Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Need help. Proof of concept 100% security.
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Fri, 15 Aug 2003 10:48:12 -0700


On Mon, Aug 18, 2003 at 08:54:54PM +0530, Balwinder Singh composed:
Hi All,

I have developed an application, which I believe can provide 100%
security against various attacks.I can hear people laughing. Hmm..
The applications is called Execution Flow Control (EFC).
Details of software can be found at http://203.197.88.14/efc

You are doing system call monitoring based on a program model, and
killing programs which deviate, assuming I read the documentation
correctly...

A:  You have false positives unless you generate this database through
program analysis or some other technique.  "Security" procedures which
make systems less reliable are only rarely acceptable.



B: This has been done, based on program analysis, traces, and a whole
host of other techniques.  Probably the best example based on program
analysis is

"Intrusion Detection via Static Analysis"
David Wagner and Drew Dean:
http://www.cs.berkeley.edu/~daw/papers/ids-oakland01.ps

This is probably the nicest imply because their model does NOT have
false positives, only false negatives.



C:  How to waltz through this "100%" protection:
"Mimicry Attaks on Host-Based Intrusion Detection"
David Wagner and Paolo Soto:
http://www.cs.berkeley.edu/~daw/papers/mimicry.pdf

-- 
Nicholas C. Weaver                                 nweaver () cs berkeley edu


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]