Sciweavers

CCS
2005
ACM

Automatic diagnosis and response to memory corruption vulnerabilities

14 years 6 months ago
Automatic diagnosis and response to memory corruption vulnerabilities
Cyber attacks against networked computers have become relentless in recent years. The most common attack method is to exploit memory corruption vulnerabilities such as buffer overflow and format string bugs. This paper presents a technique to automatically identify both known and unknown memory corruption vulnerabilities. Based on the observation that a randomized program usually crashes upon a memory corruption attack, this technique uses the crash as a trigger to initiate an automatic diagnosis algorithm. The output of the diagnosis includes the instruction that is tricked to corrupt data, the call stack at the time of corruption, and the propagation history of corrupted data. These results provide useful information in fixing the vulnerabilities. Moreover, the diagnosis process also generates a signature of the attack using data/address values embedded in the malicious input message, and is used to block future attacks. Such a signature is further associated with the program exe...
Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where CCS
Authors Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Christopher Bookholt
Comments (0)