Automated Security Debugging Using Program Structural Constraints

Kil, Chongkyung; Sezer, Emre Can; Ning, Peng; Zhang, Xiaolan

doi:10.1109/acsac.2007.19

Cited by 3 publications

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers have used program structural constraints for automated security debugging in Linux debugging environment [9]. It may be possible to apply program structural constraints to enhance our initial corruption target identification if these constraints can be identified reliably without access to source code.…”

Section: Related Workmentioning

confidence: 99%

Online Signature Generation for Windows Systems

Just

Sekar

2009

2009 Annual Computer Security Applications Conference

View full text Add to dashboard Cite

In this paper, we present a new, light-weight approach for generating filters for blocking buffer overflow attacks on Microsoft Windows systems. It is designed to be deployable as an "always on" component on production systems. To achieve this goal, it avoids expensive and intrusive techniques such as taint-tracking. The online nature of our system enables it to provide protection from a range of memory corruption exploits, including those involving unknown vulnerabilities, or known vulnerabilities but unknown exploits. In contrast, most previous signature generation techniques need to be run in sandboxed environments, and need working exploits to generate signatures. Moreover, our technique overcomes the "gap" problem faced by previous signature generation mechanisms, i.e., when the vulnerable memory region is corrupted between the overflow and the time an attack is detected. Another novel feature of our approach is that it is able to reason about likely lengths of vulnerable buffers, which can lead to more accurate signatures. Our experimental results are very promising, and demonstrate that the approach can generate effective signatures for many synthetic and real-world vulnerabilities.

show abstract

Section: Related Workmentioning

confidence: 99%