Show simple item record

dc.contributor.authorAl-Saleh, Mohammed I
dc.date.accessioned2011-08-30T19:57:06Z
dc.date.available2011-08-30T19:57:06Z
dc.date.issued2011-08-30
dc.date.submittedJuly 2011
dc.identifier.urihttp://hdl.handle.net/1928/13120
dc.description.abstractDefense techniques detect or prevent attacks based on their ability to model the attacks. A balance between security and usability should always be established in any kind of defense technique. Attacks that exploit the weak points in security tools are very powerful and thus can go undetected. One source of those weak points in security tools comes when security is compromised for usability reasons, where if a security tool completely secures a system against attacks the whole system will not be usable because of the large false alarms or the very restricted policies it will create, or if the security tool decides not to secure a system against certain attacks, those attacks will simply and easily succeed. The key contribution of this dissertation is that it digs deeply into modern security tools and reasons about the inherent security and usability trade-offs based on identifying the low-level, contributing factors to known issues. This is accomplished by implementing full systems and then testing those systems in realistic scenarios. The thesis that this dissertation tests is that we can reason about security and usability trade-offs in fine-grained ways by building and testing full systems. Furthermore, this dissertation provides practical solutions and suggestions to reach a good balance between security and usability. We study two modern security tools, Dynamic Information Flow Tracking (DIFT) and Antivirus (AV) software, for their importance and wide usage. DIFT is a powerful technique that is used in various aspects of security systems. It works by tagging certain inputs and propagating the tags along with the inputs in the target system. However, current DIFT systems do not track implicit information flow because if all DIFT propagation rules are directly applied in a conservative way, the target system will be full of tagged data (a problem called overtagging) and thus useless because the tags tell us very little about the actual information flow of the system. So, current DIFT systems drop some security for usability. In this dissertation, we reason about the sources of the overtagging problem and provide practical ways to deal with it, while previous approaches have focused on abstract descriptions of the main causes of the problem based on limited experiments. The second security tool we consider in this dissertation is antivirus (AV) software. AV is a very important tool that protects systems against worms and viruses by scanning data against a database of signatures. Despite its importance and wide usage, AV has received little attention from the security research community. In this dissertation, we examine the AV internals and reason about the possibility of creating timing channel attacks against AV software. The attacker could infer information about the AV based only on the scanning time the AV spends to scan benign inputs. The other aspect of AV this dissertation explores is the low-level AV performance impact on systems. Even though the performance overhead of AV is a well known issue, the exact reasons behind this overhead are not well-studied. In this dissertation, we design a methodology that utilizes Event Tracing for Windows technology (ETW), a technology that accounts for all OS events, to reason about AV performance impact from the OS point of view. We show that the main performance impact of the AV on a task is the longer waiting time the task spends waiting on events.en_US
dc.language.isoenen_US
dc.subjectsecurityen_US
dc.subjectusabilityen_US
dc.subjectFine-grained reasoningen_US
dc.subjectDIFTen_US
dc.subjectAntivirusen_US
dc.subjectTiming attacken_US
dc.subjectSensor network securityen_US
dc.subjectdynamic information flow trackingen_US
dc.subjectComputer security.en_US
dc.subjectIntrusion detection systems (Computer security)en_US
dc.subjectComputer viruses--Preventionen_US
dc.subjectUser-centered system design.en_US
dc.subject.lcshComputer networks--Security measures.
dc.subject.lcshComputer security.
dc.subject.lcshIntrusion detection systems (Computer security)
dc.subject.lcshAnomaly detection (Computer security)
dc.titleFine-grained reasoning about the security and usability trade-off in modern security toolsen_US
dc.typeDissertationen_US
dc.description.degreeComputer Scienceen_US
dc.description.levelDoctoralen_US
dc.description.departmentUniversity of New Mexico. Dept. of Computer Scienceen_US
dc.description.advisorCrandall, Jedidiah
dc.description.committee-memberArnold, Dorian
dc.description.committee-memberLane, Terran
dc.description.committee-memberFierro, Rafael


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record