ShieldGen: Automatic data patch generation for unknown vulnerabilities with informed probing

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2007, Pages 252-266

  Cui, Weidong ^a   Peinado, Marcus ^a   Wang, Helen J ^a   Locasto, Michael E ^b  

^a MICROSOFT RESEARCH   (United States)

^b Columbia University ^*

Author keywords

[No Author keywords available]

Indexed keywords

DATA STRUCTURES; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; SECURITY OF DATA;

AUTOMATIC DATA PATCH GENERATION; PROBE GENERATION;

AUTOMATIC PROGRAMMING;

EID: 34548717095     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2007.34     Document Type: Conference Paper

References (32)

1. Data patch for the rpc vulnerability. http://research.microsoft.com/ research/shield/papers/blasterFilter.htm, November 2006.
2. N. Borisov, D. J. Brumley, H. J. Wang, J. Dunagan, P. Joshi, and C. Guo. A Generic Application-Level Protocol Analyzer and its Language. In Proceedings of the 14th Symposium on Network and Distributed System Security (NDSS), Feburary 2007.
3. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards Automatic Generation of Vulnerability-Based Signatures. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006.
4. M. Costa, J. Crowcroft, M. Castro, and A. Rowstron. Vigilante: End-to-End Containment of Internet Worms. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, October 2005.
5. J. R. Crandall and F. T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In Proceedings of the 37th International Symposium on Microarchitecture (MICRO-37), December 2004.
6. J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits. In Proceedings of the 12th ACM Conference on Computer and Communications Security, November 2005.
7. W. Cui, V. Paxson, and N. Weaver. GQ: Realizing a System to Catch Worms in a Quarter Million Places. Technical Report TR-06-004, ICSI, 2006.
8. W. Cui, V. Paxson, N. C. Weaver, and R. H. Katz. Protocol-Independent Adaptive Replay of Application Dialog. In Proceedings of the 13th Network and Distributed System Security Symposium, February 2006.
9. H.-A. Kim and B. Karp. Autograph: Toward Automated, Distributed Worm Signature Detection. In Proceedings of the 13th USENIX Security Symposium, August 2004.
10. C. Kreibich and J. Crowcroft. Honeycomb - Creating Intrusion Detection Signatures Using Honeypots. In Proceedings of ACM SIGCOMM HotNets-II Workshop, November 2003.
11. Z. Liang and R. Sekar. Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers. In Proceedings of the 12th ACM Conference on Computer and Communications Security, November 2005.
12. Microsoft. Microsoft security bulletin ms02-039. http://www.microsoft. com/technet/security/bulletin/MS02-039.mspx.
13. Microsoft. Microsoft security bulletin ms03-026. http://www.microsoft. com/technet/security/bulletin/MS03-026.mspx.
14. Microsoft. Microsoft security bulletin ms06-001. http://www.microsoft. com/technet/security/bulletin/MS06-001.mspx.
15. Microsoft. Microsoft Virtual PC 2004. http://www.microsoft.com/windows/ virtualpc/default.mspx.
16. G. Misherghi and Z. Su. HDD: Hierarchical Delta Debugging. In Proceedings of the 28th International Conference on Software Engineering, May 2006.
17. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the Slammer Worm. IEEE Magazine of Security and Privacy, August 2003.
18. H. Moore. Metasploit Framework, http://www.metasploit.com/.
19. th Symposium on Network and Distributed System Security (NDSS 2006), February 2006.
20. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically Generating Signatures for Polymorphic Worms. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 2005.
21. J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the 12 Network and Distributed System Security Symposium, February 2005.
22. R. Pang, V. Paxson, R. Somer, and L. Peterson. binpac: A yace for Writing Application Protocol Parsers. In Proceedings of Internet Measurement Conference, October 2006.
23. R. Perdisci, D. Dagon, W. Lee, P. Fogla, and M. Sharif. Misleading Worm Signature Generators Using Deliberate Noise Injection. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006.
24. S. Singh, C. Estan, G. Varghese, and S. Savage. Automated Worm Fingerprinting. In Proceedings of the Sixth Symposium on Operating Systems Design and Implementation, December 2004.
25. The SANS Institute. The Top 20 Most Critical Internet Security Vulnerabilities - PRESS UPDATE. http://www.sans.org/top20/2005/ spring_2006_update.php, 2006.
26. US-CERT. Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability. http://www.kb.cert.org/vuls/id/181038.
27. M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A. C. Snoeren, G. M. Voelker, and S. Savage. Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, October 2005.
28. W32.Blaster.Worm. http://securityresponse.symantec.com/avcenter/venc/ data/w32.blaster.worm.html.
29. H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. In Proceedings of the ACM SIGCOMM, August 2004.
30. X. Wang, Z. Li, J. Xu, M. K. Reiter, C. Kil, and J. Y. Choi. Packet Vaccine: Black-box Exploit Detection and Signature Generation. In Proceedings of the ACM Conference on Computer and Communications Security, November 2006.
31. Data Patch for the WMF Vulnerability. http://research.microsoft.com/ research/shield/papers/wmfFilter.htm, November 2006.
32. V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha. An Architecture for Generating Semantics-Aware Signatures. In Proceedings of the 14th USENIX Security Symposium, July 2005.