Title Page

    Publication Year: 2005, Page(s):i - iii
    Request permission for reuse | PDF file iconPDF (30 KB)
    Freely Available from IEEE
  • 21st Annual Computer Security Applications Conference - Copyright

    Publication Year: 2005, Page(s): iv
    Request permission for reuse | PDF file iconPDF (43 KB)
    Freely Available from IEEE
  • 21st Annual Computer Security Applications Conference - Table of contents

    Publication Year: 2005, Page(s):v - xii
    Request permission for reuse | PDF file iconPDF (62 KB)
    Freely Available from IEEE
  • Message from Conference Chair

    Publication Year: 2005, Page(s): xiii
    Request permission for reuse | PDF file iconPDF (23 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference Committee

    Publication Year: 2005, Page(s): xiv
    Request permission for reuse | PDF file iconPDF (229 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2005, Page(s): xviii
    Request permission for reuse | PDF file iconPDF (29 KB)
    Freely Available from IEEE
  • Tutorial Committee

    Publication Year: 2005, Page(s): xix
    Request permission for reuse | PDF file iconPDF (27 KB)
    Freely Available from IEEE
  • list-reviewer

    Publication Year: 2005, Page(s): xx
    Request permission for reuse | PDF file iconPDF (40 KB)
    Freely Available from IEEE
  • Speaker biographies

    Publication Year: 2005, Page(s): xxiv
    Request permission for reuse | PDF file iconPDF (67 KB) | HTML iconHTML
    Freely Available from IEEE
  • We need assurance! [assurance of computing quality, reliability, and safety]

    Publication Year: 2005, Page(s):7 pp. - 10
    Cited by:  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (288 KB) | HTML iconHTML

    When will we be secure? Nobody knows for sure - but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers' stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today's commercial security products and services. The author discusses paths... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Model checking an entire Linux distribution for security violations

    Publication Year: 2005, Page(s):10 pp. - 22
    Cited by:  Papers (10)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (165 KB) | HTML iconHTML

    Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we re... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Strengthening software self-checksumming via self-modifying code

    Publication Year: 2005, Page(s):10 pp. - 32
    Cited by:  Papers (20)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (205 KB) | HTML iconHTML

    Recent research has proposed self-checksumming as a method by which a program can detect any possibly malicious modification to its code. Wurster et al. developed an attack against such programs that renders code modifications undetectable to any self-checksumming routine. The attack replicated pages of program text and altered values in hardware data structures so that data reads and instruction ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Countering trusting trust through diverse double-compiling

    Publication Year: 2005, Page(s):13 pp. - 48
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (268 KB) | HTML iconHTML

    An air force evaluation of Multics, and Ken Thompson's famous Turing award lecture "reflections on trusting trust, " showed that compilers can be subverted to insert malicious Trojan horses into critical software, including themselves. If this attack goes undetected, even complete analysis of a system's source code can not find the malicious code that is running, and methods for detecting this par... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A framework for detecting network-based code injection attacks targeting Windows and UNIX

    Publication Year: 2005, Page(s):10 pp. - 58
    Cited by:  Papers (7)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (210 KB) | HTML iconHTML

    Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a framework for detecting new or previously unse... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Exploiting independent state for network intrusion detection

    Publication Year: 2005, Page(s):13 pp. - 71
    Cited by:  Papers (6)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1136 KB) | HTML iconHTML

    Network intrusion detection systems (NIDSs) critically rely on processing a great deal of state. Often much of this state resides solely in the volatile processor memory accessible to a single user-level process on a single machine. In this work, we highlight the power of independent state, i.e., internal fine-grained state that can be propagated from one instance of a NIDS to others running eithe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A host-based approach to network attack chaining analysis

    Publication Year: 2005, Page(s):10 pp. - 84
    Cited by:  Papers (45)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (307 KB) | HTML iconHTML

