Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Need help. Proof of concept 100% security.
From: Nicholas Weaver <nweaver () CS berkeley edu>
Date: Fri, 15 Aug 2003 10:48:12 -0700

On Mon, Aug 18, 2003 at 08:54:54PM +0530, Balwinder Singh composed:
Hi All,

I have developed an application, which I believe can provide 100%
security against various attacks.I can hear people laughing. Hmm..
The applications is called Execution Flow Control (EFC).
Details of software can be found at

You are doing system call monitoring based on a program model, and
killing programs which deviate, assuming I read the documentation

A:  You have false positives unless you generate this database through
program analysis or some other technique.  "Security" procedures which
make systems less reliable are only rarely acceptable.

B: This has been done, based on program analysis, traces, and a whole
host of other techniques.  Probably the best example based on program
analysis is

"Intrusion Detection via Static Analysis"
David Wagner and Drew Dean:

This is probably the nicest imply because their model does NOT have
false positives, only false negatives.

C:  How to waltz through this "100%" protection:
"Mimicry Attaks on Host-Based Intrusion Detection"
David Wagner and Paolo Soto:

Nicholas C. Weaver                                 nweaver () cs berkeley edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]