Thumbnail
Access Restriction
Open

Author Ko, Calvin ♦ Fink, George ♦ Levitt, Karl
Source CiteSeerX
Content type Text
File Format PDF
Language English
Subject Domain (in DDC) Computer science, information & general works ♦ Data processing & computer science
Subject Keyword Program Policy ♦ Program Policy Specification Language ♦ Ad Hoc Approach ♦ Security-relevant Behavior ♦ Simple Predicate Logic ♦ Audit Trial ♦ Execution Monitoring ♦ Security Compromise ♦ Regular Expression ♦ Misuse Behavior ♦ Intrusion Detection Paradigm ♦ Privileged Program ♦ Intended Behavior ♦ Imperils Security ♦ Present Specification
Description In Proceedings of the 10th Annual Computer Security Applications Conference
We present a method for detecting exploitations of vulnerabilities in privileged programs by monitoring their execution using audit trials, where the monitoring is with respect to specifications of the security-relevant behavior of the programs. Our work is motivated by the intrusion detection paradigm, but is an attempt to avoid ad hoc approaches to codifying misuse behavior. Our approach is based on the observation that although privileged programs can be exploited (due to errors) to cause security compromise in systems because of the privileges accorded to them, the intended behavior of privileged programs is, of course, limited and benign. The key, then is to specify the intended behavior (i.e., the program policy) and to detect any action by privileged program that is outside the intended behavior and that imperils security. We describe a program policy specification language, which is based on simple predicate logic and regular expressions. In addition, we present specifications ...
Educational Role Student ♦ Teacher
Age Range above 22 year
Educational Use Research
Education Level UG and PG ♦ Career/Technical Study
Learning Resource Type Article
Publisher Date 1994-01-01