    The typical means by which an attacker breaks into a network is through a chain of exploits, where each exploit in the chain lays the groundwork for subsequent exploits. Such a chain is called an attack path, and the set of all possible attack paths form an attack graph. Researchers have proposed a variety of methods to generate attack graphs. In this paper, we provide a novel alternative approach... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Nitpicker's guide to a minimal-complexity secure GUI

    Publication Year: 2005, Page(s):85 - 94
    Cited by:  Papers (13)  |  Patents (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (735 KB) | HTML iconHTML

    Malware such as Trojan horses and spyware remain to be persistent security threats that exploit the overly complex graphical user interfaces of today's commodity operating systems. In this paper, we present the design and implementation of Nitpicker - an extremely minimized secure graphical user interface that addresses these problems while retaining compatibility to legacy operating systems. We d... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A user-level framework for auditing and monitoring

    Publication Year: 2005, Page(s):11 pp. - 105
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (241 KB) | HTML iconHTML

    Logging and auditing is an important system facility for monitoring correct system operation and for detecting potential security problems. We present an architecture for implementing user-level auditing monitors which: (i) does not require superuser privileges; (ii) makes it simple to create user defined monitors which are transparent; and (iii) provides security guarantees such as mandatory and ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • TARP: ticket-based address resolution protocol

    Publication Year: 2005, Page(s):9 pp. - 116
    Cited by:  Papers (18)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (185 KB) | HTML iconHTML

    IP networks fundamentally rely on the address resolution protocol (ARP) for proper operation. Unfortunately, vulnerabilities in the ARP protocol enable a raft of IP-based impersonation, man-in-the-middle, or DoS attacks. Proposed countermeasures to these vulnerabilities have yet to simultaneously address backward compatibility and cost requirements. This paper introduces the ticket-based address r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verify results of network intrusion alerts using lightweight protocol analysis

    Publication Year: 2005, Page(s):10 pp. - 126
    Cited by:  Papers (12)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (171 KB) | HTML iconHTML

    We propose a method to verify the result of attacks detected by signature-based network intrusion detection systems using lightweight protocol analysis. The observation is that network protocols often have short meaningful status codes saved at the beginning of server responses upon client requests. A successful intrusion that alters the behavior of a network application server often results in an... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Replay attack in TCG specification and solution

    Publication Year: 2005, Page(s):11 pp. - 137
    Cited by:  Papers (8)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (376 KB) | HTML iconHTML

    We prove the existence of a flaw which we individuated in the design of the object-independent authorization protocol (OIAP), which represents one of the building blocks of the trusted platform module (TPM), the core of the trusted computing platforms (TPs) as devised by the trusted computing group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protoco... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Code security analysis of a biometric authentication system using automated theorem provers

    Publication Year: 2005, Page(s):10 pp. - 149
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (900 KB) | HTML iconHTML

    Understanding the security goals provided by cryptographic protocol implementations is known to be difficult, since security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the context of cryptographic interactions. A lot of research has been devoted to developing formal techniques to analyze abstract specifications of cryptographic... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated and safe vulnerability assessment

    Publication Year: 2005, Page(s):10 pp. - 159
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (212 KB) | HTML iconHTML

    As the number of system vulnerabilities multiplies in recent years, vulnerability assessment has emerged as a powerful system security administration tool that can identify vulnerabilities in existing systems before they are exploited. Although there are many commercial vulnerability assessment tools in the market, none of them can formally guarantee that the assessment process never compromises t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Understanding complex network attack graphs through clustered adjacency matrices

    Publication Year: 2005, Page(s):10 pp. - 169
    Cited by:  Papers (41)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1093 KB) | HTML iconHTML

    We apply adjacency matrix clustering to network attack graphs for attack correlation, prediction, and hypothesizing. We self-multiply the clustered adjacency matrices to show attacker reachability across the network for a given number of attack steps, culminating in transitive closure for attack prediction over all possible number of steps. This reachability analysis provides a concise summary of ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.