Name
Abstract | ||
|---|---|---|
Due to performance constraints, host intrusion detection defenses depend on event and polling-based tamper-proof mechanisms to detect security breaches. These defenses monitor the state of critical software components in an attempt to discover any deviations from a pristine or expected state. The rate and type of checks depend can be both periodic and event-based, for instance triggered by hardware events. In this paper, we demonstrate that all software and hardware-assisted defenses that analyze non-contiguous state to infer intrusions are fundamentally vulnerable to a new class of attacks, we call “evasion attacks”. We detail two categories of evasion attacks: directly-intercepting the defense triggering mechanism and indirectly inferring its periodicity. We show that evasion attacks are applicable to a wide-range of protection mechanisms and we analyze their applicability in recent state-of-the-art hardware-assisted protection mechanisms. Finally, we quantify the performance of implemented proof-of-concept prototypes for all of the attacks and suggest potential countermeasures. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/DSN.2012.6263962 | DSN |
Keywords | Field | DocType |
indirectly periodicity inference,polling-based tamper-proof mechanisms,evasion attacks,performance constraints,event-based check type,defense triggering mechanism,hardware-assisted polling integrity checking systems,evasion attack vulnerability,hardware-assisted polling integrity checking,critical software component,periodic check type,hardware event triggered instances,performance constraint,defense triggering mechanism direct interception,host intrusion detection defenses,hardware-assisted protection mechanisms,periodic check rate,evasion attack,critical software components,hardware event,dependability analysis,recent state-of-the-art hardware-assisted protection,hardware-assisted defenses,hardware-assisted & software defenses,directly-intercepting,expected state,non-contiguous state,integrity protection,data integrity,noncontiguous state analysis,protection mechanism,security of data,event-based check rate,security breach detection,detectors,hardware,radiation detectors,operating systems | Dependability analysis,Computer security,Computer science,Polling,Real-time computing,Data integrity,Software,Component-based software engineering,Computer hardware,Intrusion detection system,Distributed computing | Conference |
ISSN | ISBN | Citations |
1530-0889 E-ISBN : 978-1-4673-1623-1 | 978-1-4673-1623-1 | 3 |
PageRank | References | Authors |
0.39 | 14 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Jiang Wang | 1 | 113 | 6.95 |
| Kun Sun | 2 | 142 | 12.80 |
| Angelos Stavrou | 3 | 1288 | 98.69 |