• Publications
  • Influence
SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address
A buffer overflow attack is perhaps the most common attack used to compromise the security of a host. This attack can be used to change the function return address and redirect execution to theExpand
  • 117
  • 10
  • Open Access
A categorization of computer security monitoring systems and the impact on the design of audit sources
Traditionally, computer security monitoring systems are built around the audit systems supplied by operating systems. These OS audit sources were not necessarily designed to meet modern securityExpand
  • 31
  • 3
  • Open Access
Generation of Application Level Audit Data via Library Interposition
One difficulty encountered by intrusion and misuse detection systems is a lack of application level audit data. In this paper we present a technique to automatically generate application level auditExpand
  • 31
  • 2
  • Open Access
Detection and prevention of stack buffer overflow attacks
How to mitigate remote attacks that exploit buffer overflow vulnerabilities on the stack and enable attackers to take control of the program.
  • 64
  • 1
  • Open Access
Digging for worms, fishing for answers
Worms continue to be a leading security threat on the Internet. This paper analyzes several of the more widespread worms and develops a general life-cycle for them. The lifecycle, from the point ofExpand
  • 17
  • 1
  • Open Access
Design of a virtual computer lab environment for hands-on information security exercises
There is an increasing demand from both students and industry for more computer science students to have experience in information security. One area that is difficult for smaller colleges toExpand
  • 9
  • 1
  • Open Access
A Building Block Approach to Intrusion Detection
This paper details the design and implementation of a host-based intrusion detection system (Hewlett-Packard’s Praesidium IDS/9000) and a specialized kernel data source which supplies customized dataExpand
  • 11
  • 1
  • Open Access
Fighting Institutional Memory Loss: The Trackle Integrated Issue and Solution Tracking System
For part-time sysadmins, a record of past actions is an invaluable tool that provides guidance in repairing or extending system services. However, requiring sysadmins to keep a detailed log ofExpand
  • 4
  • Open Access
On Browser-Level Event Logging
In this paper we offer an initial sketch of a new vantage point we are developing to study “the Web” and users' interactions with it: we have instrumented the Web browser itself. The Google ChromeExpand
  • 5
  • Open Access