A software based approach for trusted agent execution on malicious host

Sarosh Hashmi; John Brooke

doi:10.1109/CSE.2009.398

A software based approach for trusted agent execution on malicious host

Sarosh Hashmi, John Brooke

ITS - Office of the CIO

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

Abstract

Absolute protection of mobile agents from attacks by malicious hosts is an open research problem. We propose a software based paradigm whereby an agent is protected from various static and dynamic attacks from a malicious host of an unknown hardware configuration, for a specific period of time. This time interval is computed by restricting the maximum resources that may be available to the adversary and the time complexity of the critical static and dynamic attacks that it may launch. We employ the technique of oblivious hashing (OH) using overlapped instructions [1], with multilevel pointer aliasing to thwart static analysis and instant code modifications. The host is required to obtain the aggregate OH value of the whole agent by executing it in an unobtrusive environment and to send it back to the agent originator within the specified time interval. To provide unobtrusive environment, we employ external timing analysis to detect major dynamic attack tools such as debuggers, virtual machines and emulators. Experimental results are presented that demonstrate the viability of the timing analysis mechanism in detecting dynamic attack tools on a range of Intel based machines. © 2009 IEEE.

Original language	English
Title of host publication	Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009\|Proc. - IEEE Int. Conf. Comput. Sci. Eng., CSE
Pages	837-846
Number of pages	9
Volume	2
DOIs	https://doi.org/10.1109/CSE.2009.398
Publication status	Published - 2009
Event	7th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2009 - Vancouver, BC Duration: 1 Jul 2009 → …

Conference

Conference	7th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2009
City	Vancouver, BC
Period	1/07/09 → …

Keywords

Intel based machines
debuggers
dynamic attacks
emulators
external timing analysis
instant code modifications
malicious host
mobile agents
multilevel pointer aliasing
oblivious hashing
overlapped instructions
software based approach
static analysis
static attacks
time complexity
trusted agent execution
virtual machines
computational complexity
cryptography
multi-agent systems
program debugging
program diagnostics

Access to Document

10.1109/CSE.2009.398

Cite this

@inproceedings{09bf777dc5a9496d849d03ac1b3ec97d,

title = "A software based approach for trusted agent execution on malicious host",

abstract = "Absolute protection of mobile agents from attacks by malicious hosts is an open research problem. We propose a software based paradigm whereby an agent is protected from various static and dynamic attacks from a malicious host of an unknown hardware configuration, for a specific period of time. This time interval is computed by restricting the maximum resources that may be available to the adversary and the time complexity of the critical static and dynamic attacks that it may launch. We employ the technique of oblivious hashing (OH) using overlapped instructions [1], with multilevel pointer aliasing to thwart static analysis and instant code modifications. The host is required to obtain the aggregate OH value of the whole agent by executing it in an unobtrusive environment and to send it back to the agent originator within the specified time interval. To provide unobtrusive environment, we employ external timing analysis to detect major dynamic attack tools such as debuggers, virtual machines and emulators. Experimental results are presented that demonstrate the viability of the timing analysis mechanism in detecting dynamic attack tools on a range of Intel based machines. {\textcopyright} 2009 IEEE.",

keywords = "Intel based machines, debuggers, dynamic attacks, emulators, external timing analysis, instant code modifications, malicious host, mobile agents, multilevel pointer aliasing, oblivious hashing, overlapped instructions, software based approach, static analysis, static attacks, time complexity, trusted agent execution, virtual machines, computational complexity, cryptography, multi-agent systems, program debugging, program diagnostics",

author = "Sarosh Hashmi and John Brooke",

year = "2009",

doi = "10.1109/CSE.2009.398",

language = "English",

isbn = "9780769538235",

volume = "2",

pages = "837--846",

booktitle = "Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009|Proc. - IEEE Int. Conf. Comput. Sci. Eng., CSE",

note = "7th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2009 ; Conference date: 01-07-2009",

}

Hashmi, S & Brooke, J 2009, A software based approach for trusted agent execution on malicious host. in Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009|Proc. - IEEE Int. Conf. Comput. Sci. Eng., CSE. vol. 2, pp. 837-846, 7th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2009, Vancouver, BC, 1/07/09. https://doi.org/10.1109/CSE.2009.398

A software based approach for trusted agent execution on malicious host. / Hashmi, Sarosh; Brooke, John.
Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009|Proc. - IEEE Int. Conf. Comput. Sci. Eng., CSE. Vol. 2 2009. p. 837-846.

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A software based approach for trusted agent execution on malicious host

AU - Hashmi, Sarosh

AU - Brooke, John

PY - 2009

Y1 - 2009

N2 - Absolute protection of mobile agents from attacks by malicious hosts is an open research problem. We propose a software based paradigm whereby an agent is protected from various static and dynamic attacks from a malicious host of an unknown hardware configuration, for a specific period of time. This time interval is computed by restricting the maximum resources that may be available to the adversary and the time complexity of the critical static and dynamic attacks that it may launch. We employ the technique of oblivious hashing (OH) using overlapped instructions [1], with multilevel pointer aliasing to thwart static analysis and instant code modifications. The host is required to obtain the aggregate OH value of the whole agent by executing it in an unobtrusive environment and to send it back to the agent originator within the specified time interval. To provide unobtrusive environment, we employ external timing analysis to detect major dynamic attack tools such as debuggers, virtual machines and emulators. Experimental results are presented that demonstrate the viability of the timing analysis mechanism in detecting dynamic attack tools on a range of Intel based machines. © 2009 IEEE.

AB - Absolute protection of mobile agents from attacks by malicious hosts is an open research problem. We propose a software based paradigm whereby an agent is protected from various static and dynamic attacks from a malicious host of an unknown hardware configuration, for a specific period of time. This time interval is computed by restricting the maximum resources that may be available to the adversary and the time complexity of the critical static and dynamic attacks that it may launch. We employ the technique of oblivious hashing (OH) using overlapped instructions [1], with multilevel pointer aliasing to thwart static analysis and instant code modifications. The host is required to obtain the aggregate OH value of the whole agent by executing it in an unobtrusive environment and to send it back to the agent originator within the specified time interval. To provide unobtrusive environment, we employ external timing analysis to detect major dynamic attack tools such as debuggers, virtual machines and emulators. Experimental results are presented that demonstrate the viability of the timing analysis mechanism in detecting dynamic attack tools on a range of Intel based machines. © 2009 IEEE.

KW - Intel based machines

KW - debuggers

KW - dynamic attacks

KW - emulators

KW - external timing analysis

KW - instant code modifications

KW - malicious host

KW - mobile agents

KW - multilevel pointer aliasing

KW - oblivious hashing

KW - overlapped instructions

KW - software based approach

KW - static analysis

KW - static attacks

KW - time complexity

KW - trusted agent execution

KW - virtual machines

KW - computational complexity

KW - cryptography

KW - multi-agent systems

KW - program debugging

KW - program diagnostics

U2 - 10.1109/CSE.2009.398

DO - 10.1109/CSE.2009.398

M3 - Conference contribution

SN - 9780769538235

VL - 2

SP - 837

EP - 846

BT - Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009|Proc. - IEEE Int. Conf. Comput. Sci. Eng., CSE

T2 - 7th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2009

Y2 - 1 July 2009

ER -

A software based approach for trusted agent execution on malicious host

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this