Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2006

Volumn , Issue , 2006, Pages

  Newsome, James ^a   Brumley, David ^a   Song, Dawn ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); HARDENING; NETWORK SECURITY;

COMMODITY SOFTWARE; DEFENCE SYSTEMS; EXPLOIT PREVENTIONS; FALSE NEGATIVE RATE; FALSE POSITIVE RATES; PERFORMANCE; SOFTWARE VENDORS; SOURCE CODE ACCESS; SOURCE CODES; VULNERABLE SYSTEMS;

C (PROGRAMMING LANGUAGE);

EID: 84882740544     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (44)

1. Dynamorio. http://www.cag.lcs.mit.edu/dynamorio/.
2. Dyninst. www.dyninst.org.
3. Metasploit. http://www.metasploit.org.
4. K. Avijit, P. Gupta, and D. Gupta. Tied, libsafeplus: Tools for runtime buffer overflow protection. In USENIX Security Symposium, August 2004.
5. R. Balzer. EXDAMS - extendable debugging and monitoring system. Proceedings of the AFIPS SJCC, 34:567–586, 1969.
6. A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashing attacks. In USENIX Annual Technical Conference 2000, 2000.
7. P. Bosch, A. Carloganu, and D. Etiemble. Complete x86 instruction trace generation from hardware bus collect. In 23rd IEEE EUROMICRO Conference, 1997.
8. M. Burrows, S. N. Freund, and J. L. Wiener. Run-time type checking for binary programs. In International Conference on Compiler Construction, April 2003.
9. CERT/CC. CERT/CC statistics 1988-2005. http://www.cert.org/stats/cert_stats.html.
10. J. Chamcham. Dynamic taint analysis: Protecting Windows against worms and zero-day attacks. Master’s Thesis, Carnegie Mellon University, 2005.
11. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of internet worms. In Proceedings of the twentieth ACM symposium on Operating systems principles (SOSP), Oct. 2005.
12. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beat-tie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998.
13. J. Crandall, Z. Su, S. F. Wu, and F. Chong. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In Proc. 12th ACM Conference on Computer and Communications Security (CCS), 2005.
14. J. R. Crandall and F. Chong. Minos: Architectural support for software security through control data integrity. In To appear in International Symposium on Microarchitecture, December 2004.
15. A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen. Detecting past and present intrusions through vulnerability-specific predicates. In Proceedings of the twentieth ACM symposium on Operating systems principles (SOSP), Oct. 2005.
16. H.-A. Kim and B. Karp. Autograph: toward automated, distributed worm signature detection. In Proceedings of the 13th USENIX Security Symposium, August 2004.
17. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, August 2002.
18. C. Kreibich and J. Crowcroft. Honeycomb - creating intrusion detection signatures using honeypots. In Proceedings of the Second Workshop on Hot Topics in Networks (HotNetsII), November 2003.
19. G. Larsen. Benchmarking performance of a query - part 1 elapsed time. http://www.databasejournal.com/features/mssql/article.php/3298411, 2004.
20. Z. Liang and R. Sekar. Fast and automated generation of attack signatures: A basis for building self-protecting servers. In Proc. of the 12th ACM Conference on Computer and Communications Security (CCS), 2005.
21. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Programming Language Design and Implementation (PLDI), 2005.
22. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the slammer worm. In IEEE Security and Privacy, volume 1, 2003.
23. N. Nethercote and J. Fitzhardinge. Bounds-checking entire programs without recompiling. In Proceedings of the Second Workshop on Semantics, Program Analysis, and Computing Environments for Memory Management (SPACE 2004), Venice, Italy, Jan. 2004. (Proceedings not formally published.).
24. N. Nethercote and J. Seward. Valgrind: A program supervision framework. In Proceedings of the Third Workshop on Runtime Verification (RV’03), Boulder, Colorado, USA, July 2003.
25. J. Newsome, D. Brumley, D. Song, M. R. Pariente, and T. Kampouris. Efficient and effective self-healing for defending against exploit attacks on commodity software. Technical Report CMU-CS-05-191, Department of Computer Science, Carnegie Mellon University, May 2005.
26. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the IEEE Symposium on Security and Privacy, May 2005.
27. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS), February 2005.
28. F. Qin, S. Lu, and Y. Zhou. SafeMem: Exploiting ECC-memory for detecting memory leaks and memory corruption during production runs. In Proceedings of the 11th International Symposium on High-Performance Computer Architecture, 2005.
29. Y. Ramin. ATPhttpd. http://www.redshift.com/∼yramin/atp/atphttpd/.
30. M. Rinard, C. Cadar, D. Dumitran, D. Roy, T. Leu, and W. B. Jr. Enhancing server availability and security through failure-oblivious computing. In Operating System Design & Implementation (OSDI), 2004.
31. T. J. Robbins. libformat. http://www.securityfocus.com/tools/1818, 2001.
32. P. A. Sandon, Y. Liao, T. Cook, D. Schultz, and P. M. de Nicolas. Nstrace: A bus-driven instruction trace tool for powerpc microprocessors. IBM Journal of Research and Development, 41(3), 1997.
33. S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis. Building a reactive immune system for software services. In USENIX Annual Technical Conference, 2005.
34. S. Singh, C. Estan, G. Varghese, and S. Savage. The Early-Bird system for real-time detection of unknown worms. Technical Report CS2003-0761, University of California, San Diego, August 2003.
35. S. Staniford, V. Paxson, and N. Weaver. How to 0wn the Internet in your spare time. In 11th USENIX Security Symposium, 2002.
36. G. E. Suh, J. Lee, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proceedings of ASPLOS, 2004.
37. P. Szor. Hunting for metamorphic. In Virus Bulletin Conference, 2001.
38. F. Tip. A survey of program slicing techniques. Journal of programming languages, 3, September 1995.
39. A. F. Tool. http://httpd.apache.org/test/flood.
40. H. J. Wang, C. Guo, D. Simon, and A. Zugenmaier. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In ACM SIGCOMM, August 2004.
41. C. Williams and J. Hollingsworth. Interactive binary instrumentation. In Second International Workshop on Remote Analysis and Measurement of Software Systems (RAMSS), 2004.
42. J. Xu, P. Ning, C. Kil, Y. Zhai, and C. Bookholt. Automatic diagnosis and response to memory corruption vulnerabilities, 2005.
43. X. Zhang and R. Gupta. Cost effective dynamic program slicing. In 2004 Programming Language Design and Implementation (PLDI) conference, 2004.
44. P. Zhou, W. Liu, F. Long, S. Lu, F. Qin, Y. Zhou, S. Midkiff, and J. Torrellas. AccMon: Automatically detecting memory-related bugs via program counter-based invariants. In The Proceedings of 37th Annual IEEE/ACM International Symposium on Micro-architecture (Micro’04), Dec. 2004.