Saint Jude: Modeling, Detecting and Responding to Unauthorized Root Transitions

Presented at DEF CON 8 (2000), July 29, 2000, 10 a.m. (50 minutes)

The recent surge of interest in Security has been a boon for those developing IDS systems. Unfortunately,, the IDS advancements have been disproportional in the realm of Network IDS -- with Host-based IDS lagging behind, only able to detect breaches after the incident.

This state of affairs offers administrators, faced with the looming threat of intruders gaining access to their systems via legitimate channels, little protection beyond hardening and continually patching their systems. An intruder need only find one hole, the administrator -- all of them.

During this session, the Stain Jude project will be presented. Named after the patron saint of hopeless cases, the Saint Jude project is an IDS project that hopes to deliver a model and implementation able to stop a root compromise dead in its tracks, irregardless of the exploits method.

Presenters:

• Tim Lawless
  Tim Lawless is a Systems Administer with the University of Souther Mississippi on the Stennis Space Center Campus. After having spent many a night sleeping in the machine room after a security breach, he became REALLY interested in the topics of Computer Security and Information Warfare. He is also a member of the ACPO (formerly ACPM), working to remove child pornography from the Internet.

Links:

• https://defcon.org/html/defcon-8/defcon-8-post.html#Tim_Lawless
• https://infocon.org/cons/DEF CON/DEF CON 8/DEF CON 8 video/DEF CON 8 - Tim Lawless And Saint Jude Modeling Detecting And Responding To Unauthorized Root Transitions.mp4
• https://www.youtube.com/watch?v=54WSgC04Hz4

Similar Presentations:

• GrrCON 2014 / How to budget IDS's
• DEF CON 9 (2001) / Applying Information Warfare theory to generate a higher level of knowledge from current IDS.
• ToorCon San Diego 1 (1999) / IDS: What are they and how can we use them?