Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
作者: Dawn Xiaodong Song , James Newsome
DOI:
关键词:
摘要: Software vulnerabilities have had a devastating effect on the Internet. Worms such as CodeRed and Slammer can compromise hundreds of thousands hosts within hours or even minutes, cause millions dollars damage [26, 43]. To successfully combat these fast automatic Internet attacks, we need attack detection filtering mechanisms. In this paper propose dynamic taint analysis for overwrite which include most types exploits. This approach does not source code special compilation monitored program, hence works commodity software. demonstrate idea, implemented TaintCheck, mechanism that perform by performing binary rewriting at run time. We show TaintCheck reliably detects found produced no false positives any many different programs tested. Further, describe how could improve signature generation in
ndss-symposium.org
isoc.org参考文章(45)
Jon Crowcroft, Antony Rowstron, Miguel Castro, Manuel Costa, Can we contain Internet worms Association for Computing Machinery, Inc.. pp. 7- ,(2004)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
M. Raje, A. Acharya, MAPbox: Using Parameterized Behavior Classes to Confine Applications University of California at Santa Barbara. ,(1999)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Tal Garfinkel, Mendel Rosenblum, Kevin Christopher, Ben Pfaff, Jim Chow, Understanding data lifetime via whole system simulation usenix security symposium. pp. 22- 22 ,(2004)
Paul H. J. Kelly, Richard W. M. Jones, Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs Proceedings of the 3rd International Workshop on Automatic Debugging; 1997 (AADEBUG-97). pp. 13- 26 ,(1997)
Virgil Bourassa, Andrew Berman, Erik Selberg, TRON: process-specific file protection for the UNIX operating system usenix annual technical conference. pp. 14- 14 ,(1995)
Nicholas Nethercote, Julian Seward, Valgrind: A Program Supervision Framework Electronic Notes in Theoretical Computer Science. ,vol. 89, pp. 44- 66 ,(2003) , 10.1016/S1571-0661(04)81042-9
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7