51 research outputs found
The Design of Efficient Internetwork Authentication for Ubiquitous Wireless Communications
A variety of wireless technologies have been
standardized and commercialized, but no single solution is
considered the best to satisfy all communication needs due
to different coverage and bandwidth limitations. Therefore,
internetworking between heterogeneous wireless networks
is extremely important for ubiquitous and high performance
wireless communications. The security problem is
one of the major challenges in internetworking. To date,
most research on internetwork authentication has focused
on centralized authentication approaches, where the home
network participates in each authentication process. For
high latency between the home and visiting networks, such
approaches tend to be inefficient. In this paper, we describe
chained authentication, which requires collaboration between
adjacent networks without involvement of the home
network. After categorizing chained protocols, we propose
a novel design of chained authentication methods under
3G-WLAN internetworking. The experiments show that
proactive context transfer and ticket forwarding reduce the
3G authentication latency to 36.8% and WLAN EAP-TLS
latency to 23.1% when RTT between visiting and home
networks is 200 ms
A Secure and Reliable Bootstrap Architecture
In a computer system, the integrity of lower layers is treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked, and (2) transitions to higher layers occur only after integrity checks on them are complete. The resulting integrity chain inductively guarantees system integrity. When these conditions are not met, as they typically are not in the bootstrapping (initialization) of a computer system, no integrity guarantees can be made. Yet, these guarantees are increasingly important to diverse applications such as Internet commerce, intrusion detection systems, and active networks. In this paper, we describe the AEGIS architecture for initializing a computer system. It validates integrity at each layer transition in the bootstrap process. AEGIS also includes a recovery process for integrity check failures, and we show how this results in robust systems. We discuss our prototype implementation for the IBM personal computer (PC) architecture, and show that the cost of such system protection is surprisingly small
Design and Implementation of Signed Executables for Linux
We describe the design and implementation of signed
executables for Linux, which provide the following strong
integrity guarantees: the inability to tamper with executables
and the inability to add new unauthorized executables. Unlike
other implementations, ours covers statically and dynamically
linked executables as well as executable scripts. In addition,
we reduced the overhead of signature verification to almost
zero by caching the successful verification results. The
negligible overhead enables signature verification to be used
as a basic building block for other applications of which some
are described in this paper.
Also UMIACS-TR-2001-4
VICI Virtual Machine Introspection for Cognitive Immunity
When systems are under constant attack, there is no time to restore those infected with malware to health manually—repair of infected systems must be fully au-tomated and must occur within milliseconds. After de-tecting kernel-modifying rootkit infections using Virtual Machine Introspection, the VICI Agent applies a collec-tion of novel repair techniques to automatically restore infected kernels to a healthy state. The VICI Agent oper-ates without manual intervention and uses a form of au-tomated reasoning borrowed from robotics to choose its best repair technique based on its assessment of the cur-rent situation, its memory of past engagements, and the potential cost of each technique. Its repairs have proven effective in tests against a collection of common kernel-modifying rootkit techniques. Virtualized systems moni-tored by the VICI Agent experience a decrease in appli-cation performance of roughly 5%. 1
The Price of Safety in an Active Network
Security is a major challenge for "Active Networking," accessible programmability creates numerous opportunities for mischief. The point at which programmability is exposed, e.g., through the loading and execution of code in network elements, must therefore be carefully crafted to ensure security. The SwitchWare active networking research project has studied the architectural implications of various tradeoffs between performance and security. Namespace protection and type safety were achieved with a module loader for active networks, ALIEN, which carefully delineated boundaries for privilege and dynamic updates. ALIEN supports two extensions, the Secure Active Network Environment (SANE), and the Resource Controlled Active Network Environment (RCANE). SANE extends ALIEN's node protection model into a distributed setting, and uses a secure bootstrap to guarantee integrity of the namespace protection system. RCANE provides resource isolation between active network node users, including separate heaps and robust time-division multiplexing of the node. The SANE and RCANE systems show that convincing active network security can be achieved. This paper contributes a measurement-based analysis of the costs of such security with an analysis of each system based on both execution traces and end-to-end behavior
Chaining Layered Integrity Checks
No work the size of this dissertation is done in isolation, and I would like to thank the people who worked with and supported me over the last four years. Harold F. Bower has worked with me on numerous occasions. He found and added the entry points in the BIOS source to call AEGIS. He also served as a sounding board for me in the design of AEGIS, and the AEGIS interrupt service routine (ISR). Hal and I also worked together on a pre-cursor of AEGIS, the Security Enhanced Processor (SEP). The problems encountered with the SEP project lead to AEGIS. Hal is also responsible for RATBAG which is described in Chapter 3. Angelos Keromytis and I jointly designed the protocol used with the AEGIS network recovery and DHCP++. Angelos also served as the ideal person to discuss ideas. He is never shy about telling someone that their idea is nuts. Scott Alexander, Angelos, and I worked together on the design of SANE, Section 7.1. Scott’s contributions are “above the OS”, and mine are “below the OS”. Angelos worked with both Scott and myself, and developed the naming and threat models. Ralph Droms et. al. developed the DHCP authentication scheme described in Section 7.2. I developed the delayed aspect of the authentication mechanism along with the threat model
- …