论文信息 - Function Call Tracing Attacks to Kerberos V

Function Call Tracing Attacks to Kerberos V

During the authentication process in the Kerberos network authentication system, all the information exchanged between the application client and the Kerberos authentication server is the argument of some function calls to Kerberos shared libraries. Since this information is exchanged in the clear, local attacks that intercept function calls may inspect and manipulate it before resuming their execution. This paper describes function call tracing attacks against the Kerberos authentication system in a time-sharing environment. They use the DynInst API library, developed to support the easy construction of tools for the control and manipulation of programs at run-time, and ad hoc interposition libraries. We illustrate the proposed attacks against two Kerberos client applications, namely kinit andkpasswd.

Julian L. Rrushi

[1] Zhen Liu,et al. Attacking a High Performance Computer Cluster , 2004 .

[2] Maria Grazia Fugini,et al. Sicurezza dei Sistemi Informatici , 2001 .

[3] Theodore Y. Ts'o,et al. Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[4] Stephanie Forrest,et al. Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[5] Charles P. Pfleeger,et al. Security in computing , 1988 .

[6] Eduard Ayguadé,et al. Applying interposition techniques for performance analysis of OPENMP parallel applications , 2000, Proceedings 14th International Parallel and Distributed Processing Symposium. IPDPS 2000.

[7] David A. Wagner,et al. Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[8] John T. Kohl,et al. The Kerberos Network Authentication Service (V5 , 2004 .

[9] Barton P. Miller,et al. Playing Inside the Black Box: Using Dynamic Instrumentation to Create Security Holes , 2001, Parallel Process. Lett..

[10] Wenliang Du,et al. Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths , 2004, RAID.

[11] Timothy W. Curry,et al. Profiling and Tracing Dynamic Library Usage Via Interposition , 1994, USENIX Summer.

[12] Nacho Navarro,et al. DITools: Application-level Support for Dynamic Extension and Flexible Composition , 2000, USENIX Annual Technical Conference, General Track.