Data-Provenance Verification For Secure Hosts

Malicious software typically resides stealthily on a user's computer and interacts with the user's computing resources. Our goal in this work is to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provena...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE transactions on dependable and secure computing 2012-03, Vol.9 (2), p.173-183
Hauptverfasser:	Kui Xu, Huijun Xiong, Chehai Wu, Stefan, D., Danfeng Yao
Format:	Artikel
Sprache:	eng
Schlagworte:	Analysis Authentication Authentication protocols Computation Computer crime Computer hacking Computer networks Computer viruses Cryptography Data integrity Digital Object Identifier Firewalls Forgery Integrity Internet service providers Malware Network security networking Operating systems Program verification (computers) provenance Software Studies System-on-a-chip Traffic engineering Traffic flow
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	183
container_issue	2
container_start_page	173
container_title	IEEE transactions on dependable and secure computing
container_volume	9
creator	Kui Xu Huijun Xiong Chehai Wu Stefan, D. Danfeng Yao
description	Malicious software typically resides stealthily on a user's computer and interacts with the user's computing resources. Our goal in this work is to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provenance of critical system information and prevents adversaries from utilizing host resources. We define data-provenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with. We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level. Its two concrete applications are demonstrated in the keystroke integrity verification and malicious traffic detection. Specifically, we first design and implement an efficient cryptographic protocol that enforces keystroke integrity by utilizing on-chip Trusted Computing Platform (TPM). The protocol prevents the forgery of fake key events by malware under reasonable assumptions. Then, we demonstrate our provenance verification approach by realizing a lightweight framework for restricting outbound malware traffic. This traffic-monitoring framework helps identify network activities of stealthy malware, and lends itself to a powerful personal firewall for examining all outbound traffic of a host that cannot be bypassed.
doi_str_mv	10.1109/TDSC.2011.50
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_1001895189</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6035722</ieee_id><sourcerecordid>2636237991</sourcerecordid><originalsourceid>FETCH-LOGICAL-c354t-254530b1e83ccdb06f6b02bc3b3f115012a5e35d96dd50e3a8f64d58818f0eaf3</originalsourceid><addsrcrecordid>eNpd0M9LwzAUB_AiCs7pzZuXghcPdr6XNFl7lM05YaCw6TWk6Qt0bM1MWsH_3pSJBw_h5fDh_fgmyTXCBBHKh818PZswQJwIOElGWOaYAWBxGv8iF5kop3ieXISwBWB5UeajJJvrTmdv3n1Rq1tD6Qf5xjZGd41r04Xz6ZpM7yldutCFy-TM6l2gq986Tt4XT5vZMlu9Pr_MHleZ4SLvMhaHcaiQCm5MXYG0sgJWGV5xiygAmRbERV3KuhZAXBdW5rUoCiwskLZ8nNwd-x68--wpdGrfBEO7nW7J9UGhnCIrcykx0tt_dOt638btFA63lyK-qO6PyngXgierDr7Za_8dkRqyU0N2ashOCYj85sgbIvqjEriYMsZ_ADEAZ88</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1001895189</pqid></control><display><type>article</type><title>Data-Provenance Verification For Secure Hosts</title><source>IEEE Electronic Library (IEL)</source><creator>Kui Xu ; Huijun Xiong ; Chehai Wu ; Stefan, D. ; Danfeng Yao</creator><creatorcontrib>Kui Xu ; Huijun Xiong ; Chehai Wu ; Stefan, D. ; Danfeng Yao</creatorcontrib><description>Malicious software typically resides stealthily on a user's computer and interacts with the user's computing resources. Our goal in this work is to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provenance of critical system information and prevents adversaries from utilizing host resources. We define data-provenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with. We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level. Its two concrete applications are demonstrated in the keystroke integrity verification and malicious traffic detection. Specifically, we first design and implement an efficient cryptographic protocol that enforces keystroke integrity by utilizing on-chip Trusted Computing Platform (TPM). The protocol prevents the forgery of fake key events by malware under reasonable assumptions. Then, we demonstrate our provenance verification approach by realizing a lightweight framework for restricting outbound malware traffic. This traffic-monitoring framework helps identify network activities of stealthy malware, and lends itself to a powerful personal firewall for examining all outbound traffic of a host that cannot be bypassed.