Bouncer: Securing software by blocking bad input

SOSP'07 - Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles

Volumn , Issue , 2007, Pages 117-130

  Costa, Manuel ^a   Castro, Miguel ^a   Zhou, Lidong ^b   Zhang, Lintao ^b   Peinado, Marcus ^c  

^a MICROSOFT RESEARCH   (United Kingdom)

^b MICROSOFT RESEARCH   (United States)

^c MICROSOFT   (United States)

Author keywords

Precondition slicing; Symbolic execution

Indexed keywords

EXECUTION PATHS; FALSE POSITIVE; LIBRARY FUNCTIONS; LOW OVERHEAD; NEW FORMS; PROGRAM SLICING; REAL-WORLD; SOFTWARE INSTRUMENTATION; SOFTWARE VULNERABILITIES; STATIC AND DYNAMIC ANALYSIS; SYMBOLIC EXECUTION; SYSTEM CALLS;

COMPUTER OPERATING SYSTEMS;

DYNAMIC ANALYSIS;

EID: 70450092967     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (51)

1. GHttpd Log() Function Buffer Overflow Vulnerability. http://www. securityfocus.com/bid/5960.
2. Null HTTPd Remote Heap Overflow Vulnerability. http://www.securityfocus. com/bid/5774.
3. STunnel Client Negotiation Protocol Format String Vulnerability. http://www.securityfocus.com/bid/3748.
4. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow Integrity: Principles, implementations, and applications. In ACM CCS, Nov. 2005.
5. A. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles, techniques, and tools. Prentice Hall, 1986.
6. M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In PASTE, Sept. 2005.
7. E. D. Berger and B. G. Zorn. DieHard: Probabilistic memory safety for unsafe languages. In PLDI, June 2006.
8. S. Bhansali, W.-K. Chen, S. de Jong, A. Edwards, R. Murray, M. Drinic, D. Mihocka, and J. Chau. Framework for instruction-level tracing and analysis of program executuions. In VEE, June 2006.
9. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards automatic generation of vulnerability signatures. In IEEE Symposium on Security and Privacy, May 2006.
10. D. Brumley, H. Wang, S. Jha, and D. Song. Creating Vulnerability Signatures Using Weakest Pre-conditions. In Computer Security Foundations Symposium, July 2007.
11. C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. R. Engler. EXE: Automatically generating inputs of death. In ACM CCS, 2006.
12. M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In OSDI, Nov. 2006.
13. S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. K. Iyer. Defeating memory corruption attacks via pointer taintedness detection. In DSN, July 2005.
14. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data attacks are realistic threats. In USENIX Security Symposium, July 2005.
15. M. Costa. End-to-End Containment of Internet Worm Epidemics. PhD thesis, University of Cambridge, Oct. 2006.
16. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In SOSP, Oct. 2005.
17. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Wadpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic detection and prevention of buffer-overrun attacks. In USENIX Security Symposium, Jan. 1998.
18. J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In ACM CCS, Nov. 2005.
19. W. Cui, M. Peinado, H. J. Wang, and M. Locasto. ShieldGen: Automatic data patch generation for unknown vulnerabilities with informed probing. In IEEE Symposium on Security and Privacy, May 2007.
20. E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM, Aug. 1975.
21. E. N. Elnozahy, L. Alvisi, Y.-M. Wang, and D. B. Johnson. A survey of rollback-recovery protocols in message-passing systems. ACM Computing Surveys, 34(3):375-408, Sept. 2002.
22. P. Godefroid. Compositional Dynamic Test Generation. In POPL, Jan. 2007.
23. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed Automated Random Testing. In PLDI, 2005.
24. R. Jhala and R. Majumdar. Path slicing. In PLDI, June 2005.
25. J. O. Kephart and W. C. Arnold. Automatic extraction of computer virus signatures. In Virus Bulletin, Sept. 1994.
26. H. Kim and B. Karp. Autograph: Toward automated, distributed worm signature detection. In USENIX Security Symposium, Aug. 2004.
27. J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385-394, July 1976.
28. V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure execution via program shepherding. In USENIX Security Symposium, Aug. 2002.
29. B. Korel and J. Laski. Dynamic program slicing. Information Processing Letters, 29, 1988.
30. C. Kreibich and J. Crowcroft. Honeycomb - creating intrusion detection signatures using honeypots. In HotNets, Nov. 2003.
31. Z. Liang and R. Sekar. Automatic generation of buffer overflow signatures: An approach based on program behavior models. In ACSAC, Dec. 2005.
32. Z. Liang and R. Sekar. Fast and automated generation of attack signatures: A basis for building self-protecting servers. In ACM CCS, Nov. 2005.
33. Microsoft. Phoenix compiler framework. http://research.microsoft.com/ phoenix/phoenixrdk.aspx.
34. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the Slammer worm. IEEE Security and Privacy, 1(4), July 2003.
35. J. Newsome, D. Brumley, and D. Song. Vulnerability-specific execution filtering for exploit prevention on commodity software. In NDSS, Feb. 2006.
36. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphic worms. In IEEE Symposium on Security and Privacy, May 2005.
37. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis and signature generation of exploits on commodity software. In NDSS, Feb. 2005.
38. F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou. Rx: Treating bugs as allergies - a safe method to survive software failures. In SOSP, Nov. 2005.
39. M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and W. Beebee. Enhancing server availability and security through failure-oblivious computing. In OSDI, Dec. 2004.
40. O. Ruwase and M. Lam. A practical dynamic buffer overflow detector. In NDSS, Feb. 2004.
41. K. Sen, D. Marinov, and G. Agha. CUTE: A Concolic Unit Testing Engine for C. In ESEC/FSE, 2005.
42. S. Singh, C. Estan, G. Varghese, and S. Savage. Automated worm fingerprinting. In OSDI, Dec. 2004.
43. SPEC. Specweb99 benchmark. http://www.spec.org/osg/web99.
44. T. Toth and C. Kruegel. Accurate buffer overflow detection via abstract payload execution. In RAID, Oct. 2002.
45. TPC. TPC-C online transaction processing benchmark. 1999. http://www.tpc.org/tpcc.
46. J. Tucek, J. Newsome, S. Lu, C. Huang, S. Xanthos, D. Brumley, Y. Zhou, and D. Song. Sweeper: A lightweight end-to-end system for defending against fast worms. In EuroSys, Mar. 2007.
47. X. Wang, C.-C. Pan, P. Liu, and S. Zhu. Sigfree: A signature-free buffer overflow attack blocker. In Usenix Security Symposium, Aug. 2006.
48. W. Weimer and G. C. Necula. Finding and preventing runtime error handling mistakes. In OOPSLA, Oct. 2004.
49. M. Weiser. Program slicing. In Conference on Software Engineering. IEEE Computer Society Press, 1981.
50. G. Winskel. The Formal Semantics of Programming Languages. MIT Press, 1993.
51. X. Zhang and R. Gupta. Cost effective dynamic program slicing. In PLDI, June 2004.