Presentation Title

Operating System Security using SNMP

Start Date

November 2016

End Date

November 2016

Location

HUB 302-#148

Type of Presentation

Poster

Abstract

Abstract

User applications such word processors and web browsers rely on the services from the operating system (OS) in order to read files, send data over the network, and perform other tasks. They request such services through the system call interface, which is a set of functions exposed by the OS that can be invoked by processes. Analysis of the system calls provides important insights into the overall process behavior and is frequently used to detect malicious software on the system. Current process behavior monitoring techniques rely on the interception of system calls. Most of the state-of-the-art techniques are very error-prone and generate results that are difficult for humans to interpret. To address this, we develop a novel and versatile mechanism which allows us to increase the security of the operating system. We expect that our mechanism will greatly simplify and extend the capabilities of monitoring processes and enforcing security policies on the system in ways not yet possible in the traditional operating systems based on the standard system calls. The central idea of our approach is that user applications, instead of requesting operating system services through a standard system call interface, send small messages to the operating system through a virtual network device, encapsulated inside an SNMP packet. We implement a prototype of our system by modifying the kernel of the Linux OS and illustrate its effectiveness by using the Wireshark packet sniffer (a standard tool used for monitoring the network traffic) to study the services requested by processes.

This document is currently not available here.

Share

COinS
 
Nov 12th, 4:00 PM Nov 12th, 5:00 PM

Operating System Security using SNMP

HUB 302-#148

Abstract

User applications such word processors and web browsers rely on the services from the operating system (OS) in order to read files, send data over the network, and perform other tasks. They request such services through the system call interface, which is a set of functions exposed by the OS that can be invoked by processes. Analysis of the system calls provides important insights into the overall process behavior and is frequently used to detect malicious software on the system. Current process behavior monitoring techniques rely on the interception of system calls. Most of the state-of-the-art techniques are very error-prone and generate results that are difficult for humans to interpret. To address this, we develop a novel and versatile mechanism which allows us to increase the security of the operating system. We expect that our mechanism will greatly simplify and extend the capabilities of monitoring processes and enforcing security policies on the system in ways not yet possible in the traditional operating systems based on the standard system calls. The central idea of our approach is that user applications, instead of requesting operating system services through a standard system call interface, send small messages to the operating system through a virtual network device, encapsulated inside an SNMP packet. We implement a prototype of our system by modifying the kernel of the Linux OS and illustrate its effectiveness by using the Wireshark packet sniffer (a standard tool used for monitoring the network traffic) to study the services requested by processes.