LoboVault Home
 

Fine-grained reasoning about the security and usability trade-off in modern security tools

LoboVault

Please use this identifier to cite or link to this item: http://hdl.handle.net/1928/13120

Fine-grained reasoning about the security and usability trade-off in modern security tools

Show simple item record

dc.contributor.author Al-Saleh, Mohammed I
dc.date.accessioned 2011-08-30T19:57:06Z
dc.date.available 2011-08-30T19:57:06Z
dc.date.issued 2011-08-30
dc.date.submitted July 2011
dc.identifier.uri http://hdl.handle.net/1928/13120
dc.description.abstract Defense techniques detect or prevent attacks based on their ability to model the attacks. A balance between security and usability should always be established in any kind of defense technique. Attacks that exploit the weak points in security tools are very powerful and thus can go undetected. One source of those weak points in security tools comes when security is compromised for usability reasons, where if a security tool completely secures a system against attacks the whole system will not be usable because of the large false alarms or the very restricted policies it will create, or if the security tool decides not to secure a system against certain attacks, those attacks will simply and easily succeed. The key contribution of this dissertation is that it digs deeply into modern security tools and reasons about the inherent security and usability trade-offs based on identifying the low-level, contributing factors to known issues. This is accomplished by implementing full systems and then testing those systems in realistic scenarios. The thesis that this dissertation tests is that we can reason about security and usability trade-offs in fine-grained ways by building and testing full systems. Furthermore, this dissertation provides practical solutions and suggestions to reach a good balance between security and usability. We study two modern security tools, Dynamic Information Flow Tracking (DIFT) and Antivirus (AV) software, for their importance and wide usage. DIFT is a powerful technique that is used in various aspects of security systems. It works by tagging certain inputs and propagating the tags along with the inputs in the target system. However, current DIFT systems do not track implicit information flow because if all DIFT propagation rules are directly applied in a conservative way, the target system will be full of tagged data (a problem called overtagging) and thus useless because the tags tell us very little about the actual information flow of the system. So, current DIFT systems drop some security for usability. In this dissertation, we reason about the sources of the overtagging problem and provide practical ways to deal with it, while previous approaches have focused on abstract descriptions of the main causes of the problem based on limited experiments. The second security tool we consider in this dissertation is antivirus (AV) software. AV is a very important tool that protects systems against worms and viruses by scanning data against a database of signatures. Despite its importance and wide usage, AV has received little attention from the security research community. In this dissertation, we examine the AV internals and reason about the possibility of creating timing channel attacks against AV software. The attacker could infer information about the AV based only on the scanning time the AV spends to scan benign inputs. The other aspect of AV this dissertation explores is the low-level AV performance impact on systems. Even though the performance overhead of AV is a well known issue, the exact reasons behind this overhead are not well-studied. In this dissertation, we design a methodology that utilizes Event Tracing for Windows technology (ETW), a technology that accounts for all OS events, to reason about AV performance impact from the OS point of view. We show that the main performance impact of the AV on a task is the longer waiting time the task spends waiting on events. en_US
dc.language.iso en en_US
dc.subject security en_US
dc.subject usability en_US
dc.subject Fine-grained reasoning en_US
dc.subject DIFT en_US
dc.subject Antivirus en_US
dc.subject Timing attack en_US
dc.subject Sensor network security en_US
dc.subject dynamic information flow tracking en_US
dc.subject Computer security. en_US
dc.subject Intrusion detection systems (Computer security) en_US
dc.subject Computer viruses--Prevention en_US
dc.subject User-centered system design. en_US
dc.subject.lcsh Computer networks--Security measures.
dc.subject.lcsh Computer security.
dc.subject.lcsh Intrusion detection systems (Computer security)
dc.subject.lcsh Anomaly detection (Computer security)
dc.title Fine-grained reasoning about the security and usability trade-off in modern security tools en_US
dc.type Dissertation en_US
dc.description.degree Computer Science en_US
dc.description.level Doctoral en_US
dc.description.department University of New Mexico. Dept. of Computer Science en_US
dc.description.advisor Crandall, Jedidiah
dc.description.committee-member Arnold, Dorian
dc.description.committee-member Lane, Terran
dc.description.committee-member Fierro, Rafael


Files in this item

Files Size Format View
sig-with-diss1.pdf 2.361Mb PDF View/Open

This item appears in the following Collection(s)

Show simple item record

UNM Libraries

Search LoboVault


Advanced Search

Browse

My Account