• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>The Fifth International Conference on Systems (ICONS 2010) >Observation Mechanism and Cost Model for Tightly Coupled Asymmetric Concurrency
【24h】

Observation Mechanism and Cost Model for Tightly Coupled Asymmetric Concurrency

机译:紧耦合非对称并发的观察机制与成本模型

获取原文
获取原文并翻译 | 示例
获取外文期刊封面目录资料
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Whilst the precise objectives and mechanisms used by malicious code will vary widely and may involve wholly unknown techniques to achieve their respective objectives, certain second-order operations such as privilege escalation or concealment of the codeȁ9;s presence or activity are predictable. In particular, concealment mechanisms must modify well-known data structures, which could be detected trivially otherwise. We argue that any such mechanism is necessarily non-atomic and can hence be detected through concurrent observations forcing an interleaved linearization of the malicious code with observations of memory state changes induced in tightly coupled concurrent processing units. Extending previous research for the case of symmetric concurrent observation, we propose a computational model and observation mechanism for the case of tightly coupled asymmetric concurrent processing units as may be found in most current computing environments with particular emphasis on metrics for the cost of forced synchronization and resource contention caused by observations. We argue that the resulting observations will provide a novel sensor datum for intrusion detection but may also be used as a standalone probabilistic detection mechanism particularly suited to detect attacks in progress.
机译:尽管恶意代码使用的确切目标和机制可能相差很大,并且可能涉及完全未知的技术来实现其各自的目标,但是某些二级操作(例如特权升级或隐藏代码9)的存在或活动是可以预测的。特别是,隐藏机制必​​须修改众所周知的数据结构,否则可以轻易检测到该结构。我们认为,任何这样的机制都必须是非原子的,因此可以通过并发观察来检测,这种观察迫使对紧密耦合的并发处理单元中引起的内存状态变化进行观察,从而对恶意代码进行交错线性化。在对称并发观测的情况下扩展了先前的研究,我们为紧密耦合的非对称并发处理单元的情况提出了一种计算模型和观测机制,正如在大多数当前计算环境中可能会发现的那样,其中特别强调了强制同步和观察引起的资源争夺。我们认为,由此产生的观察结果将为入侵检测提供一个新颖的传感器数据,但也可能被用作独立的概率检测机制,特别适合于检测进行中的攻击。

著录项

  • 来源
  • 会议地点 Menuires(FR);Menuires(FR)
  • 作者

    Seeger Mark M.; Wolthusen Stephen D.;

  • 作者单位

    Issue Date: 11-16 April 2010rnrntOn page(s): rnt158rnttrn- 163rnrnrnLocation: Menuires, TBD, FrancernrnPrint ISBN: 978-1-4244-6231-5rnrnrnrnttrnDigital Object Identifier: href=''http://dx.doi.org/10.1109/ICONS.2010.34'' target=''_blank''>10.1109/ICONS.2010.34 rnrnDate of Current Version: trnrnt2010-05-13 13:19:46.0rnrnt rntt class="body-text">rntname="Abstract">>Abstractrn>Whilst the precise objectives and mechanisms used by malicious code will vary widely and may involve wholly unknown techniques to achieve their respective objectives, certain second-order operations such as privilege escalation or concealment of the codeȁ9;

    s presence or activity are predictable. In particular, concealment mechanisms must modify well-known d;

  • 会议组织
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类 自动化技术及设备;系统科学;
  • 关键词

    Asymmetric Concurrency; Computational Model; Intrusion Detection; Memory Observation;

    机译:非对称并发;计算模型;入侵检测;内存观察;

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号