proceedings of the 3rd european conference on computer …3a978-0-387... · 2017. 8. 29. ·...
TRANSCRIPT
Proceedings of the 3rd European Conference on Computer Network Defense
Lecture Notes in Electrical Engineering Volume 30 Proceedings of the 3rd European Conference on Computer Network Defense Siris, Vasilios; Anagnostakis, Kostas; Ioannidis, Sotiris; Trimintzios, Panagiotis (Eds.) 2009, Approx. 200 p., Hardcover ISBN: 978-0-387-85554-7, Vol. 30 Intelligentized Methodology for Arc Welding Dynamical Process Chen, Shan-Ben; Wu, Jing 2009, Approx. 350 p., Hardcover ISBN: 978-3-540-85641-2, Vol. 29 Proceedings of the European Computing Conference Volume 2 Mastorakis, Nikos; Mladenov, Valeri (Eds.) 2009, Approx. 856 p., Hardcover ISBN: 978-0-387-84818-1, Vol. 28 Proceedings of the European Computing Conference Volume 1 Mastorakis, Nikos; Mladenov, Valeri (Eds.) 2009, Approx. 856 p., Hardcover ISBN: 978-0-387-84813-6, Vol. 27 Electronics System Design Techniques for Safety Critical Applications Sterpone, Luca 2009, Approx. 200 p., Hardcover ISBN: 978-1-4020-8978-7, Vol. 26 Data Mining and Applications in Genomics Ao, Sio-Iong 2009, Approx. 200 p., Hardcover ISBN: 978-1-4020-8974-9, Vol. 25 Informatics in Control, Automation and Robotics Filipe, J.B.; Ferrier, Jean-Louis; Andrade-Cetto, Juan (Eds.) 2009, Approx..300 p., Hardcover ISBN: 978-3-540-85639-9, Vol. 24 Digital Terrestrial Broadcasting Networks Beutler, Roland 2009, Approx. 300 p., Hardcover ISBN: 978-0-387-09634-6, Vol. 23 Logic Synthesis for Compositional Microprogram Control Units Barkalov, Alexander; Titarenko, Larysa 2008, Approx. 288 p., Hardcover ISBN: 978-3-540-69283-6, Vol. 22 (continues after index)
Vasilios Siris • Sotiris Ioannidis • Kostas Anagnostakis • Panagiotis Trimintzios Editors
Proceedings of the 3rd European Conference on Computer Network Defense
123
Editors Vasilios Siris Kostas Anagnostakis Foundation for Research & Foundation for Research & Technology, Hellas Technology, Hellas Inst. Computer Science Inst. Computer Science PO Box 1385 PO Box 1385 711 10 IRAKLION, CRETE 711 10 IRAKLION, CRETE GREECE GREECE Sotiris Ioannidis Panagiotis Trimintzios Foundation for Research & European Network & Technology, Hellas Information Security Agency Inst. Computer Science (ENISA) PO Box 1385 PO Box 1309 711 10 IRAKLION, CRETE 710 01 IRAKLION, CRETE GREECE GREECE ISSN: 1876-1100 e-ISSN: 1876-1119 ISBN: 978-0-387-85554-7 e-ISBN: 978-0-387-85555-4 DOI: 10.1007/978-0-387-85555-4 Library of Congress Control Number: 2008933668 © Springer Science+Business Media, LLC 2009 All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer soft-ware, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed on acid-free paper springer.com
Preface
The 3rd European Conference on Computer Network Defense took place in September 2007 at Aldemar Hotel, in Heraklion, Crete, Greece in cooperation with the European Network and Information Security Agency (ENISA).
The theme of the conference was the protection of computer networks. The conference drew participants from academia and industry in Europe and beyond to discuss hot topics in applied network and systems security.
The conference was a great success, with 6 refereed papers and 6 invited presentations on topics ranging from high assurance networks of virtual machines to signaling vulnerabilities in wiretapping systems.
This book contains the refereed as well as refereed papers. We are greatful to the authors and presenters for their contributions, as well as the participants of EC2N’07 for making the conference a success.
