TY - GEN
T1 - Integrity walls
T2 - 7th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2012
AU - Vijayakumar, Hayawardh
AU - Jakka, Guruprasad
AU - Rueda, Sandra
AU - Schiffman, Joshua
AU - Jaeger, Trent
PY - 2012
Y1 - 2012
N2 - Protecting host system integrity in the face of determined adversaries remains a major problem. Despite advances in program development and access control, attackers continue to compromise systems forcing security practitioners to regularly react to such breaches. While security practitioners may eventually learn which entry points in programs must be defended over a software's lifetime, new software and configuration options are frequently introduced, opening additional vulnerabilities to adversaries. The application developers' problem is to identify the program entry points accessible to adversaries and provide necessary defenses at these entry points before the adversaries use these to compromise the program. Unfortunately, this is a race that developers often lose. While some program vulnerable entry points are well-known (mostly network), the complexity of host systems makes it difficult to prevent local exploits should attackers gain control of any unprivileged processing. The question we explore in this paper is whether the program entry points accessible to adversaries can be found proactively, so defenses at these entry points can also be developed proactively.
AB - Protecting host system integrity in the face of determined adversaries remains a major problem. Despite advances in program development and access control, attackers continue to compromise systems forcing security practitioners to regularly react to such breaches. While security practitioners may eventually learn which entry points in programs must be defended over a software's lifetime, new software and configuration options are frequently introduced, opening additional vulnerabilities to adversaries. The application developers' problem is to identify the program entry points accessible to adversaries and provide necessary defenses at these entry points before the adversaries use these to compromise the program. Unfortunately, this is a race that developers often lose. While some program vulnerable entry points are well-known (mostly network), the complexity of host systems makes it difficult to prevent local exploits should attackers gain control of any unprivileged processing. The question we explore in this paper is whether the program entry points accessible to adversaries can be found proactively, so defenses at these entry points can also be developed proactively.
UR - http://www.scopus.com/inward/record.url?scp=84871971635&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84871971635&partnerID=8YFLogxK
U2 - 10.1145/2414456.2414500
DO - 10.1145/2414456.2414500
M3 - Conference contribution
AN - SCOPUS:84871971635
SN - 9781450313032
T3 - ASIACCS 2012 - 7th ACM Symposium on Information, Computer and Communications Security
SP - 75
EP - 76
BT - ASIACCS 2012 - 7th ACM Symposium on Information, Computer and Communications Security
Y2 - 2 May 2012 through 4 May 2012
ER -