Next:
Introduction
Up:
Interactive Security Assistance for
Previous:
Interactive Security Assistance for
Contents
Introduction
Problem setting - untrusted code
The Security Assistant
Why use a Security Assistant?
Envisioned use
Categories describing behavior
Conceived example -- Detecting malicious behavior
Security Implications
Envisioned architecture
Suggested architecture
External Issues -- Design and Implementation
Environment
Subversion - How to protect the assistant and encapsulate the programs
Identity - How to distinguish the programs
Granularity - What data can be gathered.
Acquisition - What methods are there to extract audit data.
Operation
Interception - reactive or immediate
Efficiency.
Internal Issues -- Design and Implementation
Sensors
What to monitor, When to signal.
Adding/Removing sensors.
Combination of sensors.
Related work -- Safe languages
What is a safe language?
Restricted access
Analyzing code
Other computational models
Related work -- Intrusion detection
What are intrusion Detection Systems?
Approaches to Intrusion Detection Systems
Approaches to Statistical Change Detection
Rules
Related Projects
Crosbie
NIDES
GASSATA
Forrest
Ko-fink
Finjan
Conclusions
Prototypes
Java-prototype
Tcl-prototype
Prolog-prototype
Example Sensors
References
About this document ...
Andreas Rasmusson
Fri Oct 25 11:36:45 MET DST 1996