We are looking forward to a successful EC2ND event in 2008. K. G. Anagnostakis, S. Ioannidis, V. Siris
Contents
Encrypted Channels by Way of Retainting ........................................1 Michael Valkering, Asia Slowinska, and Herbert Bos 1 Introduction .........................................................................................1 2 Architecture .........................................................................................3
2.1 Tracking Issues ..............................................................................4 2.2 Retainting ......................................................................................6
2.2.1 Determining the Tag.............................................................6 2.2.2 Identifying the SSL Conversation ........................................8
2.3 Interposition Details ......................................................................9 3 Signature Generation ...........................................................................9
3.1 Pattern-Based Signatures.............................................................10 3.2 Signatures for Polymorphic Buffer Overflows............................13
4 Filters .................................................................................................14 5 Results ...............................................................................................15 6 Related Work.....................................................................................17 7 Conclusions .......................................................................................18 References ............................................................................................18
Fabrizio Baiardi and Daniele Sgandurra
1 Introduction .......................................................................................21 2 Psyco-Virt Overview .........................................................................23
2.1 Overall Architecture ....................................................................24 2.2 Introspection VM.........................................................................26 2.3 Monitored VM.............................................................................27
3 Current Prototype ..............................................................................27 3.1 Introspection Functions ...............................................................27
3.1.1 Detecting Kernel Modifications .........................................27 3.1.2 Running Processes Checker................................................28 3.1.3 Loaded Modules Authenticator ..........................................28 3.1.4 Promiscuous Mode Checker ...............................................28 3.1.5 Anti-Spoofing .....................................................................29
4 Security and Performance Results .....................................................29
1 Tales from the Crypt: Fingerprinting Attacks on
2 Towards High Assurance Networks of Virtual Machines...............21
viii Contents
4.1 Effectiveness................................................................................29 4.2 Performance Overhead ................................................................30 4.3 Limitations...................................................................................31
5 Related Works ...................................................................................31 6 Conclusions and Future Developments .............................................32
References ............................................................................................32
Aikaterini Mitrokotsa, Christos Dimitrakakis, and Christos Douligeris 1 Introduction .......................................................................................35 2 Cost Sensitive Classification .............................................................36
2.1 Choice of the Cost Matrix ...........................................................37 2.2 Algorithmic Comparisons and Alternative Quality Metrics........37 2.3 Models .........................................................................................38
3 Experiments .......................................................................................39 3.1 Databases .....................................................................................40 3.2 Technical Details .........................................................................41 3.3 Results .........................................................................................42
4 Conclusions .......................................................................................45 References ............................................................................................46
High-Speed Networks .........................................................................49 Osman Salem, Sandrine Vaton, and Annie Gravey 1 Introduction .......................................................................................49 2 Related Work.....................................................................................52 3 Background........................................................................................53
3.1 Count-Min Sketch........................................................................53 3.2 Multi-Channel Cumulative Sum Algorithm ................................54
4 Proposed Approach............................................................................57 5 Experiments Results ..........................................................................61 6 Conclusions .......................................................................................66 Acknowledgments ................................................................................67 References ............................................................................................67
and Modes of Encryption ...................................................................69 Debra L. Cook, Moti Yung, and Angelos D. Keromytis 1 Introduction .......................................................................................69 2 Elastic Block Cipher Examples .........................................................70
2.1 Overview .....................................................................................70
Acknowledgments ................................................................................32
3 Intrusion Detection Using Cost-Sensitive Classification .................35
4 A Novel Approach for Anomaly Detection over
5 Elastic Block Ciphers in Practice: Constructions
Contents ix
2.2 Common Items ............................................................................72 2.3 Elastic AES..................................................................................73 2.4 Elastic Camellia...........................................................................75 2.5 Elastic MISTY1...........................................................................77 2.6 Elastic RC6..................................................................................78 2.7 Randomness Test Results ............................................................80 2.8 Key Schedules .............................................................................81
3 Modes of Encryption .........................................................................83 3.1 Overview .....................................................................................83 3.2 Elastic Chaining Mode ................................................................84 3.3 Elastic ECB Mode .......................................................................86
