Execution trace-driven automated attack signature generation

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2008, Pages 195-204

  Nanda, Susanta ^a   Chiueh, Tzi Cker ^a  

^a SYMANTEC RESEARCH LABS   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK SIGNATURES; AUTOMATED ATTACKS; DYNAMIC DATUM; EXECUTION TRACES; NETWORK INTRUSIONS; NETWORK PACKETS; PROCESS NETWORKS; PROTECTED NETWORKS; WEB APPLICATIONS;

COMPUTER APPLICATIONS; INTERNET; LAW ENFORCEMENT; METAL DRAWING; PACKET SWITCHING; SECURITY OF DATA; SECURITY SYSTEMS;

CONCURRENCY CONTROL;

EID: 60649099785     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2008.58     Document Type: Conference Paper

References (40)

1. Ghttpd log() function buffer overflow vulnerability. http://www. securityfocus.com/bid/5960.
2. Open source web application firewall. http://www.modsecurity.org/.
3. Php-post. http://scripts.ringsworld.com/discussion-boards/phpp/.
4. Cgi: Common gateway interface. http://www.w3.org/CGI/, 1999.
5. Multiple vendor c library realpath() off-by-one buffer overflow vulnerability. http://www.securityfocus.com/bid/8315, 2003.
6. Wu-ftpd s/key authentication buffer overflow vulnerability. http://secunia.com/advisories/10077/, 2004.
7. M. Abadi, M. Budiu, Úlfar Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. In CCS, Nov 2005.
8. C. Anley. Advanced sql injection. An NGS Software Insight Security Research (NISR) Publication, June.
9. W. Bellamy. Hypertext transfer protocol (http) header exploitation. http://www.cgisecurity.com/lib/bill/William Bellamy GCIH.html, September.
10. S. Bhansali, W.-K. Chen, S. de Jong, A. Edwards, R. Murray, M. Drinić, D. Mihočka, and J. Chau. Framework for instruction-level tracing and analysis of program executions. In VEE, pages 154-163, 2006.
11. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards automatic generation of vulnerability-based signatures. In IEEE Symposium on Security and Privacy, 2006.
12. D. Brumley, H. Wang, S. Jha, and D. Song. Creating vulnerability signatures using weakest preconditions. In IEEE Computer Security Foundations Symposium, pages 311-325, 2007.
13. M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In OSDI, pages 147-160, 2006.
14. L. chung Lam. Checking array bound violation using segmentation hardware. In DSN, pages 388-397, 2005.
15. L. chung Lam and T. cker Chiueh. A general dynamic information flow tracking framework for security applications. In ACSAC, 2006.
16. M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado. Bouncer: securing software by blocking bad input. In SOSP, pages 117-130, 2007.
17. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: end-to-end containment of internet worms. SIGOPS Oper. Syst. Rev., 39(5):133-147, 2005.
18. C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX Security, 1998.
19. J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In Computer and communications security, pages 235-248, 2005.
20. W. Cui, M. Peinado, H. J. Wang, and M. E. Locasto. Shieldgen: Automatic data patch generation for unknown vulnerabilities with informed probing. In IEEE Symposium on Security and Privacy, pages 252-266, 2007.
21. P. Godefroid, N. Klarlund, and K. Sen. Dart: directed automated random testing. In PLDI, pages 213-223, June 2005.
22. G. Guninski. Buffer overflow in apache mod proxy, yet still apache much better than windows. http://www.guninski.com/modproxy1.html, June 2004.
23. J. O. Kephart and W. C. Arnold. Automatic extraction of computer virus signatures. In Virus Bulletin, September 1994.
24. H.-A. Kim and B. Karp. Autograph: toward automated, distributed worm signature detection. In USENIX Security Symposium, 2004.
25. V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure execution via program shepherding. In USENIX Security Symposium, pages 191-206, 2002.
26. B. Korel and J. Laski. Dynamic program slicing. Inf. Process. Lett., 29(3):155-163, 1988.
27. L. C. Lam, W. Li, and T. cker Chiueh. Accurate and automated system call policy-based intrusion prevention. In Dependable Systems and Networks, 2006.
28. Z. Liang and R. Sekar. Automatic generation of buffer overflow signatures: An approach based on program behavior models. In ACSAC 2005.
29. Z. Liang and R. Sekar. Fast and automated generation of attack signatures: A basis for building self-protecting servers. In CCS, 2005.
30. Microsoft. Phoenix compiler framework. http://research.microsoft.com/ phoenix/phoenixrdk.aspx.
31. S. Nanda, L. chung Lam, and T. cker Chiueh. Dynamic multi-process information flow tracking for web application security. In Middleware 2007.
32. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphic worms. In IEEE Symposium on Security and Privacy, pages 226-241, 2005.
33. I. Open Market. Fastcgi: A high-performance web server interface. http://www.fastcgi.com/devkit/doc/fastcgi-whitepaper/fastcgi.htm, April 1996.
34. M. Prasad and T. cker Chiueh. A binary rewriting defense against stack-based buffer overflow attacks. In USENIX Annual Technical Conference, pages 211-224, 2003.
35. O. Ruwase and M. Lam. A practical dynamic buffer overflow detector. In NDSS, Feb 2004.
36. S. Singh, C. Estan, G. Varghese, and S. Savage. Automated worm fingerprinting. In Symposium on Opearting Systems Design & Implementation, 2004.
37. A. Smirnov and T. cker Chiueh. Automatic patch generation for buffer overflow attacks. In International Symposium on Information Assurance and Security, pages 165-170, 2007.
38. US-CERT. National vulnerability database: A comprehensive cyber vulnerability resource. http://nvd.nist.gov/nvd.cfm?startrow=21.
39. X. Wang, C.-C. Pan, P. Liu, and S. Zhu. Sigfree: a signature-free buffer overflow attack blocker. In USENIX Security Symposium, 2006.
40. M. Weiser. Program slicing. In ICSE '81: Proceedings of the 5th international conference on Software engineering, pages 439-449, Piscataway, NJ, USA, 1981. IEEE Press.