Sciweavers

OSDI
2006
ACM

Securing Software by Enforcing Data-flow Integrity

14 years 11 months ago
Securing Software by Enforcing Data-flow Integrity
Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.
Manuel Costa, Miguel Castro, Timothy L. Harris
Added 03 Dec 2009
Updated 03 Dec 2009
Type Conference
Year 2006
Where OSDI
Authors Manuel Costa, Miguel Castro, Timothy L. Harris
Comments (0)