4 Conclusions .......................................................................................88 Acknowledgments ................................................................................90 References ............................................................................................90
Hal Burch, Art Manion, and Yurie Ito 1 Introduction .......................................................................................93 2 VRDA................................................................................................94
2.1 Facts.............................................................................................96 2.2 Light-Weight Affected Product Tags ..........................................98 2.3 Data Exchange...........................................................................100 2.4 Decision Modeling ....................................................................101
3 Current Usage ..................................................................................102 4 Future Direction...............................................................................102 5 Related Work...................................................................................103
5.1 Common Vulnerability Scoring System (CVSS) ......................103 5.2 Exchange Formats .....................................................................104 5.3 Other Work................................................................................104
References ..........................................................................................104
Using Past Activity Tests .................................................................107 Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos 1 Introduction .....................................................................................107 2 PACT Architecture ..........................................................................109
2.1 PACT Definition........................................................................109 2.2 Example PACTs ........................................................................109
3 PACT evaluation .............................................................................110 3.1 PACT Resistance.......................................................................110 3.2 PACT Suspension Policy...........................................................110
6 Vulnerability Response Decision Assistance ....................................93
7 Alice, What Did You Do Last Time? Fighting Phishing
x Contents
3.3 PACT Limitations......................................................................111 4 Case Studies.....................................................................................111
4.1 A PACT Enabled E-Mail Service..............................................111 4.2 A PACT Enabled E-Commerce Service....................................113 4.3 Results .......................................................................................114
5 Related Work...................................................................................115 6 Conclusions .....................................................................................116 References ..........................................................................................116
Relay Chat .........................................................................................119 Thibaut Henin and Corinne Huguennet 1 Introduction .....................................................................................119 2 Clone Attack on Internet Relay Chat...............................................120
2.1 Internet Relay Chat....................................................................120 2.2 Bots and Botnets........................................................................120 2.3 Clone Attacks ............................................................................121 2.4 How to Prevent Such Attacks? ..................................................122
3 Usual Protections.............................................................................122 3.1 Passwords to Enter the Network................................................122 3.2 Blacklist .....................................................................................123 3.3 Use Simple Regexp ...................................................................123
4 Qui-Gon...........................................................................................123 4.1 The Temporal Oracle.................................................................124 4.2 The Distinguishing Oracle.........................................................124
5 Tests and Validation of the Distinguishing Oracle.........................125 5.1 Test Against Existing Attacks ...................................................126 5.2 Test Against a More Clever Attack ...........................................127
6 Conclusions .....................................................................................127 References ..........................................................................................128
Endpoint Collaboration and Interaction .......................................131 Spiros Antonatos, Michael Locasto, Stelios Sidiroglou Angelos D. Keromytis, and Evangelos Markatos 1 Introduction .....................................................................................131
1.1 Impact of Failing to Solve the Problem.....................................133 2 Research Directions .........................................................................133 3 Honey@home ..................................................................................136 4 Application Communities................................................................137 5 Conclusions .....................................................................................139
8 QuiGon: The First Tool Against Clone Attack on Internet
9 Defending Against Next Generation Through Network/
Contents xi
Acknowledgments ..............................................................................139 References ..........................................................................................139
Connected to the Internet.................................................................143 Thomas Haeberlen 1 Introduction .....................................................................................143 2 Basic Architecture ...........................................................................144
2.1 Using Internet Services..............................................................145 2.2 Providing Internet Services .......................................................145 2.3 Administration and Monitoring .................................................146 2.4 Implementation and Operations.................................................147
3 Discussion........................................................................................148 3.1 Overall Structure........................................................................148 3.2 Structure of the Security Gateway.............................................149 3.3 Structure of the Management Network......................................149 3.4 Structure of the Internal Network ..............................................150
4 Conclusions .....................................................................................150
Author Index ..........................................................................................153
Subject Index..........................................................................................155
10 ISi-LANA – A Secure Basic Architecture for Networks