• PDF / 97,246 Bytes
• 2 Pages / 430 x 660 pts Page_size
• 50 Downloads / 221 Views

DOWNLOAD

REPORT

Modeling and virtualization are typical methodologies used to develop efficient security enhancement techniques. Modeling approximates complex human or software behaviors with limited resources and enables effective analysis of usage patterns. Virtualization allows simulating existing computing resources, adding some capabilities such as access control and/or modifying semantics. Thus entities accessing computer resources are handled by modeling, whereas the resources themselves can be managed through virtualization. This invited talk describes our approaches and experiences that takes advantage of both methodologies. By modeling software or user behavior, the system can make approximations that capture the “normal” behaviors with limited resources. Once we obtain an approximation, it can be utilized to detect anomalies that an intruder would likely perform. Conventional modeling approaches for anomaly-based intrusion detection can be classified as either vector space-based methods or network-based methods. The advantages of these two types of methods are complementary to each other. The vector space-based methods can automatically generate a model from an event sequence, but the relations between the events cannot be represented, whereas the network-based methods can represent the relations between the events, but a domain specific knowledge is often required to define the topology of the network. We show that it is possible to develop a method that combines the advantages of the two types [3]. The idea behind this method is to regard an event sequence as a serialized sequence that originally had structural relations and to extract the embedded dependencies of the events. Most modeling methods of anomaly-based intrusion detection requires a “learning” phase of normal behavior, including the above-mentioned technique. Determining what data should be used for the learning stage is a nontrivial issue and careful selection is required. David Wagner and Drew Dean proposed an interesting approach that directly extracts a model by statically analyzing program codes [5]. Unfortunately, the proposed method inherently incorporates nondeterministic search at runtime, so it suffers significant runtime overhead. We found that the overhead can be drastically reduced by combining two techniques [1]. One technique is to examine calling sequences stored in the execution stack and the other is to reuse searching results stored in a caching table. I. Cervesato (Ed.): ASIAN 2007, LNCS 4846, pp. 196–197, 2007. c Springer-Verlag Berlin Heidelberg 2007 

Modeling and Virtualization for Secure Computing Environments

197

Virtualization, on the other hand, abstracts computing resources and enables one to control access to resources and/or to modify the semantics of the resources. Such capabilities are useful to protect the system’s resources even when an intrusion detection system cannot recognize malicious programs or masqueraders. Our research group has two approaches to utilize such virtualization techniques: operating-system-level virtuali

Recommend Documents

Zero-Knowledge Authentication for Secure Multi-cloud Computing Environments

171 49 171KB

SIoT: Secure IoT Framework for Smart Environments

169 32 41MB

Secure Attestation of Virtualized Environments

142 62 24MB

Secure Cloud Computing

199 75 8MB

Metaheuristics for Scheduling in Distributed Computing Environments

182 85 9MB

A Virtualization Security Framework for Public Cloud Computing

170 22 434KB

Soft Computing for Reservoir Characterization and Modeling

196 43 76MB

Ethical and Secure Computing A Concise Module

178 44 5MB

A Holistic Framework for Virtual Network Migration to Enhance Embedding Ratios in Network Virtualization Environments

199 59 3MB

Virtualization Technology and Security

163 108 249KB

Social Computing and Behavioral Modeling

166 24 12MB

Social Media Modeling and Computing

178 34 13MB