Useful Types of Constraints cont Constraints

Скачать презентацию Useful Types of Constraints cont Constraints

062f680a16384c88430408db3e819d71.ppt

Количество слайдов: 64

Useful Types of Constraints (cont. )

Constraints

Access Constraints for Programs

Generic Constraints

Useful Types of Constraints

Operation of ARP

ARP Cache Poisoning

Unsolicited ARP Response

Malformed ARP Request

Bogus Response

Bogus Requests and Responses

Gratuitous ARP

An ARP specification

Monitoring for Intrusions

ARP Monitor Implementation

Security Threats

Centrality Analysis

Verification

Reasoning About the Constraints

Reason from bottom up: an Example

Automated Response to Attacks

<validop> -> (OPEN_RD, World. Readable($F. mode)) | (OPEN_RD, Is. File($F. path, -> (OPEN_RD, World. Readable($F. mode)) | (OPEN_RD, Is. File($F. path, "/etc/shadow")) | (OPEN_RW, $F. path == "/var/run/utmp") | (OPEN_WR, Created. By. Proc($P. pid, &$F)) | (chown, Created. By. Proc($P. pid, &$F)) | (chmod, Created. By. Proc($P. pid, &$F)) | (link, Created. By. Proc($P. pid, &$F)) | (unlink, Created. By. Proc($P. pid, &$F)) | (rename, Is. File($F. path, "/etc/passwd")) | (read || write) | (socket) | (connect) | (exit) | (setuid || execve) { alert(3, "Really bad operation", $$); } ; END;

Technical Objectives

Technical Approach -Overview

Example w/ Capabilities

Technical Approach -- Details

IDS Architecture JIGSAW to I. E. Translator DBS to I. E. Translator Sensor Array Sensor to I. E. Preprocessor

Detecting Spoofed Packets

Motivation

IP/TCP Header Review

Significance

Detection Methods

Conclusion