Abstract :
Immunix™ is a Linux system hardened with several DARPA-funded security technologies to produce a highly survivable server appliance platform. The Immunix technologies include: StackGuard, FormatGuard, RaceGuard, SubDomain, and LSM (Linux Security Modules). Combined, these technologies make it very difficult for an attacker to break into an Immunix server, despite the presence of unpatched vulnerabilities, while also preserving a high degree of compatibility with standard Linux systems. The Defcon Capture-the-Flag (CtF) contest is the largest open security hacking game. The 2002 game was designed to make it particularly difficult for defenders to defend their servers by forcing players to host software known to be vulnerable. Our DISCEX III paper describes our experience playing an Immunix server in this game: we placed second overall, and no one was able to take control of the Immunix server.
Keywords :
Unix; computer games; military computing; operating systems (computers); security of data; telecommunication security; DARPA; DISCEX III; Defcon Capture-the-Flag contest; FormatGuard; Immunix server; LSM; Linux Security Modules; RaceGuard; StackGuard; SubDomain; compatibility; highly survivable server appliance platform; intense attack; open security hacking game; vulnerable code; Access control; Buffer overflow; Electronic mail; Home appliances; Immune system; Immunity testing; Kernel; Linux; Protection; Web server;
