Towards more secure program execution environments

Abstract

The increasing prevalence of cyber attacks is a worrying trend in the Internet age. This thesis aims to enhance host security by providing more secure program execution environments. Our approach is based on securing the "Program Protection Life Cycle (PPLC)" which protects programs throughout their life cycles. Firstly, to mitigate the threat of zero-day attacks, we investigate a system-call monitoring IDS. We show how a non-parameterized Self-based IDS is vulnerable to mimicry attacks. We then improve the IDS by employing a privilege and argument abstraction technique. Furthermore, we propose a general framework which demonstrates how the attack construction approach can apply to various IDS models. Secondly, to ensure vulnerability-free program executions, we propose a lightweight executable authentication scheme and an automated vulnerability management scheme. Thirdly, we address Public Key Infrastructure (PKI) by proposing lightweight and near real-time revocation schemes, and a formalism to reason with modern PKI-based systems and protocols.