article

ASM: application security monitor

Authors:

David KaeliAuthors Info & Claims

ACM SIGARCH Computer Architecture News, Volume 33, Issue 5

Pages 21 - 26

https://doi.org/10.1145/1127577.1127583

Published: 01 December 2005 Publication History

Abstract

Our Application Security Monitor (ASM) is a run-time monitor that dynamically collects execution-related data. ASM is part of a security framework that will allow us to explore different security policies aimed at identifying malicious behavior such as Trojan horses and backdoors.In this paper, we show what type of data ASM can collect and illustrate how this data can be used to enforce a security policy. Using ASM we are able to explore different tradeoffs between security and performance.

References

[1]

D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236--243, 1976.

Digital Library

[2]

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In CCS '98: Proceedings of the 5th ACM conference on Computer and communications security, pages 38--48, 1998.

Digital Library

[3]

D. Gao, M. K. Reiter, and D. Song. On gray-box program tracking for anomaly detection. In Proceedings of the 13th USENIX Security Symposium, pages 103--118, San Diego, CA, USA, Aug. 9--13 2004.

Digital Library

[4]

I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications (confining the wily hacker). In Proceedings of the 6th Usenix Security Symposium, San Jose, CA, USA, 1996.

Digital Library

[5]

LURHQ Threat Intelligence Group. Lurhq. http://www.lurhq.com/phatbot.html.

[6]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Security '02: Proceeding of the 11th USENIX Security Symposium, San Francisco, August 2002.

Digital Library

[7]

C. Ko, T. Fraser, L. Badger, and D. Kilpatrick. Detecting and countering system intrusions using software wrappers. In Proceedings of the USENIX Security Conference, pages 145--156, Jan 2000.

Digital Library

[8]

A. P. Kosoresow and S. A. Hofmeyr. Intrusion detection via system call traces. IEEE Softw., 14(5):35--42, 1997.

Digital Library

[9]

C. K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Programming Language Design and Implementation (PLDI), Jun. 2005. Chicago, IL.

Digital Library

[10]

A. C. Myers. Jflow: practical mostly-static information flow control. In POPL '99: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 228--241, New York, NY, USA, 1999. ACM Press.

Digital Library

[11]

Bruce Schneier. Attack trends 2004 and 2005. In ACM Queue vol. 3, no. 5. ACM, Jun. 2005. http://acmqueue.com/.

Digital Library

[12]

K. Scott and J. Davidson. Safe virtual execution using software dynamic translation. In ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference, page 209, Washington, DC, USA, 2002. IEEE Computer Society.

Digital Library

[13]

G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS-XI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, pages 85--96, New York, NY, USA, 2004. ACM Press.

Digital Library

[14]

United States Computer Emergency Readiness Team. Us-cert. http://www.us-cert.gov/.

[15]

Carnegie Mellon University. Cert. http://www.cert.org/.

[16]

N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. Rifle: An architectural framework for user-centric information-flow security. In MICRO 37: Proceedings of the 37th annual International Symposium on Microarchitecture, pages 243--254, Washington, DC, USA, 2004. IEEE Computer Society.

Digital Library

Cited By

Babamir SNowrouzi RNaseri H(2010)Mining Bluetooth Attacks in Smart PhonesNetworked Digital Technologies10.1007/978-3-642-14292-5_26(241-253)Online publication date: 2010
https://doi.org/10.1007/978-3-642-14292-5_26
Zhang XXie YLai XZhang SDeng Z(2007)A multi-core security architecture based on EFIProceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II10.5555/1784707.1784760(1675-1687)Online publication date: 25-Nov-2007
https://dl.acm.org/doi/10.5555/1784707.1784760
Zhang XXie YLai XZhang SDeng Z(2007)A Multi-core Security Architecture Based on EFIOn the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS10.1007/978-3-540-76843-2_39(1675-1687)Online publication date: 2007
https://doi.org/10.1007/978-3-540-76843-2_39

Index Terms

ASM: application security monitor
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software notations and tools
    1. Compilers
  2. Software organization and properties
    1. Software functional properties
      1. Correctness
        Access protection

Recommendations

ASM-SPV: A Model Checker for Security Protocols
IIH-MSP '10: Proceedings of the 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing

This paper presents details of a model checker for security protocols, called ASM-SPV (Abstract State Machines-Security Protocols Verifier), which employs the on-the-fly model checking technique as the convenient verification method and directly ...
ASM: a programmable interface for extending android security
SEC'14: Proceedings of the 23rd USENIX conference on Security Symposium

Android, iOS, and Windows 8 are changing the application architecture of consumer operating systems. These new architectures required OS designers to rethink security and access control. While the new security architectures improve on traditional ...
Towards ASM-Based Automated Formal Verification of Security Protocols
Rigorous State-Based Methods
Abstract
In the security protocols domain, formal verification is more and more highly demanded to guarantee security assurance: humans increasingly depend on the use of connected devices in their daily life, so they must be protected against possible ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGARCH Computer Architecture News

ACM SIGARCH Computer Architecture News Volume 33, Issue 5

Special issue on the 2005 workshop on binary instrumentation and application

December 2005

93 pages

ISSN:0163-5964

DOI:10.1145/1127577

Issue’s Table of Contents

Copyright © 2005 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2005

Published in SIGARCH Volume 33, Issue 5

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
322
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Babamir SNowrouzi RNaseri H(2010)Mining Bluetooth Attacks in Smart PhonesNetworked Digital Technologies10.1007/978-3-642-14292-5_26(241-253)Online publication date: 2010
https://doi.org/10.1007/978-3-642-14292-5_26
Zhang XXie YLai XZhang SDeng Z(2007)A multi-core security architecture based on EFIProceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II10.5555/1784707.1784760(1675-1687)Online publication date: 25-Nov-2007
https://dl.acm.org/doi/10.5555/1784707.1784760
Zhang XXie YLai XZhang SDeng Z(2007)A Multi-core Security Architecture Based on EFIOn the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS10.1007/978-3-540-76843-2_39(1675-1687)Online publication date: 2007
https://doi.org/10.1007/978-3-540-76843-2_39

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents