A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors

R. Chinchani; S. Upadhyaya; K. Kwiat

doi:10.1109/IWIAS.2003.1192456

A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors

R. Chinchani
, S. Upadhyaya
, K. Kwiat

Department of Computer Science and Engineering

University at Buffalo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. We provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.

Original language	English
Title of host publication	Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	25-34
Number of pages	10
ISBN (Electronic)	0769518869, 9780769518862
DOIs	https://doi.org/10.1109/IWIAS.2003.1192456
State	Published - 2003
Event	1st IEEE International Workshop on Information Assurance, IWIA 2003 - Darmstadt, Germany Duration: Mar 24 2003 → …

Publication series

Name	Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003

Conference

Conference	1st IEEE International Workshop on Information Assurance, IWIA 2003
Country/Territory	Germany
City	Darmstadt
Period	03/24/03 → …

Keywords

Availability
Computer displays
Computer network management
Computer science
Fault detection
Fault tolerance
Laboratories
Redundancy
Security
Voting

Access to Document

10.1109/IWIAS.2003.1192456

Cite this

Chinchani, R., Upadhyaya, S., & Kwiat, K. (2003). A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors. In Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003 (pp. 25-34). Article 1192456 (Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IWIAS.2003.1192456

Chinchani, R. ; Upadhyaya, S. ; Kwiat, K. / A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors. Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003. Institute of Electrical and Electronics Engineers Inc., 2003. pp. 25-34 (Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003).

@inproceedings{67bb0dd5017d47dd885808a654b96248,

title = "A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors",

abstract = "Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. We provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.",

keywords = "Availability, Computer displays, Computer network management, Computer science, Fault detection, Fault tolerance, Laboratories, Redundancy, Security, Voting",

author = "R. Chinchani and S. Upadhyaya and K. Kwiat",

note = "Publisher Copyright: {\textcopyright} 2003 IEEE.; 1st IEEE International Workshop on Information Assurance, IWIA 2003 ; Conference date: 24-03-2003",

year = "2003",

doi = "10.1109/IWIAS.2003.1192456",

language = "English",

series = "Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "25--34",

booktitle = "Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003",

address = "United States",

}

Chinchani, R, Upadhyaya, S & Kwiat, K 2003, A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors. in Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003., 1192456, Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003, Institute of Electrical and Electronics Engineers Inc., pp. 25-34, 1st IEEE International Workshop on Information Assurance, IWIA 2003, Darmstadt, Germany, 03/24/03. https://doi.org/10.1109/IWIAS.2003.1192456

A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors. / Chinchani, R.; Upadhyaya, S.; Kwiat, K.
Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003. Institute of Electrical and Electronics Engineers Inc., 2003. p. 25-34 1192456 (Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors

AU - Chinchani, R.

AU - Upadhyaya, S.

AU - Kwiat, K.

PY - 2003

Y1 - 2003

N2 - Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. We provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.

AB - Replication and redundancy techniques rely on the assumption that a majority of components are always safe and voting is used to resolve any ambiguities. This assumption may be unreasonable in the context of attacks and intrusions. An intruder could compromise any number of the available copies of a service resulting in a false sense of security. The kernel based approaches have proven to be quite effective but they cause performance impacts if any code changes are in the critical path. We provide an alternate user space mechanism consisting of process monitors by which such user space daemons can be unambiguously monitored without causing serious performance impacts. A framework that claims to provide such a feature must itself be tamper-resistant to attacks. We theoretically analyze and compare some relevant schemes and show their fallibility. We propose our own framework that is based on some simple principles of graph theory and well-founded concepts in topological fault tolerance, and show that it can not only unambiguously detect any such attacks on the services but is also very hard to subvert. We also present some preliminary results as a proof of concept.

KW - Availability

KW - Computer displays

KW - Computer network management

KW - Computer science

KW - Fault detection

KW - Fault tolerance

KW - Laboratories

KW - Redundancy

KW - Security

KW - Voting

UR - https://www.scopus.com/pages/publications/84942244236

U2 - 10.1109/IWIAS.2003.1192456

DO - 10.1109/IWIAS.2003.1192456

M3 - Conference contribution

T3 - Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003

SP - 25

EP - 34

BT - Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 1st IEEE International Workshop on Information Assurance, IWIA 2003

Y2 - 24 March 2003

ER -

Chinchani R, Upadhyaya S, Kwiat K. A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors. In Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003. Institute of Electrical and Electronics Engineers Inc. 2003. p. 25-34. 1192456. (Proceedings - 1st IEEE International Workshop on Information Assurance, IWIA 2003). doi: 10.1109/IWIAS.2003.1192456

A tamper-resistant framework for unambiguous detection of attacks in user space using process monitors

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this