Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings

Research Article

Enhancing Host Security Using External Environment Sensors

Download233 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-16161-2_21,
        author={Ee-Chien Chang and Liming Lu and Yongzheng Wu and Roland Yap and Jie Yu},
        title={Enhancing Host Security Using External Environment Sensors},
        proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={intrusion detection spam sensors access control host security},
        doi={10.1007/978-3-642-16161-2_21}
    }
    
  • Ee-Chien Chang
    Liming Lu
    Yongzheng Wu
    Roland Yap
    Jie Yu
    Year: 2012
    Enhancing Host Security Using External Environment Sensors
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-16161-2_21
Ee-Chien Chang1,*, Liming Lu1,*, Yongzheng Wu,*, Roland Yap1,*, Jie Yu2,*
  • 1: National University of Singapore
  • 2: National University of Defense Technology
*Contact email: changec@comp.nus.edu.sg, luliming@comp.nus.edu.sg, wuyongzh@comp.nus.edu.sg, ryap@comp.nus.edu.sg, yj@nudt.edu.cn

Abstract

We propose a framework that uses environment information to enhance computer security. We apply our framework to: enhance IDS performance; and to enrich the expressiveness of access/rate controls. The environment information is gathered by external (w.r.t the host) sensors, and transmitted via an out-of-band channel, and thus it is hard for adversaries not having physical access to compromise the system. The information gathered still remains intact even if malware use rootkit techniques to hide its activities. Due to requirements on user privacy, the information gathered could be coarse and simple. We show that such simple information is already useful in several experimental evaluations. For instance, binary user presence indicating at a workstation can help to detect DDoS zombie attacks and illegal email spam. Our framework takes advantage of the growing popularity of multimodal sensors and physical security information management systems. Trends in sensor costs suggest that it will be cost-effective in the near future.