Sciweavers

CGO
2016
IEEE

BlackBox: lightweight security monitoring for COTS binaries

8 years 8 months ago
BlackBox: lightweight security monitoring for COTS binaries
After a software system is compromised, it can be difficult to understand what vulnerabilities attackers exploited. Any information residing on that machine cannot be trusted as attackers may have tampered with it to cover their tracks. Moreover, even after an exploit is known, it can be difficult to determine whether it has been used to compromise a given machine. Aviation has long-used black boxes to better understand the causes of accidents, enabling improvements that reduce the likelihood of future accidents. Many attacks introduce abnormal control flows to compromise systems. In this paper, we present BLACKBOX, a monitoring system for COTS software. Our techniques enable BLACKBOX to efficiently monitor unexpected and potentially harmful control flow in COTS binaries. BLACKBOX constructs dynamic profiles of an application’s typical control flows to filter the vast majority of expected control flow behavior, leaving us with a manageable amount of data that can be logged ...
Byron Hawkins, Brian Demsky, Michael B. Taylor
Added 31 Mar 2016
Updated 31 Mar 2016
Type Journal
Year 2016
Where CGO
Authors Byron Hawkins, Brian Demsky, Michael B. Taylor
Comments (0)