The Experts below are selected from a list of 87 Experts worldwide ranked by ideXlab platform
Joan Borrell - One of the best experts on this subject based on the ideXlab platform.
-
OTM Workshops (1) - SMARTCOP – a smart card based access control for the protection of network security components
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops, 2006Co-Authors: Joaquin Garcia-alfaro, Sergio Castillo, Jordi Castellà-roca, Guillermo Navarro, Joan BorrellAbstract:The protection of network security components, such as firewalls and Intrusion Detection Systems, is a serious problem which, if not solved, may lead a Remote adversary to compromise the security of other components, and even to obtain the control of the system itself We are actually working on the development of a kernel based access control method, which intercepts and cancels forbidden system calls potentially launched by a Remote Attacker This way, even if the Attacker gains administration permissions, she will not achieve her purpose To solve the administration constraints of our approach, we use a smart card based authentication mechanism for ensuring the administrator's identity In this paper, we present an enhanced version of our authentication mechanism, based on a public key cryptographic protocol Through this protocol, our protection module efficiently verifies administrator's actions before granting her the privileges to manipulate a component.
-
CRITIS - Protection of components based on a smart-card enhanced security module
Critical Information Infrastructures Security, 2006Co-Authors: Joaquin Garcia-alfaro, Sergio Castillo, Jordi Castellà-roca, Guillermo Navarro, Joan BorrellAbstract:We present in this paper the use of a security mechanism to handle the protection of network security components, such as Firewalls and Intrusion Detection Systems. Our approach consists of a kernel-based access control method which intercepts and cancels forbidden system calls launched by a potential Remote Attacker. This way, even if the Attacker gains administration permissions, she will not achieve her purpose. To solve the administration constraints of our approach, we use a smart-card based authentication mechanism for ensuring the administrator's identity. Through the use of a cryptographic protocol, the protection mechanism verifies administrator's actions before holding her the indispensable privileges to manipulate a component. Otherwise, the access control enforcement will come to its normal operation. We also show in this paper an overview of the implementation of this mechanism on a research prototype, developed for GNU/Linux systems, over the Linux Security Modules (LSM) framework.
Julie Greensmith - One of the best experts on this subject based on the ideXlab platform.
-
IEEE Congress on Evolutionary Computation - DCA for bot detection
2008 IEEE Congress on Evolutionary Computation (IEEE World Congress on Computational Intelligence), 2008Co-Authors: Yousof Al-hammadi, Uwe Aickelin, Julie GreensmithAbstract:Ensuring the security of computers is a non-trivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a dasiahotpsila - a malicious piece of software which is installed on a host machine and is controlled by a Remote Attacker, termed the dasiabotmaster of a botnetpsila. In this work, we use the biologically inspired dendritic cell algorithm (DCA) to detect the existence of a single hot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single hot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.
-
DCA for bot detection
2008 IEEE Congress on Evolutionary Computation, CEC 2008, 2008Co-Authors: Yousof Al-hammadi, Uwe Aickelin, Julie GreensmithAbstract:Ensuring the security of computers is a non-trivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a dasiahotpsila - a malicious piece of software which is installed on a host machine and is controlled by a Remote Attacker, termed the dasiabotmaster of a botnetpsila. In this work, we use the biologically inspired dendritic cell algorithm (DCA) to detect the existence of a single hot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single hot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.
Joaquin Garcia-alfaro - One of the best experts on this subject based on the ideXlab platform.
-
OTM Workshops (1) - SMARTCOP – a smart card based access control for the protection of network security components
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops, 2006Co-Authors: Joaquin Garcia-alfaro, Sergio Castillo, Jordi Castellà-roca, Guillermo Navarro, Joan BorrellAbstract:The protection of network security components, such as firewalls and Intrusion Detection Systems, is a serious problem which, if not solved, may lead a Remote adversary to compromise the security of other components, and even to obtain the control of the system itself We are actually working on the development of a kernel based access control method, which intercepts and cancels forbidden system calls potentially launched by a Remote Attacker This way, even if the Attacker gains administration permissions, she will not achieve her purpose To solve the administration constraints of our approach, we use a smart card based authentication mechanism for ensuring the administrator's identity In this paper, we present an enhanced version of our authentication mechanism, based on a public key cryptographic protocol Through this protocol, our protection module efficiently verifies administrator's actions before granting her the privileges to manipulate a component.
