Article

Secure coprocessor-based intrusion detection

Authors:

Leendert van Doorn,

Reiner SailerAuthors Info & Claims

EW 10: Proceedings of the 10th workshop on ACM SIGOPS European workshop

Pages 239 - 242

https://doi.org/10.1145/1133373.1133423

Published: 01 July 2002 Publication History

Abstract

The goal of an intrusion detection system (IDS) is to recognize attacks such that their exploitation can be prevented. Since computer systems are complex, there are a variety of places where detection is possible. For example, analysis of network traffic may indicate an attack in progress [11], a compromised daemon may be detected by its abnormal behavior [14, 12, 5, 10, 15], and subsequent attacks may be prevented by the detection of backdoors and stepping stones [16, 17].

References

[1]

IBM PCI Cryptographic Coprocessor General Information Manual, May 2002. Available at http://www.ibm.com/security/cryptocards.

[2]

Ptrace2.4. Available at http://packetstormsecurity.org/0203-exploits/ptrace-dark.c.

[3]

Traceroute exploit + story. Available at http://security-archive.merton.ox.ac.uk/bugtraq-200010/0084.html.

[4]

J. M. A. Mishra and W. Arbaugh. The coprocessor as an independent auditor. Available at http://www.missl.cs.umd.edu/komoku/documents/coauditor.ps.

[5]

S. N. Chari and P. Cheng. Bluebox: A policy driven, host-based intrusion detection system. In Proceedings of the 2002 Network and Distributed System Security, February 2002.

[6]

IEEE. IEEE standard test access port and boundary-scan architecture, IEEE std 1149.1b-1994.

[7]

R. P. R. S. L. v. D. S. W. S. J. Dyer, M. Lindemann and S. Weingart. Building the ibm 4758 secure coprocessor. IEEE Computer, 34(10):57--66, 2001.

Digital Library

[8]

S. W. S. J. Dyer, R. Perez and M. Lindemann. Application support architecture for a high-performance, programmable secure coprocessor. In 22nd National Information Systems Security Conference (NISSC), October 1999.

[9]

G. H. Kim and E. H. Spafford. Experiences with tripwire: Using integrity checkers for intrusion detection. In System Administration, Networking and Security Conference III, 1994.

[10]

E. G. M. Bernaschi and L. V. Mancini. Operating system enhancements to prevent the misuse of system calls. In Proceedings of the 7th ACM conference on Computer and communications security, pages 174--183, 2000.

Digital Library

[11]

V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks, 31(23--24):2435--2463, 1999.

Digital Library

[12]

A. S. S. Forrest, S. Hofmeyr and T. Longstaff. A sense of self for unix processes. In Proceedings 1996 IEEE Symposium on Security and Privacy, 1996.

Digital Library

[13]

S. W. S. Smith, R. Perez and V. Austel. Validating a high-performance, programmable secure coprocessor. In 22nd National Information Systems Security Conference (NISSC), October 1999.

[14]

D. Wagner and D. Dean. Intrusion detection via static analysis. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001.

Digital Library

[15]

D. Zamboni. Using internal sensors for computer intrusion detection, 2001. CERIAS Technical Report 2001-42, CERIAS, Purdue University.

[16]

Y. Zhang and V. Paxson. Detecting backdoors. In Proceedings of 9th USENIX Security Symposium, August 2000.

Digital Library

[17]

Y. Zhang and V. Paxson. Detecting stepping stones. In Proceedings of 9th USENIX Security Symposium, August 2000.

Digital Library

Cited By

Johnson JBerg TAnderson BWright B(2022)Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and DefensesEnergies10.3390/en1511393115:11(3931)Online publication date: 26-May-2022
https://doi.org/10.3390/en15113931
Ulz THaas SSteger C(2021)Cyber-Physical System and Internet of Things SecurityResearch Anthology on Combating Denial-of-Service Attacks10.4018/978-1-7998-5348-0.ch018(328-357)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-5348-0.ch018
Morbitzer M(2019)Scanclave: Verifying Application Runtime Integrity in Untrusted Environments2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)10.1109/WETICE.2019.00050(198-203)Online publication date: Jun-2019
https://doi.org/10.1109/WETICE.2019.00050
Show More Cited By

Secure coprocessor-based intrusion detection
1. Security and privacy
  1. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Network intrusion detection

Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. The goal of intrusion detection is to identify unauthorized use, ...
A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
Host-based intrusion detection system for secure human-centric computing

With the advancement of information communication technology, people can access many useful services for human-centric computing. Although this advancement increases work efficiency and provides greater convenience to people, advanced security threats ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

EW 10: Proceedings of the 10th workshop on ACM SIGOPS European workshop

July 2002

258 pages

ISBN:9781450378062

DOI:10.1145/1133373

General Chair:
Gilles Muller,
Program Chair:
Eric Jul

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 37 of 37 submissions, 100%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

58
Total Citations
View Citations
451
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Johnson JBerg TAnderson BWright B(2022)Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and DefensesEnergies10.3390/en1511393115:11(3931)Online publication date: 26-May-2022
https://doi.org/10.3390/en15113931
Ulz THaas SSteger C(2021)Cyber-Physical System and Internet of Things SecurityResearch Anthology on Combating Denial-of-Service Attacks10.4018/978-1-7998-5348-0.ch018(328-357)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-5348-0.ch018
Morbitzer M(2019)Scanclave: Verifying Application Runtime Integrity in Untrusted Environments2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)10.1109/WETICE.2019.00050(198-203)Online publication date: Jun-2019
https://doi.org/10.1109/WETICE.2019.00050
Lee HMoon HHeo IJang DJang JKim KPaek YKang B(2019)KI-Mon ARMIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2017.267971016:2(287-300)Online publication date: 1-Mar-2019
https://dl.acm.org/doi/10.1109/TDSC.2017.2679710
Wan SSun JSun KZhang NLi Q(2019)SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2019.00040(289-301)Online publication date: Jun-2019
https://doi.org/10.1109/DSN.2019.00040
Vaduva JDascalu SFlorea ICulic IRughinis R(2019)Observations over SPROBES Mechanism on the TrustZone Architecture2019 22nd International Conference on Control Systems and Computer Science (CSCS)10.1109/CSCS.2019.00057(317-322)Online publication date: May-2019
https://doi.org/10.1109/CSCS.2019.00057
Sethuraman M(2018)Survey of Unknown Malware Attack FindingIntelligent Systems10.4018/978-1-5225-5643-5.ch099(2227-2243)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-5643-5.ch099
Sethuraman M(2018)Survey of Unknown Malware Attack FindingApplied Computational Intelligence and Soft Computing in Engineering10.4018/978-1-5225-3129-6.ch011(260-276)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-3129-6.ch011
Ulz THaas SSteger C(2018)Cyber-Physical System and Internet of Things SecuritySolutions for Cyber-Physical Systems Ubiquity10.4018/978-1-5225-2845-6.ch010(248-277)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-2845-6.ch010
Chevalier RVillatel MPlaquin DHiet G(2017)Co-processor-based Behavior MonitoringProceedings of the 33rd Annual Computer Security Applications Conference10.1145/3134600.3134622(399-411)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3134600.3134622
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten