Archive for the ‘LINKS’ Category.
June 10, 2003, 9:22 pm
CoVirt Project Home Page (University of Michigan):
The CoVirt project is investigating how to use virtual machines to provide security in an operating-system-independent manner. Virtual-machine security services can work even if an attacker gains complete control over the guest operating system….
Another potential challenge of using virtual machines is that running all applications above the virtual machine hurts performance due to virtualization overhead…
We modified a host OS (Linux) to enable it to better support a virtual-machine monitor. The resulting virtual-machine monitor and modified guest OS (based on UMLinux) runs even kernel-intensive applications at about 14-35% overhead…
We have designed and implemented a replay service for virtual machines called ReVirt. ReVirt logs enough information to replay a long-term execution of a virtual machine instruction-by-instruction. This enables it to provide arbitrarily detailed observations about what transpired on the system, even in the presence of non-deterministic attacks and executions…
We designed and implemented a system called BackTracker that will help system administrators understand (and thereby recover from) an intrusion. BackTracker automatically identifies potential sequences of steps that occurred in an intrusion. Starting with a single detection point (e.g. a suspicious file), BackTracker identifies files and processes that could have affected that detection point and displays chains of events in a dependency graph.
June 5, 2003, 10:06 am
Organization for Internet Safety: Draft Security Vulnerability Reporting and Response Process
«
The draft Security Vulnerability Reporting and Responding Process is available for public comment until 7 July, 2003.
»
May 30, 2003, 2:45 pm
Michael Malone: The Empire of Ants:
This cycle is the endless vacillation between centralization and decentralization. This wave affects every part of the modern, tech-driven corporation, from products to organization charts. If you’ve been around this industry any length of time, you know what I’m talking about.
May 30, 2003, 9:13 am
Techdirt:
Court Says DMCA Users Don’t Need To Investigate Sites They Take Down
«
Yet another ridiculous ruling surrounding the always popular DMCA rule. This one says that a copyright holder does not need to “investigate” the site they claim is distributing their copyrighted works, as long as they have a “good faith” belief that the site is infringing.
…
This is particularly scary considering that the RIAA recently admitted (though, after some denial) that they’ve been sending out takedown notices accidentally when no infringement was occurring.
»
May 28, 2003, 4:38 pm
Crosby and Wallach (Rice University): Denial of Service via Algorithmic Complexity Attacks, includes source code for a universal hashing library with good performance.
«
We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications’ data structures. Frequently used data structures have “average-case” expected running time that’s far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks.
»