-
CRITIS - Protection of components based on a smart-card enhanced security module
Critical Information Infrastructures Security, 2006Co-Authors: Joaquin Garcia-alfaro, Sergio Castillo, Jordi Castellà-roca, Guillermo Navarro, Joan BorrellAbstract:We present in this paper the use of a security mechanism to handle the protection of network security components, such as Firewalls and Intrusion Detection Systems. Our approach consists of a kernel-based access control method which intercepts and cancels forbidden system calls launched by a potential Remote Attacker. This way, even if the Attacker gains administration permissions, she will not achieve her purpose. To solve the administration constraints of our approach, we use a smart-card based authentication mechanism for ensuring the administrator's identity. Through the use of a cryptographic protocol, the protection mechanism verifies administrator's actions before holding her the indispensable privileges to manipulate a component. Otherwise, the access control enforcement will come to its normal operation. We also show in this paper an overview of the implementation of this mechanism on a research prototype, developed for GNU/Linux systems, over the Linux Security Modules (LSM) framework.
Xuxian Jiang - One of the best experts on this subject based on the ideXlab platform.
-
AsiaCCS - On the feasibility of launching the man-in-the-middle attacks on VoIP from Remote Attackers
Proceedings of the 4th International Symposium on Information Computer and Communications Security - ASIACCS '09, 2009Co-Authors: Ruishan Zhang, Xinyuan Wang, Ryan Farley, Xiaohui Yang, Xuxian JiangAbstract:The man-in-the-middle (MITM) attack has been shown to be one of the most serious threats to the security and trust of existing VoIP protocols and systems. For example, the MITM who is in the VoIP signaling and/or media path can easily wiretap, divert and even hijack selected VoIP calls by tempering with the VoIP signaling and/or media traffic. Since all previously identified MITM attacks on VoIP require the adversary initially in the VoIP signaling and/or media path, there is a common belief that it is infeasible for a Remote Attacker, who is not initially in the VoIP path, to launch any MITM attack on VoIP. This makes people think that securing all the nodes along the normal path of VoIP traffic is sufficient to prevent MITM attacks on VoIP. In this paper, we demonstrate that a Remote Attacker who is not initially in the path of VoIP traffic can indeed launch all kinds of MITM attacks on VoIP by exploiting DNS and VoIP implementation vulnerabilities. Our case study of Vonage VoIP, the No. 1 residential VoIP service in the U.S. market, shows that a Remote Attacker from anywhere on the Internet can stealthily become a Remote MITM through DNS spoofing attack on a Vonage phone, as long as the Remote Attacker knows the phone number and the IP address of the Vonage phone. We further show that the Remote Attacker can effectively wiretap and hijack targeted Vonage VoIP calls after becoming the Remote MITM. Our results demonstrate that (1) the MITM attack on VoIP is much more realistic than previously thought; (2) securing all nodes along the path of VoIP traffic is not adequate to prevent MITM attack on VoIP; (3) vulnerabilities of non-VoIP-specific protocols (e.g., DNS) can indeed lead to compromise of VoIP.
Yousof Al-hammadi - One of the best experts on this subject based on the ideXlab platform.
-
IEEE Congress on Evolutionary Computation - DCA for bot detection
2008 IEEE Congress on Evolutionary Computation (IEEE World Congress on Computational Intelligence), 2008Co-Authors: Yousof Al-hammadi, Uwe Aickelin, Julie GreensmithAbstract:Ensuring the security of computers is a non-trivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a dasiahotpsila - a malicious piece of software which is installed on a host machine and is controlled by a Remote Attacker, termed the dasiabotmaster of a botnetpsila. In this work, we use the biologically inspired dendritic cell algorithm (DCA) to detect the existence of a single hot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single hot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.
-
DCA for bot detection
2008 IEEE Congress on Evolutionary Computation, CEC 2008, 2008Co-Authors: Yousof Al-hammadi, Uwe Aickelin, Julie GreensmithAbstract:Ensuring the security of computers is a non-trivial task, with many techniques used by malicious users to compromise these systems. In recent years a new threat has emerged in the form of networks of hijacked zombie machines used to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These zombie machines are said to be infected with a dasiahotpsila - a malicious piece of software which is installed on a host machine and is controlled by a Remote Attacker, termed the dasiabotmaster of a botnetpsila. In this work, we use the biologically inspired dendritic cell algorithm (DCA) to detect the existence of a single hot on a compromised host machine. The DCA is an immune-inspired algorithm based on an abstract model of the behaviour of the dendritic cells of the human body. The basis of anomaly detection performed by the DCA is facilitated using the correlation of behavioural attributes such as keylogging and packet flooding behaviour. The results of the application of the DCA to the detection of a single hot show that the algorithm is a successful technique for the detection of such malicious software without responding to normally running programs.
