Shield

摘要: Software patching has not been effective as a first-line defense against large-scale worm attacks, even when patches have long available for their corresponding vulnerabilities. Generally, people reluctant to patch systems immediately, because are perceived be unreliable and disruptive apply. To address this problem, we propose in the network stack, using shields -- vulnerability-specific, exploit-generic filters installed end once vulnerability is discovered, but before applied. These examine incoming or outgoing traffic of vulnerable applications, correct that exploits Shields less install uninstall, easier test bad side effects, hence more reliable than traditional software patches. Further, resilient polymorphic metamorphic variations [43].In paper, show concept feasible by describing prototype Shield framework implementation above transport layer. We designed safe restrictive language describe vulnerabilities partial state machines application. The expressiveness verified encoding signatures several known vulnerabilites. Our evaluation provides evidence Shield's low false positive rate small impact on application throughput. An examination sample set suggests could used prevent exploitation substantial fraction most dangerous ones.