Security Vulnerabilities: From Analysis to Detection and Masking Techniques

Chen, S.; Xu, Jun; Kalbarczyk, Zbigniew; Iyer, K. B. Priya

doi:10.1109/jproc.2005.862473

Cited by 16 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…What is more, the above re-searches did not consider source codes and hence did not provide enough information for mitigation strategies. Chen et al [2] explored code-level modeling. They applied data-driven finite state machine to analyze vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

“…The basic elevated penetration attack model is used to describe every step of attack pattern. Consequently, we can acquire FSM model of attack patterns by combining every basic FSM [2]. In this section, our models describe escape process conceptually with condition and action represented by Datalog based language in FSM.…”

Section: Datalog-based Formal Languagementioning

confidence: 99%

“…This paper innovatively presents a basic VM escape attack model and four evolutional attack models, which are generalized based on an exhaustive research of National Vulnerability Database (NVD). Code-level finite state machine (FSM) paradigm [2] is used to model the attack patterns. Our contributions are summarized as follows: We extract elevated privilege models of different virtualization methods.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Elevated Penetration Attack Models of Virtual Machine Escape Based on FSM

Fan¹,

Huang²

2021

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

Virtual machine escape is one of the most serious vulnerabilities happening if the isolation between the hosts and between the VMs is compromised, which presents new security challenges that the security concern is the major factor effecting virtualization technology widely adopted in IT industry. In VM escape, the program running in a virtual machine is able to completely bypass the hypervisor layer, and get access to the host machine. The traditional research method is analyzing a vulnerability separately, but that consumes too much time and not constructs the attack model. So we innovatively design VM escape elevated penetration attack models based on finite state machine, which could be used to identify potential vulnerabilities in design, implementation and testing phases. In this paper, firstly, we extract elevated privilege models of different virtualization methods, studying that VMCS pointer instruction state indicates system state. Secondly, we define a formal language Datalog to represent pre-and post-conditions of the exploits of application vulnerabilities and infer a basic elevated penetration attack model. Thirdly, through the analysis of vulnerable source code and vulnerability reports from NVD, we shed light on four attack models to cover the most VM escape attacks. Finally, we evaluate the presented approach by applying code-level finite state machine models with formal language to specific vulnerabilities, together with the statistical results of different attack models.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Datalog-based Formal Languagementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Elevated Penetration Attack Models of Virtual Machine Escape Based on FSM

Fan¹,

Huang²

2021

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

show abstract

“…Address Space Layout Randomization (ASLR) negates characteristics, mod:radd, mod:fptr, mod:cvar, and cptr by randomizing the locations at which those variables are stored [37], [38], [39], [40]. ASLR also has been applied to rearrange code, which negates jmp:stack and jmp:heap.…”

Section: Other Defensesmentioning

confidence: 99%

A Taxonomy of Buffer Overflow Characteristics

Bishop

Engle

Howard

et al. 2012

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array. The loading continues past the array boundary, causing variables and state information located adjacent to the array to change. As the process is not programmed to check for these additional changes, the process acts incorrectly. The incorrect action often places the system in a nonsecure state. This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist. We analyze several software and hardware countermeasures to validate the approach. We then discuss alternate approaches to ameliorating this vulnerability.

show abstract

“…In this model, audit records, network packets, or any other observable service activities are utilized for detecting abnormalities. Vulnerability assessments (VAs) [12][13][14] involve discovering system vulnerability before an attack takes place. Generally, system vulnerabilities can be classifi ed into the following categories: vendor-supplied software, administration, and user activity [15].…”

Section: Introductionmentioning

confidence: 99%

Security management of mutually trusted domains through cooperation of defensive technologies

Kao

Shiue

2008

Int J Network Mgmt

View full text Add to dashboard Cite

A number of defensive technologies have been proposed for the prevention of security threats. However, these defensive technologies are implemented independently without cooperation among various network domains. In this paper, different administrative networks are leagued to form a federative network environment called a trusted domain. From the perspective of a network manager, there is a need to integrate diverse technologies into an effective defensive system among mutually trusted domains. An imperative task for security management is to put in place a shared defensive mechanism, or protective shield, for multiple domains. A cooperative approach to provide such a shared defensive system is presented with integration of both intra-domain and inter-domain defensive mechanisms. The simulation results show that, through sharing the defensive information, the firewall system can successfully detect and filter the repeated intrusions. Copyright (C) 2008 John Wiley & Sons, Ltd

show abstract

Security Vulnerabilities: From Analysis to Detection and Masking Techniques

Cited by 16 publications

References 16 publications

Elevated Penetration Attack Models of Virtual Machine Escape Based on FSM

Elevated Penetration Attack Models of Virtual Machine Escape Based on FSM

A Taxonomy of Buffer Overflow Characteristics

Security management of mutually trusted domains through cooperation of defensive technologies

Contact Info

Product

Resources

About