Securing software by enforcing data-flow integrity

OSDI 2006 - 7th USENIX Symposium on Operating Systems Design and Implementation

Volumn , Issue , 2006, Pages 147-160

  Castro, Miguel ^a   Costa, Manuel ^a   Harris, Tim ^a  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

C++ (PROGRAMMING LANGUAGE); COMPUTER SOFTWARE; DATA FLOW GRAPHS; DATA TRANSFER; GRAPHIC METHODS; STATIC ANALYSIS; SYSTEMS ANALYSIS;

BUFFER OVERFLOWS; DATA FLOW; EFFICIENT IMPLEMENTATION; FALSE POSITIVE; FLOW OF DATA; FORMAT STRING; LOW OVERHEAD; SOFTWARE ATTACKS;

DATA FLOW ANALYSIS;

EID: 84991997276     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (41)

1. GHttpd Log() Function Buffer Overflow Vulnerability. http://www.securityfocus.com/bid/5960.
2. Null HTTPd Remote Heap Overflow Vulnerability. http://www.securityfocus.com/bid/5774.
3. SSH CRC-32 Compensation Attack Detector Vulnerability. http://www.securityfocus.com/bid/2347.
4. STunnel Client Negotiation Protocol Format String Vulnerability. http://www.securityfocus.com/bid/3748.
5. ABADI, M., BUDIU, M., ERLINGSSON, U., AND LIGATTI, J. Control-flow Integrity: Principles, implementations, and applications. In ACM CCS (Nov. 2005).
6. ABADI, M., BUDIU, M., ERLINGSSON, U., AND LIGATTI, J. A theory of secure control flow. In ICFEM (July 2005).
7. AHO, A. V., SETHI, R., AND ULLMAN, J. D. Compilers: Principles, Techniques and Tools. Addison Wesley, 1986.
8. AMME, W., BRAUN, P., ZEHENDNER, E., AND THOMASSET, F. Data dependence analysis of assembly code. In PACT (Oct. 1998).
9. ANDERSEN, L. Program analysis and specialization for the C programming language. PhD thesis, University of Copenhagen, 1994.
10. APPEL, A. W. Modern Compiler Implementation in Java. Cambridge University Press, 1998.
11. ASHCRAFT, K., AND ENGLER, D. Using Programmer-Written Compiler Extensions to Catch Security Holes. In IEEE Symposium on Security and Privacy (May 2002).
12. AVOTS, D., DALTON, M., LIVSHITS, V. B., AND LAM, M. S. Improving software security with a C pointer analysis. In ICSE (May 2005).
13. CHEN, S., XU, J., NAKKA, N., KALBARCZYK, Z., AND IYER, R. K. Defeating memory corruption attacks via pointer taintedness detection. In DSN (July 2005).
14. CHEN, S., XU, J., SEZER, E. C., GAURIAR, P., AND IYER, R. K. Non-control-data attacks are realistic threats. In USENIX Security Symposium (July 2005).
15. COSTA, M., CROWCROFT, J., CASTRO, M., AND ROWSTRON, A. Can we contain Internet worms? In HotNets (Nov. 2004).
16. COSTA, M., CROWCROFT, J., CASTRO, M., ROWSTRON, A., ZHOU, L., ZHANG, L., AND BARHAM, P. Vigilante: End-to-end containment of Internet worms. In SOSP (Oct. 2005).
17. COWAN, C., BEATTIE, S., JOHANSEN, J., AND WAGLE, P. Pointguard: Protecting pointers from buffer overflow vulnerabilities. In USENIX Security Symposium (Aug. 2003).
18. COWAN, C., PU, C., MAIER, D., HINTON, H., WADPOLE, J., BAKKE, P., BEATTIE, S., GRIER, A., WAGLE, P., AND ZHANG, Q. Stackguard: Automatic detection and prevention of buffer-overrun attacks. In USENIX Security Symposium (Jan. 1998).
19. CRANDALL, J. R., AND CHONG, F. T. Minos: Control data attack prevention orthogonal to memory model. In MICRO-37 (Dec. 2004).
20. DEBRAY, S. K., MUTH, R., AND WEIPPERT, M. Alias analysis of executable code. In POPL (Jan. 1998).
21. HEINTZE, N., AND TARDIEU, O. Ultra-fast Aliasing Analysis using CLA: A Million Lines of C Code in a Second. In PLDI (June 2001).
22. HO, A., FETTERMAN, M., CLARK, C., WARFIELD, A., AND HAND, S. Practical taint-based protection using demand emulation. In EuroSys (Apr. 2006).
23. I B M. Purify. http://www-306.ibm.com/software/awdtools/ purify.
24. JIM, T., MORRISETT, G., GROSSMAN, D., HICKS, M., CHENEY, J., AND WANG, Y. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference (June 2002).
25. JONES, R., AND KELLY, P. Backwards-compatible bounds checking for arrays and pointers in C programs. In Third International Workshop on Automated Debugging (May 1997).
26. KENDALL, S. Bcc: run–time checking for C programs. In USENIX Summer Conference (June 1983).
27. KIRIANSKY, V., BRUENING, D., AND AMARASINGHE, S. P. Secure execution via program shepherding. In USENIX Security Symposium (Aug. 2002).
28. MCCORKENDALE, B., AND SZOR, P. Code Red Buffer Overflow. Virus Bulletin (Sept. 2001).
29. M I C RO S O F T. Phoenix compiler framework. http://research.microsoft.com/phoenix/phoenixrdk.aspx.
30. NECULA, G., CONDIT, J., HARREN, M., MCPEAK, S., AND WEIMER, W. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems 27, 3 (May 2005).
31. NEWSOME, J., AND SONG, D. Dynamic taint analysis for automatic detection, analysis and signature generation of exploits on commodity software. In NDSS (Feb. 2005).
32. ONE, A. Smashing the stack for fun and profit. Phrack 7, 49 (Nov. 1996).
33. PORTOKALIDIS, G., SLOWINSKA, A., AND BOS, H. Argos: an emulator for fingerprinting zero-day attacks. In EuroSys (Apr. 2006).
34. RUWASE, O., AND LAM, M. A practical dynamic buffer overflow detector. In NDSS (Feb. 2004).
35. SMIRNOV, A., AND CHIUEH, T. DIRA: Automatic detection, identification, and repair of control-hijacking attacks. In NDSS (Feb. 2005).
36. STEFFEN, J. L. Adding run-time checking to the portable C compiler. Software - Practice and Experience 22, 4 (Apr. 1992), 305–306.
37. SUH, G. E., LEE, J., AND DEVADAS, S. Secure program execution via dynamic information flow tracking. In ASPLOS XI (Oct. 2004).
38. WAGNER, D., FOSTER, J. S., BREWER, E. A., AND AIKEN, A. A first step towards automated detection of buffer overrun vulnerabilities. In NDSS (Feb. 2000).
39. WAHBE, R., LUCCO, S., ANDERSON, T. E., AND GRAHAM, S. L. Efficient software-based fault isolation. In SOSP (Dec. 1993).
40. WILANDER, J., AND KAMKAR, M. A comparison of publicly available tools for dynamic buffer overflow prevention. In NDSS (Feb. 2003).
41. ZHENG, L., CHONG, S., MYERS, A. C., AND ZDANCEWIC, S. Using Replication and Partitioning to Build Secure Distributed Systems. In IEEE Symposium on Security and Privacy (May 2003).