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2011.50</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Analysis ; Authentication ; Authentication protocols ; Computation ; Computer crime ; Computer hacking ; Computer networks ; Computer viruses ; Cryptography ; Data integrity ; Digital Object Identifier ; Firewalls ; Forgery ; Integrity ; Internet service providers ; Malware ; Network security ; networking ; Operating systems ; Program verification (computers) ; provenance ; Software ; Studies ; System-on-a-chip ; Traffic engineering ; Traffic flow</subject><ispartof>IEEE transactions on dependable and secure computing, 2012-03, Vol.9 (2), p.173-183</ispartof><rights>Copyright IEEE Computer Society Jan-Mar 2012</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c354t-254530b1e83ccdb06f6b02bc3b3f115012a5e35d96dd50e3a8f64d58818f0eaf3</citedby><cites>FETCH-LOGICAL-c354t-254530b1e83ccdb06f6b02bc3b3f115012a5e35d96dd50e3a8f64d58818f0eaf3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6035722$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27903,27904,54736</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6035722$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Kui Xu</creatorcontrib><creatorcontrib>Huijun Xiong</creatorcontrib><creatorcontrib>Chehai Wu</creatorcontrib><creatorcontrib>Stefan, D.</creatorcontrib><creatorcontrib>Danfeng Yao</creatorcontrib><title>Data-Provenance Verification For Secure Hosts</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Malicious software typically resides stealthily on a user's computer and interacts with the user's computing resources. Our goal in this work is to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provenance of critical system information and prevents adversaries from utilizing host resources. We define data-provenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with. We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level. Its two concrete applications are demonstrated in the keystroke integrity verification and malicious traffic detection. Specifically, we first design and implement an efficient cryptographic protocol that enforces keystroke integrity by utilizing on-chip Trusted Computing Platform (TPM). The protocol prevents the forgery of fake key events by malware under reasonable assumptions. Then, we demonstrate our provenance verification approach by realizing a lightweight framework for restricting outbound malware traffic. This traffic-monitoring framework helps identify network activities of stealthy malware, and lends itself to a powerful personal firewall for examining all outbound traffic of a host that cannot be bypassed.</description><subject>Analysis</subject><subject>Authentication</subject><subject>Authentication protocols</subject><subject>Computation</subject><subject>Computer crime</subject><subject>Computer hacking</subject><subject>Computer networks</subject><subject>Computer viruses</subject><subject>Cryptography</subject><subject>Data integrity</subject><subject>Digital Object Identifier</subject><subject>Firewalls</subject><subject>Forgery</subject><subject>Integrity</subject><subject>Internet service providers</subject><subject>Malware</subject><subject>Network security</subject><subject>networking</subject><subject>Operating systems</subject><subject>Program verification (computers)</subject><subject>provenance</subject><subject>Software</subject><subject>Studies</subject><subject>System-on-a-chip</subject><subject>Traffic engineering</subject><subject>Traffic flow</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNpd0M9LwzAUB_AiCs7pzZuXghcPdr6XNFl7lM05YaCw6TWk6Qt0bM1MWsH_3pSJBw_h5fDh_fgmyTXCBBHKh818PZswQJwIOElGWOaYAWBxGv8iF5kop3ieXISwBWB5UeajJJvrTmdv3n1Rq1tD6Qf5xjZGd41r04Xz6ZpM7yldutCFy-TM6l2gq986Tt4XT5vZMlu9Pr_MHleZ4SLvMhaHcaiQCm5MXYG0sgJWGV5xiygAmRbERV3KuhZAXBdW5rUoCiwskLZ8nNwd-x68--wpdGrfBEO7nW7J9UGhnCIrcykx0tt_dOt638btFA63lyK-qO6PyngXgierDr7Za_8dkRqyU0N2ashOCYj85sgbIvqjEriYMsZ_ADEAZ88</recordid><startdate>20120301</startdate><enddate>20120301</enddate><creator>Kui Xu</creator><creator>Huijun Xiong</creator><creator>Chehai Wu</creator><creator>Stefan, D.