Improving host-based computer security using secure active monitoring and memory analysis

Payne, Bryan D.

03 June 2010

Thirty years ago, research in designing operating systems to defeat malicious software was very popular. The primary technique was to design and implement a small security kernel that could provide security assurances to the rest of the system. However, as operating systems grew in size throughout the 1980's and 1990's, research into security kernels slowly waned. From a security perspective, the story was bleak. Providing security to one of these large operating systems typically required running software within that operating system. This weak security foundation made it relatively easy for attackers to subvert the entire system without detection. The research presented in this thesis aims to reimagine how we design and deploy computer systems. We show that through careful use of virtualization technology, one can effectively isolate the security critical components in a system from malicious software. Furthermore, we can control this isolation to allow the security software a complete view to monitor the running system. This view includes all of the necessary information for implementing useful security applications including the system memory, storage, hardware events, and network traffic. In addition, we show how to perform both passive and active monitoring securely, using this new system architecture. Security applications must be redesigned to work within this new monitoring architecture. The data acquired through our monitoring is typically very low-level and difficult to use directly. In this thesis, we describe work that helps bridge this semantic gap by locating data structures within the memory of a running virtual machine. We also describe work that shows a useful and novel security framework made possible through this new monitoring architecture. This framework correlates human interaction with the system to distinguish legitimate and malicious outgoing network traffic.

Memory analysis

Introspection

Virtualization

Security

Active monitoring

User intent

Computer networks Security measures

Computer security

Practical authentication in large-scale internet applications

Dacosta, Italo

03 July 2012

Due to their massive user base and request load, large-scale Internet applications have mainly focused on goals such as performance and scalability. As a result, many of these applications rely on weaker but more efficient and simpler authentication mechanisms. However, as recent incidents have demonstrated, powerful adversaries are exploiting the weaknesses in such mechanisms. While more robust authentication mechanisms exist, most of them fail to address the scale and security needs of these large-scale systems. In this dissertation we demonstrate that by taking into account the specific requirements and threat model of large-scale Internet applications, we can design authentication protocols for such applications that are not only more robust but also have low impact on performance, scalability and existing infrastructure. In particular, we show that there is no inherent conflict between stronger authentication and other system goals. For this purpose, we have designed, implemented and experimentally evaluated three robust authentication protocols: Proxychain, for SIP-based VoIP authentication; One-Time Cookies (OTC), for Web session authentication; and Direct Validation of SSL/TLS Certificates (DVCert), for server-side SSL/TLS authentication. These protocols not only offer better security guarantees, but they also have low performance overheads and do not require additional infrastructure. In so doing, we provide robust and practical authentication mechanisms that can improve the overall security of large-scale VoIP and Web applications.

Network security

Web security

VoIP security

Session hijacking

Man-in-the-middle attacks

Computer networks Security measures

Computer architecture

Daglig leders stillingsvern : samspill og kollisjon mellom selskapsrett og arbeidsrett /

Ulseth, Terese Smith.

January 2006

Univ., Diss.--Oslo, 2006.

Protection des salariés et sauvetage de l'entreprise : quête d'un équilibre /

Boyer, Aurélie,

January 2006

Univ., Diss.--Aix-Marseille 3, 2006.

Business failures Employees Job security

The regulation of mercenary and private security-related activites under South African law compared to other legislations and conventions /

Neple, Pernille.

January 2008

Thesis (MA)--University of Stellenbosch, 2008. / Bibliography. Also available via the Internet.

Population and resource control measures a conceptual framework for understanding and implementation /

Klosinski, Vance J.

January 2009

Thesis (M.S. in Defense Analysis)--Naval Postgraduate School, December 2009. / Thesis Advisor(s): Simmons, Anna. Second Reader: Lee, Doowan. "December 2009." Description based on title screen as viewed on January 27, 2010. Author(s) subject terms: Population and resource control measures, Population control, Counterinsurgency, COIN, Populationcentric COIN, Social control, Social movement theory. Includes bibliographical references (p. 51-53). Also available in print.

The relationship between criminal and terrorist organizations and human smuggling

Lanzante, Joseph A.

January 2009

Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, December 2009. / Thesis Advisor(s): Morag, Nadav ; Brannan, David. "December 2009." Description based on title screen as viewed on January 27, 2010. Author(s) subject terms: Criminal organizations, Terrorist organizations, Drug trafficking organizations, Human smuggling, Information sharing, Corruption, Terrorism, Irish Republican Army, Asylum, Mexico. Includes bibliographical references (p. 87-98). Also available in print.

The implications of the People's Liberation Army's modernization for the Republic of Korea's security policy

Kim, Sangmin.

January 2009

Thesis (M.A. in Security Studies (Far East, Southeast Asia, the Pacific))--Naval Postgraduate School, December 2009. / Thesis Advisor(s): Miller, Alice. Second Reader: Chakwin, Mark. "December 2009." Description based on title screen as viewed on January 28, 2010. Author(s) subject terms: PLA modernization, ROK-U.S. Relationship, ROK-China Relationship, Direct and Indirect Threat, Socotra Rock dispute, The Northeast Project, Taiwan issue, South China Sea dispute. Includes bibliographical references (p. 77-82). Also available in print.

Key issues in the emerging U.S. debate on the Comprehensive Test Ban Treaty

Kane, Christian D.

January 2009

Thesis (M.A. in Security Studies(Homeland Security and Defense))--Naval Postgraduate School, December 2009. / Thesis Advisor(s): Yost, David S. ; Wirtz, James J. "December 2009." Description based on title screen as viewed on January 27, 2010. Author(s) subject terms: Comprehensive Test Ban Treaty, nuclear weapons. Includes bibliographical references (p. 53-58). Also available in print.

Diffusion of DNA testing in the immigration process

Sahli, Evelyn.

January 2009

Thesis (Master of Arts in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, December 2009. / Thesis Advisor(s): Bergin, Richard ; Rollins, John. "December 2009." Description based on title screen as viewed on February 1, 2010. Author(s) subject terms: Immigration, homeland security, transparency, fraud, smuggling, trafficking, crime, terrorism, DNA, technology, standards, interoperability, collaboration. Includes bibliographical references (p. 107-114). Also available in print.