DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks.
作者: Tzi-cker Chiueh , Alexey Smirnov
DOI:
关键词: Block (data storage) 、 Source code 、 Compile time 、 Identification (information) 、 Exploit 、 Computer security 、 Computer science 、 Network packet 、 Buffer overflow 、 Code (cryptography)
摘要: Buffer overflow attacks are known to be the most common type of that allow attackers hijack a remote system by sending specially crafted packet vulnerable network application running on it. A comprehensive defense strategy against such should include (1) an attack detection component determines fact program is compromised and prevents from further propagation, (2) identification identifies packets so one can block in future, (3) repair restores application’s state before allows it continue normally. Over last decade, significant amount research has been vested systems detect buffer either statically at compile time or dynamically run time. However, not much effort spent automated repair. In this paper we present unified solution three problems mentioned above. We implemented as GCC compiler extension called DIRA transforms program’s source code resulting automatically any it, memory damage left attack, identify actual packet(s). used several applications with vulnerabilities tested DIRA’s effectiveness attacking transformed programs publicly available exploit code. The DIRA-compiled were always able attacks, often themselves normal execution. average run-time performance overhead for repair/identification 4% 25% respectively.
princeton.edu 参考文章(27)
Srikanth Kandula, Yuanyuan Zhou, Sudarshan M. Srinivasan, Christopher R. Andrews, Flashback: a lightweight extension for rollback and deterministic replay for software debugging usenix annual technical conference. pp. 3- 3 ,(2004)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
S. C. Johnson, Murray Hill, Lint, a C Program Checker ,(1978)
George Candea, Armando Fox, None, Crash-only software hot topics in operating systems. pp. 12- 12 ,(2003)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Monica S. Lam, Olatunji Ruwase, A practical dynamic buffer overflow detector network and distributed system security symposium. pp. 159- 169 ,(2004)
Mike Frantzen, Mike Shuey, StackGhost: Hardware facilitated stack protection usenix security symposium. pp. 5- 5 ,(2001)
Navjot Singh, Arash Baratloo, Timothy Tsai, Transparent run-time defense against stack smashing attacks usenix annual technical conference. pp. 21- 21 ,(2000)
George Candea, Shinichi Kawamoto, Yuichi Fujiki, Greg Friedman, Armando Fox, A Microrebootable System - Design, Implementation, and Evaluation. ,(2004)
Mariam Kamkar, John Wilander, A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention network and distributed system security symposium. pp. 149- ,(2003)