</creator><creator>Danfeng Yao</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L6V</scope><scope>M0C</scope><scope>M0N</scope><scope>M7S</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>PYYUZ</scope><scope>Q9U</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20120301</creationdate><title>Data-Provenance Verification For Secure Hosts</title><author>Kui Xu ; Huijun Xiong ; Chehai Wu ; Stefan, D. ; Danfeng Yao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c354t-254530b1e83ccdb06f6b02bc3b3f115012a5e35d96dd50e3a8f64d58818f0eaf3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Analysis</topic><topic>Authentication</topic><topic>Authentication protocols</topic><topic>Computation</topic><topic>Computer crime</topic><topic>Computer hacking</topic><topic>Computer networks</topic><topic>Computer viruses</topic><topic>Cryptography</topic><topic>Data integrity</topic><topic>Digital Object Identifier</topic><topic>Firewalls</topic><topic>Forgery</topic><topic>Integrity</topic><topic>Internet service providers</topic><topic>Malware</topic><topic>Network security</topic><topic>networking</topic><topic>Operating systems</topic><topic>Program verification (computers)</topic><topic>provenance</topic><topic>Software</topic><topic>Studies</topic><topic>System-on-a-chip</topic><topic>Traffic engineering</topic><topic>Traffic flow</topic><toplevel>online_resources</toplevel><creatorcontrib>Kui Xu</creatorcontrib><creatorcontrib>Huijun Xiong</creatorcontrib><creatorcontrib>Chehai Wu</creatorcontrib><creatorcontrib>Stefan, D.</creatorcontrib><creatorcontrib>Danfeng Yao</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ProQuest Engineering Collection</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Engineering Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>ABI/INFORM Collection China</collection><collection>ProQuest Central Basic</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Kui Xu</au><au>Huijun Xiong</au><au>Chehai Wu</au><au>Stefan, D.</au><au>Danfeng Yao</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Data-Provenance Verification For Secure Hosts</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2012-03-01</date><risdate>2012</risdate><volume>9</volume><issue>2</issue><spage>173</spage><epage>183</epage><pages>173-183</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Malicious software typically resides stealthily on a user's computer and interacts with the user's computing resources. Our goal in this work is to improve the trustworthiness of a host and its system data. Specifically, we provide a new mechanism that ensures the correct origin or provenance of critical system information and prevents adversaries from utilizing host resources. We define data-provenance integrity as the security property stating that the source where a piece of data is generated cannot be spoofed or tampered with. We describe a cryptographic provenance verification approach for ensuring system properties and system-data integrity at kernel-level. Its two concrete applications are demonstrated in the keystroke integrity verification and malicious traffic detection. Specifically, we first design and implement an efficient cryptographic protocol that enforces keystroke integrity by utilizing on-chip Trusted Computing Platform (TPM). The protocol prevents the forgery of fake key events by malware under reasonable assumptions. Then, we demonstrate our provenance verification approach by realizing a lightweight framework for restricting outbound malware traffic. This traffic-monitoring framework helps identify network activities of stealthy malware, and lends itself to a powerful personal firewall for examining all outbound traffic of a host that cannot be bypassed.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2011.50</doi><tpages>11</tpages><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1545-5971
ispartof	IEEE transactions on dependable and secure computing, 2012-03, Vol.9 (2), p.173-183
issn	1545-5971 1941-0018
language	eng
recordid	cdi_proquest_journals_1001895189
source	IEEE Electronic Library (IEL)
subjects	Analysis Authentication Authentication protocols Computation Computer crime Computer hacking Computer networks Computer viruses Cryptography Data integrity Digital Object Identifier Firewalls Forgery Integrity Internet service providers Malware Network security networking Operating systems Program verification (computers) provenance Software Studies System-on-a-chip Traffic engineering Traffic flow
title	Data-Provenance Verification For Secure Hosts
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T15%3A11%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Data-Provenance%20Verification%20For%20Secure%20Hosts&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Kui%20Xu&rft.date=2012-03-01&rft.volume=9&rft.issue=2&rft.spage=173&rft.epage=183&rft.pages=173-183&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2011.50&rft_dat=%3Cproquest_RIE%3E2636237991%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1001895189&rft_id=info:pmid/&rft_ieee_id=6035722&rfr_iscdi=true