Automatic generation of buffer overflow attack signatures: An approach based on program behavior models

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2005, Issue , 2005, Pages 215-224

  Liang, Zhenkai ^a   Sekar, R ^a  

^a Stony Brook University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BUFFER OVERFLOW; NETWORK BASED ATTACKS;

CODES (SYMBOLS); COMPUTER NETWORKS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; PUBLIC KEY CRYPTOGRAPHY; SERVERS;

SECURITY OF DATA;

EID: 33846294027     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2005.12     Document Type: Conference Paper

References (40)

1. The PaX team, http://pax.grsecurity.net.
2. E. Barrantes et al. Randomized instruction set emulation to disrupt binary code injection attacks. In CCS, 2003.
3. S. Bhatkar, D. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In USENIX Security, 2003.
4. S. Bhatkar, R. Sekar, and D. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In USENIX Security, 2005.
5. T. Chiueh and F. Hsu. RAD: A compile-time solution to buffer overflow attacks. In ICDCS, 2001.
6. M. Costa et al. Vigilante: End-to-end containment of Internet worms, In SOSP, 2005.
7. C. Cowan et al. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX Security, 1998.
8. H. Etoh and K. Yoda. Protecting from stack-smashing attacks. Published on World-Wide Web at URL http://www.trl.ibm.com/projects/security/ssp, 2000.
9. H. Feng et al. Anomaly detection using call stack information. In IEEE S&P, 2003.
10. J. Giffin, S. Jha, and B. Miller. Efficient context-sensitive intrusion detection. In NDSS, 2004.
11. F. Hsu and T. Chiueh. CTCP: A centralized TCP/IP architecture for networking security. In ACSAC, 2004.
12. T. Jim et al. Cyclone: a safe dialect of C. In USENIX Annual Technical Conference, 2002.
13. R. Jones and P. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs, In Intl. Workshop on Automated Debugging, 1997.
14. G. Kc, A. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization, In ACM CCS, 2003.
15. H. Kim and B. Karp. Autograph: Toward automated, distributed worm signature detection. In USENIX Security, 2004.
16. C. Kreibich and J. Crowcroft. Honeycomb - creating intrusion detection signatures using honeypots. In HotNets-II, 2003.
17. Z. Liang, R. Sekar, and D. DuVarney. Immunizing servers from buffer-overflow attacks. Presentation in ARCS Workshop, 2004.
18. Z. Liang, R. Sekar, and D. DuVarney. Automatic synthesis of filters to discard buffer overflow attacks: A step towards realizing self-healing systems. In USENIX Annual Technical Conference, (Short Paper) 2005.
19. Z. Liang and R. Sekar. Fast and automated generation of attack signatures: A basis for building self-protecting servers. In CCS, 2005.
20. M. Locasto, K. Wang, A. Keromytis, and S. Stolfo. FLIPS: Hybrid adaptive intrusion prevention. In RAID, 2005.
21. G. Necula, S. McPeak, and W. Weimer. CCured: type-safe retrofitting of legacy code. In POPL, 2002.
22. J. Newsome et al. Polygraph: Automatically generating signatures for polymorphic worms. In IEEE S&P, 2005.
23. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS, 2005.
24. A. Pasupulati et al. Buttercup: On network-based detection of polymorphic buffer overflow vulnerabilities. In IEEE/IFIP Network Operation and Management Symposium, 2004.
25. J. Reynolds et al. On-line intrusion detection and attack prevention using diversity, generate-and-test, and generalization. Hawaii Intl. Conference on System Sciences, 2003.
26. M. Rinard et al. A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors). In ACSAC, 2004.
27. O. Ruwase and M. Lam. A practical dynamic buffer overflow detector. In NDSS, 2004.
28. R. Sekar et al. A fast automaton-based method for detecting anomalous program behaviors. In IEEE S&P, 2001.
29. S. Sidiroglou and A. Keromytis. A network worm vaccine architecture. In WETICE, 2003.
30. S. Sidiroglou, M. Locasto, S. Boyd, and A. Keromytis. Building a reactive immune system for software services. In USENIX Annual Technical Conference, 2005.
31. S. Singh et al. Automated worm fingerprinting. In OSDI, 2004.
32. A. Smirnov and T. Chiueh. DIRA: Automatic detection, identification and repair of control-hijacking attacks. In NDSS, 2005.
33. Y. Tang and S. Chen. Defending against Internet worms: A signature-based approach. In INFOCOM, 2005.
34. T. Toth and C. Kruegel. Accurate buffer overflow detection via abstract payload execution, la. RAID, 2002.
35. D. Wagner and D. Dean. Intrusion detection via static analysis. In IEEE S&P, 2001.
36. H. Wang et al. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In SIGCOMM, 2004.
37. K. Wang and S. Stolfo. Anomalous payload-based network intrusion detection. In RAID, 2004.
38. J. Xu, P. Ning, C. Kil, Y. Zhai, and C. Bookholt. Automatic diagnosis and response to memory corruption vulnerabilities. In CCS, 2005.
39. W. Xu, D. DuVarney, and R. Sekar. An efficient and backwards-compatible transformation to ensure memory safety of C programs. In FSE, 2004.
40. V. Yegneswaran, J. Giffin, P. Barford, and S. Jha. An architecture for generating semantics-aware signatures. In USENIX Security, 2005.