University of Wisconsin-Madison Rutgers University (2009)
Vinod Ganapathy, Matthew J. Renzelmann, Arini Balakrishnan, Michael M. Swift, Somesh Jha, Sun Microsystems
Device drivers commonly execute in the kernel to achieve high performance and easy access to kernel services. However, this comes at the price of decreased reliability and increased programming...
ABSTRACT Enforcing Authorization Policies using Transactional Memory Introspection (2009)
Arnar Birgisson, Vinod Ganapathy
Correct enforcement of authorization policies is a difficult task, especially for multi-threaded software. Even in carefully-reviewed code, unauthorized access may be possible in subtle corner cases....
Abstract Slicing Synchronous Reactive Programs (2008)
This paper extends the well-known technique of slicing to synchronous reactive programs. Synchronous languages exemplified by Esterel, Lustre, Signal and Argos, employ a novel model of execution that...
ABSTRACT An Auctioning Reputation System Based on Anomaly Detection (2008)
Shai Rubin, Mihai Christodorescu, Vinod Ganapathy, Jonathon T. Giffin, Louis Kruger, Hao Wang
Existing reputation systems used by online auction houses do not address the concern of a buyer shopping for commodities—finding a good bargain. These systems do not provide information on the...
Microdrivers: A New Architecture for Device Drivers (2008)
Vinod Ganapathy, Arini Balakrishnan, Michael M. Swift, Somesh Jha
Commodity operating systems achieve good performance by running device drivers in-kernel. Unfortunately, this architecture offers poor fault isolation. This paper introduces microdrivers, which...
Vinod Ganapathy, David King, Trent Jaeger, Somesh Jha
This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive...
ABSTRACT An Auctioning Reputation System Based on Anomaly Detection (2008)
Shai Rubin, Mihai Christodorescu, Vinod Ganapathy, Jonathon T. Giffin, Louis Kruger, Hao Wang
Existing reputation systems used by online auction houses do not address the concern of a buyer shopping for commodities—finding a good bargain. These systems do not provide information on the...
ABSTRACT An Auctioning Reputation System Based on Anomaly Detection (2008)
Shai Rubin, Mihai Christodorescu, Vinod Ganapathy, Jonathon T. Giffin, Louis Kruger, Hao Wang
Existing reputation systems used by online auction houses do not address the concern of a buyer shopping for commodities—finding a good bargain. These systems do not provide information on the...
Towards Automated Authorization Policy Enforcement (2008)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
In systems with shared resources, authorization policy enforcement ensures that these resources are accessible only to users who are allowed to do so. Recently, there is growing interest to (i)...
ABSTRACT An Auctioning Reputation System Based on Anomaly Detection (2008)
Shai Rubin, Mihai Christodorescu, Vinod Ganapathy, Jonathon T. Giffin, Louis Kruger, Hao Wang
Existing reputation systems used by online auction houses do not address the concern of a buyer shopping for commodities—finding a good bargain. These systems do not provide information on the...
Trent Jaeger, Vinod Ganapathy, Somesh Jha
� Authorization policies and their enforcement � Three concepts: � Subjects (e.g., users, processes) � Objects (e.g., system resources) � Security-sensitive operations on objects. �...
Mining securitysensitive operations in legacy code using concept analysis (2007)
This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive...
Buffer Overrun Detection Using Linear Programming and Static Analysis (2006)
Ganapathy, Vinod, Jha, Somesh, Chandler, David, Melski, David, Vitek, David
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Retrofitting legacy code for authorization policy enforcement (2006)
Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic...
NetSpy: Automatic generation of spyware signatures for NIDS (2006)
Hao Wang, Somesh Jha, Vinod Ganapathy
We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic...
Retrofitting legacy code for authorization policy enforcement (2006)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
Researchers have long argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of...
Retrofitting legacy code for authorization policy enforcement (2006)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic...
An Auctioning Reputation System Based on Anomaly Detection (2005)
Shai Rubin, Mihai Christodorescu, Vinod Ganapathy, Jonathon T. Giffin, Louis Kruger, Hao Wang
Existing reputation systems used by online auction houses do not address the concern of a buyer shopping for commodities—finding a good bargain. These systems do not provide information on the...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component,...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component,...
Automatic placement of authorization hooks in the linux security modules framework (2005)
We present a technique for automatic placement of authorization hooks, and apply it to the Linux security modules (LSM) framework. LSM is a generic framework which allows diverse authorization...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
Automatic placement of authorization hooks in the linux security modules framework (2005)
We present a technique for automatic placement of authorization hooks, and apply it to the Linux security modules (LSM) framework. LSM is a generic framework which allows diverse authorization...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
ABSTRACT This paper addresses the issue of identifying buffer overrun vul-nerabilities by statically analyzing C source code. We demonstrate
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
Vinod Ganapathy, Somesh Jha, David Ch, David Melski, David Vitek
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
Vinod Ganapathy, Somesh Jha, David Ch, David Melski, David Vitek
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a scalable analysis based on modeling C string manipulations as a...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
Vinod Ganapathy, Somesh Jha, David Ch, David Melski, David Vitek
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
An Auctioning Reputation System Based on Anomaly Detection (1998)
Rubin, Shai, Christodorescu, Mihai, Ganapathy, Vinod, Giffin, Jonathon T., Kruger, Louis, Wang, Hao
Existing reputation systems used by online auction houses do not address the concern of a buyer shopping for commodities finding a good bargain. These systems do not provide information on the...