AppMon: Application Monitors for Not-Yet-Trusted Software

Marceau, Carla; Kozen, Dexter

AppMon: Application Monitors for Not-Yet-Trusted Software

Active / Technical Report | Accession Number: ADA471585 |

Open PDF

Abstract:

Report developed under STTR contract for topic OSD06-SP2. AppMon represents a novel approach to monitoring the behavior of not-yet-trusted applications that avoids the disadvantages of current approaches. It is based on a self-customizing monitor that constrains the applications use of computer resources. A self-customizing monitor learns how the application normally uses computer resources and does not interfere with normal use. However, when the application uses resources in an unusual way, AppMon prevents potentially harmful accesses. Self-customizing monitors satisfy three important requirements on application security monitors. First, the application can be run immediately without testing or training. Second, customization is automatic, so only minimal demands are made on the user and system administrator. Finally, the self-customizing monitors are applicable to a wide variety of applications, including those that read and write files, read and write registry keys, invoke other processes, and use the Internet.

Author(s):

Marceau, Carla ; Kozen, Dexter

Author Organization(s):

ODYSSEY RESEARCH ASSOCIATES INC ITHACA NY

Descriptive Note:

Final rept. 15 Aug 2006-13 Jun 2007

Supplementary Note:

Prepared in cooperation with ATC-NY and Cornell University. DOI: 10.21236/ADA471585

Pagination:

0028

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

ORA-TR-07-0005, AFRL-SR-AR-TR-07-0302

Contract/Grant Number(s):

FA9550-06-C-0098

Monitor Series:

TR-07-0302, AFOSR

Subject Terms

Joint Capability Areas:

JCA_2_Battlespace Awareness; JCA_2.1_Planning and Direction; JCA_2.1.3_Task and Monitor Resources; JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_1.2_Force Preparation; JCA_1_Force Support; JCA_5_Command and Control; JCA_6.1_Information Transport; JCA_1.2.1_Training; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_5.5.2_Task

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*COMPUTER APPLICATIONS, *MONITORS, *SOFTWARE TOOLS, SELF OPERATION, INFORMATION SECURITY, INTRUSION DETECTION(COMPUTERS), ELECTRONIC SECURITY, AUTOMATIC, CHANGE DETECTION

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

*SELF CUSTOMIZING MONITORS, STTR(SMALL BUSINESS TECHNOLOGY TRANSFER), STTR REPORTS, STTR TOPIC OSD06 SP2 PHASE 1

Report Date:

2007 Jun 08

Creation Date:

2007 Sep 12