Preventing backdoors in server applications with a separated software architecture
作者: Stefan Rüster , Thorsten Holz , Felix Schuster
DOI: 10.1007/978-3-642-39235-1_12
关键词: Computer science 、 File Transfer Protocol 、 Operating system 、 Privilege escalation 、 Software architecture 、 Access control list 、 Adversary 、 Software 、 Application server
摘要: We often rely on system components implemented by potentially untrusted parties. This implies the risk of backdoors, i.e., hidden mechanisms that elevate privileges an unauthenticated adversary or execute other malicious actions certain triggers. Hardware backdoors have received some attention lately and we address in this paper software backdoors. present a design approach for server applications can --- under assumptions protect against aiming at privilege escalation. proof-of-concept FTP to demonstrate practical feasibility our approach.
springer.com
sci-hub.st 参考文章(8)
Cynthia E. Irvine, The Reference Monitor Concept as a Unifying Principle in Computer Security Education Defense Technical Information Center. ,(1999) , 10.21236/ADA423529
Anthony Cozzie, Chris Grier, Yuanyuan Zhou, Joseph Tucek, Samuel T. King, Weihang Jiang, Designing and implementing malicious hardware LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 5- ,(2008)
Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar, Native Client: A Sandbox for Portable, Untrusted x86 Native Code ieee symposium on security and privacy. pp. 79- 93 ,(2009) , 10.1109/SP.2009.25
Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Zhenkai Liang, Wei Zou, A Framework to Eliminate Backdoors from Response-Computable Authentication ieee symposium on security and privacy. pp. 3- 17 ,(2012) , 10.1109/SP.2012.10
Cynthia Sturton, Matthew Hicks, David Wagner, Samuel T. King, Defeating UCI: Building Stealthy and Malicious Hardware ieee symposium on security and privacy. pp. 64- 77 ,(2011) , 10.1109/SP.2011.32
Matthew Finifter, Adrian Mettler, Naveen Sastry, David Wagner, Verifiable functional purity in java Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 161- 174 ,(2008) , 10.1145/1455770.1455793
Adam Waksman, Simha Sethumadhavan, Silencing Hardware Backdoors ieee symposium on security and privacy. pp. 49- 63 ,(2011) , 10.1109/SP.2011.27
Ken Thompson, Reflections on trusting trust Communications of the ACM. ,vol. 27, pp. 761- 763 ,(1984) , 10.1145/358198.358210