LoboVault Home

Fine-grained reasoning about the security and usability trade-off in modern security tools

LoboVault

Please use this identifier to cite or link to this item: http://hdl.handle.net/1928/13120

Fine-grained reasoning about the security and usability trade-off in modern security tools

Show full item record

Title: Fine-grained reasoning about the security and usability trade-off in modern security tools
Author: Al-Saleh, Mohammed I
Advisor(s): Crandall, Jedidiah
Committee Member(s): Arnold, Dorian
Lane, Terran
Fierro, Rafael
Department: University of New Mexico. Dept. of Computer Science
Subject: security
usability
Fine-grained reasoning
DIFT
Antivirus
Timing attack
Sensor network security
dynamic information flow tracking
Computer security.
Intrusion detection systems (Computer security)
Computer viruses--Prevention
User-centered system design.
LC Subject(s): Computer networks--Security measures.
Computer security.
Intrusion detection systems (Computer security)
Anomaly detection (Computer security)
Degree Level: Doctoral
Abstract: Defense techniques detect or prevent attacks based on their ability to model the attacks. A balance between security and usability should always be established in any kind of defense technique. Attacks that exploit the weak points in security tools are very powerful and thus can go undetected. One source of those weak points in security tools comes when security is compromised for usability reasons, where if a security tool completely secures a system against attacks the whole system will not be usable because of the large false alarms or the very restricted policies it will create, or if the security tool decides not to secure a system against certain attacks, those attacks will simply and easily succeed. The key contribution of this dissertation is that it digs deeply into modern security tools and reasons about the inherent security and usability trade-offs based on identifying the low-level, contributing factors to known issues. This is accomplished by implementing full systems and then testing those systems in realistic scenarios. The thesis that this dissertation tests is that we can reason about security and usability trade-offs in fine-grained ways by building and testing full systems. Furthermore, this dissertation provides practical solutions and suggestions to reach a good balance between security and usability. We study two modern security tools, Dynamic Information Flow Tracking (DIFT) and Antivirus (AV) software, for their importance and wide usage. DIFT is a powerful technique that is used in various aspects of security systems. It works by tagging certain inputs and propagating the tags along with the inputs in the target system. However, current DIFT systems do not track implicit information flow because if all DIFT propagation rules are directly applied in a conservative way, the target system will be full of tagged data (a problem called overtagging) and thus useless because the tags tell us very little about the actual information flow of the system. So, current DIFT systems drop some security for usability. In this dissertation, we reason about the sources of the overtagging problem and provide practical ways to deal with it, while previous approaches have focused on abstract descriptions of the main causes of the problem based on limited experiments. The second security tool we consider in this dissertation is antivirus (AV) software. AV is a very important tool that protects systems against worms and viruses by scanning data against a database of signatures. Despite its importance and wide usage, AV has received little attention from the security research community. In this dissertation, we examine the AV internals and reason about the possibility of creating timing channel attacks against AV software. The attacker could infer information about the AV based only on the scanning time the AV spends to scan benign inputs. The other aspect of AV this dissertation explores is the low-level AV performance impact on systems. Even though the performance overhead of AV is a well known issue, the exact reasons behind this overhead are not well-studied. In this dissertation, we design a methodology that utilizes Event Tracing for Windows technology (ETW), a technology that accounts for all OS events, to reason about AV performance impact from the OS point of view. We show that the main performance impact of the AV on a task is the longer waiting time the task spends waiting on events.
Graduation Date: July 2011
URI: http://hdl.handle.net/1928/13120


Files in this item

Files Size Format View
sig-with-diss1.pdf 2.361Mb PDF View/Open

This item appears in the following Collection(s)

Show full item record

UNM Libraries

Search LoboVault


Browse

My Account