Local System Security via SSHD Instrumentation

نویسنده

Scott Campbell

چکیده

In this paper we describe a method for near real-time identification of attack behavior and local security policy violations taking place over SSH. A rational is provided for the placement of instrumentation points within SSHD based on the analysis of data flow within the OpenSSH application as well as our overall architectural design and design principles. Sample attack and performance analysis examples are also provided.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Experiences with Intrusion Detection in High Performance Computing

The application of Cybersecurity in HPC has historically been considered as counterproductive to research in Open Science. NERSC proposes a systematic way of determining where Cybersecurity-significant data should be sampled as well as an overview of our analysis methodology. To demonstrate this we look at the Bro Intrusion Detection system as well as the instrumented SSHD currently in use.

متن کامل

Dynamic Authorization and Intrusion Response in Distributed Systems

This paper presents an authorization framework for supporting fine-grained access control policies enhanced with light-weight intrusion/misuse detectors and response capabilities. The framework intercepts and analyzes access requests and dynamically adjusts security policies to prevent attackers from exploiting application level vulnerabilities. We present a practical, flexible implementation o...

متن کامل

An Innovative System for Full-Management of CB Using Current Injection Method

In this article, an innovative supervision system will be proposed that can observe and analyze health of Circuit Breaker’s trip coil. The proposed design also logs changes in the coil's quality and informs network supervisor in case of Circuit Breaker (CB) failure. This system injects small direct currents to the Circuit Breaker connections and the trip coil to compute CB’s health and characte...

متن کامل

Recursive Sandboxes: Extending Systrace To Empower Applications

The systrace system-call interposition mechanism has become a popular method for containing untrusted code through program-specific policies enforced by user-level daemons. We describe our extensions to systrace that allow sandboxed processes to further limit their children processes by issuing dynamically constructed policies. We discuss our extensions to the systrace daemon and the OpenBSD ke...

متن کامل

Mashup Component Isolation via Server-Side Analysis and Instrumentation

Web 2.0 and mashups provide opportunities for exciting new applications. However, the security model of the underlying browser technology is quite inadequate to deal with the new trust and security issues. In particular, it provides no good and easy way to isolate mashup components from each other. While browsers might eventually fix these problem, this will take its time. One promising approac...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2011

Local System Security via SSHD Instrumentation

نویسنده

چکیده

منابع مشابه

Experiences with Intrusion Detection in High Performance Computing

Dynamic Authorization and Intrusion Response in Distributed Systems

An Innovative System for Full-Management of CB Using Current Injection Method

Recursive Sandboxes: Extending Systrace To Empower Applications

Mashup Component Isolation via Server-Side Analysis and Instrumentation

عنوان ژورنال:

اشتراک گذاری