Klaus Kursawe
ABSTRACT
Recent investigations have found a massively increasing professionalisation and organization of attacks executed on consumer computing systems. Simultaneously, the systems we are trying to defend are getting more and more complex and networked, while promising security technologies---such as trusted boot and strong process isolation---appear to have troubles finding their way into mainstream devices.
This leads us to the conclusion that we may be forced to accept that the security war is lost for now, and that a considerable portion of all consumer PCs is under control of some organized malicious entity. In this work, we investigate the options left to the defenders in this scenario: Assuming that PC World is under control of a hostile force, how can we (a) survive (i.e., work) in a meaningful way, and (b) destroy the economic value for the attacker without severely damaging our own resources.
- The CAPTCHA project. http://www.captcha.net.Google Scholar
- Hemavathy Alanandam, Pravin Mittal, Avichal Singh, and Chris Fleizach. Cybercriminal activity. http://www.cs.ucsd.edu/~cfleizac/WhiteTeam-CyberCrime.pdf, 2006.Google Scholar
- B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, Salil Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. In Advances in Cryptology---CRYPTO'01, volume 2139 of Lecture Notes in Computer Science, pages 1--18. Springer, 2001. Google ScholarDigital Library
- Bob Blakley. The emperor's old armor. In Proceedings of the 1996 Workshop on New Security Paradigms (NSPW'96), pages 2--16, New York, NY, USA, 1996. ACM. Google ScholarDigital Library
- M. Bond and G. Danezis. A pact with the Devil. In Proceedings of the 2006 Workshop on New Security Paradigms (NSPW'06). ACM Press, 2006. Google ScholarDigital Library
- William Cheswick. Johnny can obfuscate: Beyond mother's maiden name. In First USENIX Workshop on Hot Topics in Security, pages 31--36, 2006. Google ScholarDigital Library
- M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of internet worms. In Proceedings of the Twentieth ACM Symposium on Operating Systems Principles (SOSP'05), pages 133--147. ACM Press, 2005. Google ScholarDigital Library
- Richard Ford and Sarah Gordon. Cent, five cent, ten cent, dollar: hitting botnets where it really hurts. In Proceedings of the 2006 Workshop on New Security Paradigms (NSPW'06), pages 3--10, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- Peter Gutmann. The commercial malware industry. http://www.cs.auckland.ac.nz/~pgut001/pubs/malware_biz.pdf.Google Scholar
- R. Hu and A. Mok. Detecting unknown massive mailing viruses using proactive methods. In Recent Advances in Intrusion Detection: 7th International Symposium, RAID 2004, volume 3224 of Lecture Notes in Computer Science, pages 82--101. Springer, 2004.Google ScholarCross Ref
- Collin Jackson, Dan Boneh, and Jon Mitchel. Transaction generators: Root kits for web. In Second USENIX Workshop on Hot Topics in Security, 2007. Google ScholarDigital Library
- Don Jackson. Gozi trojan. http://www.secureworks.com/research/threats/gozi/, 2007.Google Scholar
- Carl Landwehr. Secure grid computing: An empirical view. http://www.laas.fr/IFIPWG/Workshops&Meetings/48/WS1/10-Landwehr.pdf, 2005.Google Scholar
- M. Locasto, S. Sidiroglou, and A. D. Keromytis:. Software self-healing using collaborative application communities. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2006), 2006.Google Scholar
- M. Locasto, A. Stavrou, and A. Keromytis. Dark application communities. In Proceedings of the 2006 Workshop on New Security Paradigms (NSPW'06). ACM Press, 2006. Google ScholarDigital Library
- McAfee. Virtual criminology report. http://www.mcafee.com/us/local_content/white_papers/threat_center/wp virtual_criminology_report_2007.pdf, 2006.Google Scholar
- Bill McCarty. Automated identity theft. IEEE Security and Privacy, 01(5):89--92, 2003. Google ScholarDigital Library
- R. Nelson. Unhelpfulness as a security policy or it's about time. In Proceedings of the 1995 Workshop on New Security Paradigms (NSPW'95), pages 29--32. IEEE Press, 1995. Google ScholarDigital Library
- C. Raiciu, M. Handley, and D. Rosenblum. Exploit hijacking: Side effects of smart defenses. In Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense (LSAD '06), pages 123--130, 2006. Google ScholarDigital Library
- Stefan Savage. Unwanted traffic: Roots of the problem. http://www.iab.org/about/workshops/unwantedtraffic/Session2_Stefan.pdf, 2006.Google Scholar
- Symantec Internet security threat report, trends for July-December 2006. http://www.symantec.com.Google Scholar
- J. Tucek, S. Lu, C. Huang, S. Xanthos, Y. Zhou, J. Newsome, D. Brumley, and D. Song. Sweeper: A lightweight end-to-end system for defending against fast worms. In Proceedings of the 2007 European Conference on Computer Systems (EuroSys'07), pages 115--128. ACM Press, 2007. Google ScholarDigital Library
- M. Williamson. Throttling viruses: Restricting propagation to defeat malicious mobile code. In 18th Annual Computer Security Applications Conference (ACSAC 2002), pages 61--68. IEEE Computer Society, 2002. Google ScholarDigital Library
Index Terms
- Computing under occupation
Recommendations
DDoS attacks in cloud computing
Security issues related to the cloud computing are relevant to various stakeholders for an informed cloud adoption decision. Apart from data breaches, the cyber security research community is revisiting the attack space for cloud-specific solutions as ...
Insider Attacks in Cloud Computing
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsThe computer-security industry is familiar with the concept of a Malicious Insider. However, a malicious insider in the cloud might have access to an unprecedented amount of information and on a much greater scale. Given the level of threat posed by ...
Hypothesis Test for Low-rate DDoS Attack Detection in Cloud Computing Environment
AbstractLow-rate Distributed Denial of Service (LDoS) attack is another form of DDoS attack for disrupting the cloud services. It differs from DDoS attack in terms of attack volume. DDoS attacks usually have very high attack volume; however, LDoS have ...
Comments