Using dynamic information flow analysis to detect attacks against applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Using dynamic information flow analysis to detect attacks against applications

Full text

Pdf (243 KB)

Source

ACM SIGSOFT Software Engineering Notes archive
Volume 30 , Issue 4 (July 2005) table of contents

SESSION: Software Engineering for Secure Systems (SESS) --- Building Trustworthy Applications table of contents

Pages: 1 - 7

Year of Publication: 2005

ISSN:0163-5948

Also published in ...

Authors

Wes Masri	American University of Beirut, Beirut, Lebanon
Andy Podgurski	Case Western Reserve University, Cleveland, OH

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 21, Downloads (12 Months): 110, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1082983.1083216 What is a DOI?

ABSTRACT

This paper presents a new approach to using dynamic information flow analysis to detect attacks against application software. The approach can be used to reveal and, under some conditions, to prevent attacks that violate a specified information flow policy or exhibit a known information flow signature. When used in conjunction with automatic cluster analysis, the approach can also reveal novel attacks that exhibit unusual patterns of information flows. A set of prototype tools implementing the approach have been developed for Java byte code programs. Case studies in which this approach was applied to several subject programs are described.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Brown, J. and Knight, T. A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow. Project Aries TM-015 (November 2001).
	2	Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976 [doi>10.1145/360051.360056]
	3	Dorothy E. Denning , Peter J. Denning, Certification of programs for secure information flow, Communications of the ACM, v.20 n.7, p.504-513, July 1977 [doi>10.1145/359636.359712]
	4	Dorothy Elizabeth Robling Denning, Secure information flow in computer systems., 1975
	5	Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987 [doi>10.1109/TSE.1987.232894]
	6	William Dickinson , David Leon , Andy Podgurski, Finding failures by cluster analysis of execution profiles, Proceedings of the 23rd International Conference on Software Engineering, p.339-348, May 12-19, 2001, Toronto, Ontario, Canada
	7	William Dickinson , David Leon , Andy Podgurski, Pursuing failure: the distribution of program failures in a profile space, Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering, September 10-14, 2001, Vienna, Austria
	8	Henry Hanping Feng , Oleg M. Kolesnikov , Prahlad Fogla , Wenke Lee , Weibo Gong, Anomaly Detection Using Call Stack Information, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.62, May 11-14, 2003
	9	Fenton, J. S. Memoryless Subsystems. The Computer Journal 17, 2 (1974), 143--147.
	10	Jeanne Ferrante , Karl J. Ottenstein , Joe D. Warren, The program dependence graph and its use in optimization, ACM Transactions on Programming Languages and Systems (TOPLAS), v.9 n.3, p.319-349, July 1987 [doi>10.1145/24039.24041]
	11	Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji , Thomas A. Longstaff, A Sense of Self for Unix Processes, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.120, May 06-08, 1996
	12	Anup K. Ghosh , Aaron Schwartzbard , Michael Schatz, Learning Program Behavior Profiles for Intrusion Detection, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, p.51-62, April 09-12, 1999
	13	JConsole, http://javaconsole. sourceforge.net. IBM 2001.
	14	Jones, A. and Lipton, R. The Enforcement of Security Policies for Computation. Journal of Computer and Systems Sciences (1978).
	15	Butler W. Lampson, A note on the confinement problem, Communications of the ACM, v.16 n.10, p.613-615, Oct. 1973 [doi>10.1145/362375.362389]
	16	David Leon , Wes Masri , Andy Podgurski, An empirical evaluation of test case filtering techniques based on exercising complex information flows, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA [doi>10.1145/1062455.1062531]
	17	David Leon , Andy Podgurski , Lee J. White, Multivariate visualization in observation-based testing, Proceedings of the 22nd international conference on Software engineering, p.116-125, June 04-11, 2000, Limerick, Ireland [doi>10.1145/337180.337195]
	18	Liepins G. and Vaccaro H. S., Anomaly detection: purpose and framework. 12th National Computer Security Conference (Baltimore, 1989), 495--504.
	19	Wes Masri , Andy Podgurski , David Leon, Detecting and Debugging Insecure Information Flows, Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE'04), p.198-209, November 02-05, 2004 [doi>10.1109/ISSRE.2004.17]
	20	Wassim A. Masri , Andy Podgurski, Dynamic information flow analysis, slicing and profiling, 2005
	21	Open Source Vulnerability Database (OSVDB): www.osvdb.org.
	22	The PERL Directory, www.perl.org.
	23	A. Podgurski , L. A. Clarke, A Formal Model of Program Dependences and its Implications for Software Testing, Debugging, and Maintenance, IEEE Transactions on Software Engineering, v.16 n.9, p.965-979, September 1990 [doi>10.1109/32.58784 ]
	24	H. Andy Podgurski , Lori A. Clarke , Arnold L. Rosenberg, The significance of program dependences for software testing, debugging, and maintenance, 1989
	25	Porras P. A. and Neumann P. G., EMERALD: event monitoring enabling responses to anomalous live disturbances. 20th NIST/NCSC National Information Systems Security Conference (Baltimore, October 1997), 353--365.
	26	Sabelfeld A. and Myers A. C. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, 21(1), Jan. 2003.
	27	Saurabh Sinha , Mary Jean Harrold , Gregg Rothermel, Interprocedural control dependence, ACM Transactions on Software Engineering and Methodology (TOSEM), v.10 n.2, p.209-254, April 2001 [doi>10.1145/367008.367022]
	28	Tan K., Killourhy K., and Maxion R. Undermining an anomaly-based intrusion detection system using common exploits. 5th International Symposium on Recent Advances in Intrusion Detection (Zurich, October 2002).
	29	The Byte Code Engineering Library (BCEL), The Apache Jakarta Project, http://jakarta.apache.org/bcel. Apache Software Foundation 2003.
	30	Tomcat Java Application Server: http://jakarta.apache.org/tomcat.
	31	David Wagner , Paolo Soto, Mimicry attacks on host-based intrusion detection systems, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA [doi>10.1145/586110.586145]