Sciweavers

ACSAC
2004
IEEE

Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing

14 years 4 months ago
Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing
Host security is achieved by securing both the operating system kernel and the privileged applications that run on top of it. Application-level bugs are more frequent than kernel-level bugs, and, therefore, applications are often the means to compromise the security of a system. Detecting these attacks can be difficult, especially in the case of attacks that exploit application-logic errors. These attacks seldom exhibit characterizing patterns as in the case of buffer overflows and format string attacks. In addition, the data used by intrusion detection systems is either too low-level, as in the case of system calls, or incomplete, as in the case of syslog entries. This paper presents a technique to enforce non-bypassable, application-level auditing that does not require the recompilation of legacy systems. The technique is implemented as a kernel-level component, a privileged daemon, and an off-line language tool. The technique uses binary rewriting to instrument applications so that...
Jingyu Zhou, Giovanni Vigna
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where ACSAC
Authors Jingyu Zhou, Giovanni Vigna
Comments (0)