Preventing Intrusions through Non-Interference

The ability to prevent and to detect intrusions in computer systems is often heavily conditioned by having som e knowledge of the security flaws of the system under analysis. Discover intrusions is particularly hard in concurrent systems, which contain several interactions among their components ; suspicious interactions are usually studied manually by se curity experts which need to establish if they are dangerous. In thi s paper, we present an automated method to prevent intrusionsin concurrent systems that does not require any previous knowl edge of the flaws. We study the behaviour of an abstract model of the system that captures its security-related behaviors; the model contain the trusted components of the system such as the file system, privileged processes, etc. We then check all possib le interactions with unprivileged processes to decide if the s ystem contain security flaws. This is accomplished by introducinga non-interference security property which holds for modelswhere unprivileged processes do not have direct or indirect writeaccess to resources with an high security level. The property is bas ed on traces and can be decided by using standard concurrency tools. Our method applies even to models containing informa tion flows among their components; this turns out to be a necessary condition for analyzing interactions of actual computer systems, where privileged processes usually have both read and write access to low resources.

[1]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[2]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Jean-Philippe Pouzol,et al.  Formal specication of intrusion signatures and detection rules , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[4]  Claudia Eckert On security models , 1996, SEC.

[5]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[6]  Michele Bugliesi,et al.  Typed Processes in Untyped Contexts , 2005, TGC.

[7]  B. Pierce,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[8]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[9]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[10]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[11]  T. Redmond,et al.  Noninterference and intrusion detection , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Riccardo Focardi,et al.  Verifying persistent security properties , 2004, Comput. Lang. Syst. Struct..

[13]  Christophe Bidan,et al.  An Improved Reference Flow Control Model for Policy-Based Intrusion Detection , 2003, ESORICS.

[14]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[15]  Fabio Martinelli,et al.  Partial model checking and theorem proving for ensuring security properties , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[16]  Silvia Crafa,et al.  A Theory of Noninterference for the pi-Calculus , 2005, TGC.

[17]  Simon N. Foley,et al.  A Universal Theory of Information Flow , 1987, 1987 IEEE Symposium on Security and Privacy.

[18]  Teresa F. Lunt Foundations for Intrusion Detection? , 2000, CSFW.

[19]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[20]  Jean Goubault-Larrecq,et al.  Log auditing through model-checking , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[21]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[22]  C. R. Ramakrishnan,et al.  Model-Based Analysis of Configuration Vulnerabilities , 2002, J. Comput. Secur..

[23]  Matthew Hennessy,et al.  The security pi-calculus and non-interference , 2005, J. Log. Algebraic Methods Program..

[24]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[25]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[26]  Rance Cleaveland,et al.  The concurrency workbench: a semantics-based tool for the verification of concurrent systems , 1993, TOPL.

[27]  Eugene H. Spafford,et al.  The COPS Security Checker System , 1990, USENIX Summer.

[28]  C. R. Ramakrishnan,et al.  Model-Based Vulnerability Analysis of Computer Systems , 1998 .