Program transformation techniques for host-based intrusion prevention
作者: Tzi-Cker Chiueh , Lap Chung Lam
DOI:
关键词: Buffer overflow 、 Bounds checking 、 Program analysis 、 Source code 、 Computer science 、 Taint checking 、 Program transformation 、 System call 、 Sandbox (computer security) 、 Computer security
摘要: A control hijacking attack exploits software vulnerabilities such as buffer overflow to seize the execution of a server program, and uses privileges victim program make system calls compromise computer. In this dissertation, we first present novel low overhead array bounds checking called Cash that prevents from happening. Even if an can successfully hijack defense Paid prevent making illegitimate calls. The approach allocates separate segment each static or dynamic array, generates instructions for references in way limit check X86's virtual memory protection mechanism performs required free. those cases hardware is not possible, it falls back checking. call based intrusion prevention system, which includes comprehensive analysis tool automatically derive accurate application-specific model, information sites, stacks, order, their constant arguments, application's source code. checks run-time pattern against model control-hijacking attacks doing any harm. User-driven are carried out by deceiving computer users download execute malicious programs viruses worms. Sandboxing well-known technique protect end hosts mobile dissertation focus on problem how determine when sandbox application given operate both local files (more trustworthy) network inputs (less trustworthy), sometimes even simultaneously. This presents taint compiler Aussum , instrument arbitrary C track throughout entire application, mark tainted contain data derived inputs. Eventually, helps underlying sandboxing executables applications files, selectively invocations use input arguments.
acm.org 参考文章(68)
Steve Zdancewic, Challenges for Information-flow Security ,(2004)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Dirk Balfanz, Daniel R. Simon, WindowBox: a simple security model for the connected desktop conference on usenix windows systems symposium. pp. 4- 4 ,(2000)
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Efficient Context-Sensitive Intrusion Detection. network and distributed system security symposium. ,(2004)
Lap-chung Lam, Yang Yu, Tzi-cker Chiueh, Secure mobile code execution service usenix large installation systems administration conference. pp. 5- 5 ,(2006)
Paul H. J. Kelly, Richard W. M. Jones, Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs Proceedings of the 3rd International Workshop on Automatic Debugging; 1997 (AADEBUG-97). pp. 13- 26 ,(1997)
Virgil Bourassa, Andrew Berman, Erik Selberg, TRON: process-specific file protection for the UNIX operating system usenix annual technical conference. pp. 14- 14 ,(1995)
Nicholas Nethercote, Julian Seward, Valgrind: A Program Supervision Framework Electronic Notes in Theoretical Computer Science. ,vol. 89, pp. 44- 66 ,(2003) , 10.1016/S1571-0661(04)81042-9
Andy Oram, Marco Cesati, Daniel Bovet, Understanding the Linux Kernel, 2nd Edition ,(2003)
Steven M. Bellovin, Sotiris Ioannidis, Building a Secure Web Browser usenix annual technical conference. pp. 127- 134 ,(2001) , 10.7916/D8GQ74FR