Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CISIS
2008
IEEE
2008
IEEE
Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities
While memory-safe and type-safe languages have been available for many years, the vast majority of software is still implemented in type-unsafe languages such as C/C++. Despite massive concerted efforts by software vendors such as Microsoft to eliminate buffer overflow vulnerabilities through automated and manual code review, they continue to be found and exploited. We present a novel approach that accepts the existence of overflow vulnerabilities and uses parallelism available through current and future multicore architectures to detect vulnerabilities by monitoring the parallel execution of several slightly varying instances of the same application. During regular execution each instance performs equivalent computations. When an attacker attempts to inject an attack vector through a buffer overflow vulnerability, however, each instance reacts differently due to the variances we introduced into each instance. We describe our prototype implementation of such a parallelism-based buffer...
Real-time TrafficBuffer Overflow | Buffer Overflow Vulnerabilities | CISIS 2008 | Overflow Vulnerabilities | Software Engineering |
| Added | 13 Oct 2010 |
| Updated | 13 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | CISIS |
| Authors | Babak Salamat, Andreas Gal, Todd Jackson, Karthikeyan Manivannan, Gregor Wagner, Michael Franz |
Comments (0)
Researcher Info
|
