Principles-driven forensic analysis
作者: Sean Peisert , Sidney Karin , Matt Bishop , Keith Marzullo
关键词: Abstraction layer 、 Computer science 、 Compiler 、 Covert channel 、 Finite-state machine 、 Human–computer interaction 、 Degree of certainty 、 Context (language use) 、 User space 、 Computer forensics 、 Computer security
摘要: It is possible to enhance our understanding of what has happened on a computer system by using forensic techniques that do not require prediction the nature attack, skill attacker, or details resources objects affected. These address five fundamental principles forensics. include recording data about entire operating system, particularly user space events and environments, interpreting at different layers abstraction, aided context in which they occurred. They also deal with modeling recorded as multi-resolution, finite state machine so results can be established high degree certainty rather than merely inferred.
core.ac.uk
acm.org
ucdavis.edu 
nspw.org 参考文章(17)
Andrew Harrison Gross, Analyzing computer intrusions University of California at San Diego. ,(1998)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Sean Peisert, Forensics For System Administrators Log in. ,vol. 30, pp. 34- 42 ,(2005)
Matt Bishop, Computer Security: Art and Science ,(2002)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Matt Bishop, The insider problem revisited new security paradigms workshop. pp. 75- 76 ,(2005) , 10.1145/1146269.1146287
Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, Benjamin Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code symposium on operating systems principles. ,vol. 35, pp. 57- 72 ,(2001) , 10.1145/502034.502041
Steven J. Templeton, Karl Levitt, A requires/provides model for computer attacks new security paradigms workshop. pp. 31- 38 ,(2001) , 10.1145/366173.366187
Butler W. Lampson, A note on the confinement problem Communications of the ACM. ,vol. 16, pp. 613- 615 ,(1973) , 10.1145/362375.362389
Min Xu, Rastislav Bodik, Mark D. Hill, A "flight data recorder" for enabling full-system multiprocessor deterministic replay Proceedings of the 30th annual international symposium on Computer architecture - ISCA '03. ,vol. 31, pp. 122- 135 ,(2003) , 10.1145/859618.859633