Title :
Execution monitoring of security-critical programs in distributed systems: a specification-based approach
Author :
Ko, Calvin ; Ruschitzka, Manfred ; Levitt, Karl
Author_Institution :
Trusted Inf. Syst. Inc., Mountain View, CA, USA
Abstract :
We describe a specification-based approach to detect exploitations of vulnerabilities in security-critical programs. The approach utilizes security specifications that describe the intended behavior of programs and scans audit trails for operations that are in violation of the specifications. We developed a formal framework for specifying the security-relevant behavior of programs, on which we based the design and implementation of a real-time intrusion detection system for a distributed system. Also, we wrote security specifications for 15 Unix setuid root programs. Our system detects attacks caused by monitored programs, including security violations caused by improper synchronization in distributed programs. Our approach encompasses attacks that exploit previously unknown vulnerabilities in security-critical programs
Keywords :
Unix; distributed processing; formal specification; program diagnostics; real-time systems; security of data; synchronisation; system monitoring; Unix setuid root programs; audit trails; distributed systems; formal framework; program vulnerabilities; real-time intrusion detection system; security specifications; security violations; security-critical program execution monitoring; specification-based approach; synchronization; system attack detection; Computer networks; Computer science; Distributed computing; Information security; Information systems; Intrusion detection; Monitoring; Real time systems; Specification languages; Testing;
Conference_Titel :
Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7828-3
DOI :
10.1109/SECPRI.1997.601332
