This paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locations (virtual addresses) of system calls within the software executables, and then monitors the executables at runtime to verify that every observed system call is made from a location identified using static analysis. The power of this technique is that it is simple, practical, applicable to real-world software, and highly effective against injected, dynamically generated, and obfuscated malicious code.
This paper presents a formal design for a novel group multicast service that provides virtually synchronous semantics in asynchronous fault-prone environments. The design employs a clientserver architecture in which group membership is maintained not by e v ery process but only by dedicated membership servers, while virtually synchronous group multicast is implemented by service end-points running at the clients. This architecture allows the service to be scalable in the topology it spans, in the number of groups, and in the number of clients. Our design allows the virtual synchrony algorithm to run in a single message exchange round, in parallel with the membership algorithm: it does not require pre-agreement upon a common identi er by the membership algorithm.Speci cally, the paper de nes service semantics for the client-server interface, that is, for the group membership service. The paper then speci es virtually synchronous semantics for the new group multicast service, as a collection of safety a n d l i v eness properties. These properties have been previously suggested and have been shown to be useful for distributed applications. The paper then presents new algorithms that use the de ned group membership service to implement the speci ed properties. The speci cations and algorithms are presented incrementally, using a novel inheritance-based formal construct 26]. The algorithm that provides the complete virtually synchronous semantics executes in a single message round, and is therefore more e cient than previously suggested algorithms providing such semantics. The algorithm has been implemented in C++. All the speci cations and algorithms are presented using the I/O automaton formalism. Furthermore, the paper includes formal proofs showing that the algorithms meet their speci cations. Safety properties are proven using invariant assertions and simulations. Liveness is proven using invariant assertions and careful operational arguments.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.