Authenticated System Calls

Yokohama, Japan June 28-July 01

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DSN.2005.23

2005 International Conference on Depe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mohan Rajagopalan Articles by Matti Hiltunen Articles by Trevor Jim Articles by Richard Schlichting

	ASCII Text	x
	Mohan Rajagopalan, Matti Hiltunen, Trevor Jim, Richard Schlichting, "Authenticated System Calls," Dependable Systems and Networks, International Conference on, pp. 358-367, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005.

	BibTex	x
	@article{ 10.1109/DSN.2005.23, author = {Mohan Rajagopalan and Matti Hiltunen and Trevor Jim and Richard Schlichting}, title = {Authenticated System Calls}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2282-3}, pages = {358-367}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2005.23}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Authenticated System Calls SN - 0-7695-2282-3 SP358 EP367 A1 - Mohan Rajagopalan, A1 - Matti Hiltunen, A1 - Trevor Jim, A1 - Richard Schlichting, PY - 2005 KW - Intrusion tolerance KW - operating systems KW - security policy KW - sandboxing KW - compiler techniques VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Mohan Rajagopalan, University of Arizona

Matti Hiltunen, AT&T Labs-Research

Trevor Jim, AT&T Labs-Research

Richard Schlichting, AT&T Labs-Research

System call monitoring is a technique for detecting and controlling compromised applications by checking at run-time that each system call conforms to a policy that specifies the program?s normal behavior. Here, a new approach to system call monitoring based on authenticated system calls is introduced. An authenticated system call is a system call augmented with extra arguments that specify the policy for that call and a cryptographic message authentication code (MAC) that guarantees the integrity of the policy and the system call arguments. This extra information is used by the kernel to verify the system call. The version of the application in which regular system calls have been replaced by authenticated calls is generated automatically by an installer program that reads the application binary, uses static analysis to generate policies, and then rewrites the binary with the authenticated calls. This paper presents the approach, describes a prototype implementation based on Linux and the PLTO binary rewriting system, and gives experimental results suggesting that the approach is effective in protecting against compromised applications at modest cost.

Index Terms:

Intrusion tolerance, operating systems, security policy, sandboxing, compiler techniques

Citation:

Mohan Rajagopalan, Matti Hiltunen, Trevor Jim, Richard Schlichting, "Authenticated System Calls," dsn, pp.358-367, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.